Senior GRC Engineer

About Magic Labs

Magic is innovating at the intersection of crypto and AI to make wallets invisible and capable of running on autopilot.

In 2018, we introduced the first embedded wallet, enabling users to create wallets with just an email or social login. This approach has since become standard across much of the industry. To date, we’ve helped onboard over 50 million wallets and 200,000 developers, supporting projects like Polymarket, Helium, WalletConnect, and Immutable, as well as enterprises such as Forbes, Mattel, and Naver. We’re backed by investors including PayPal Ventures, Lightspeed, Placeholder, SV Angel, Naval Ravikant, and Balaji Srinivasan.

Today, we’re building Newton to help bring about the wallet endgame—where AI and automation completely abstract away the complexity of onchain interactions beyond wallet creation. This means applying state-of-the-art technologies from both AI and crypto and delivering them through a product and protocol that can scale to billions. Our vision is a future of self-driving capital that extends the financial system upgrade made possible by web3.

This role is open to candidates based anywhere in the US or Canada, with a slight preference for those in commuting distance of NYC. 

Unfortunately, we are unable to sponsor or take over sponsorship (ex., H-1B transfer) of employment visas, and applicants must be authorized to work for any employer in the US or Canada.

Role Overview:

We are seeking a Senior GRC Engineer to transform our compliance and risk management capabilities through automation and engineering excellence. This role combines deep GRC expertise with hands-on technical skills to build scalable, automated compliance systems that support Magic Labs products and the Newton ecosystem. You'll lead the evolution from traditional checkbox compliance to continuous, automated compliance frameworks that enhance both security posture and developer experience.

Key Responsibilities:

• Build automation and integrations between GRC frameworks and security/engineering tools.
• Lead automation-driven control assessment, evidence collection, and reporting processes.
• Replace legacy GRC approaches with frameworks that avoid checkbox compliance and improve stakeholder experience.
• Design and implement compliance-as-code frameworks, integrating security controls into infrastructure as code (IaC) and CI/CD pipelines.
• Develop automated evidence collection, control testing, and reporting systems that eliminate manual audit preparation.
• Help define GRC best practices for web3 governance DAOs and policy management of on-chain funds.
• Create APIs and integrations between GRC platforms (Drata, Vanta, etc.) and security/engineering toolchains.
• Work closely with Infrastructure, Engineering, and IT teams to embed security and compliance requirements into technical workflows.
• Coordinate and track security-related audits including scope of audits, stakeholder engagement, and deliverable timelines; work with teams as appropriate to achieve audit readiness; provide guidance, evaluation, and advocacy on audit responses.

Qualifications:

• 5+ years of experience in GRC, compliance, or security engineering roles with significant automation experience.
• Experience develop scripts in various scripting languages (Python, Go, etc.) and peer review code / implementation / automation scripts.
• Knowledge of various regulations and controls (SOX, GDPR, ISO27001, NIST etc).
• Experience with GRC software tools and platforms (e.g., Drata, Vanta): Designing, implementing, and managing GRC tools and technologies to streamline processes for risk assessment, and compliance monitoring.
• Experience leading SOC 2, ISO 27001, and other compliance audits from technical preparation through external audits.
• Understanding of infrastructure as code (Python CDK, CloudFormation, Terraform etc.) for embedding compliance controls.
• Previous experience in crypto/web3, or other financially regulated environments is preferred.

Salary Range 

• For candidates based in the US, this role's annual base salary is USD $160,000-$200,000
• For candidates based in Canada, this role's annual base salary is CAD $140,000-$170,000

The final offer will take into account several factors, including your experience, skill set, and location. We also consider how your background aligns with the role and what we’re building as a team.

Benefits and Perks:

• Remote-first culture with flexible working hours
• Stock options and token grants
• 99% company-paid medical*, dental and vision insurance
• 100% company-paid life and disability insurance
• 401(k) plan (US) or pension plan (CAN)
• $3,600 annual reimbursement for remote work, wellness, and professional development
• Flexible time off
• Up to 12 weeks of paid parental leave

*Canada coverage differs.

At Magic, we build with inclusion in mind, from our products to our team. We encourage candidates of all backgrounds and identities to apply and are proud to be an equal opportunity employer.

We’re committed to making our hiring process accessible to everyone. If you need assistance or an accommodation during the application process, please complete our Accommodation Request Form.

US Candidates: Magic Labs, Inc. participates in E-Verify to confirm the identity and employment eligibility of all new US hires. For more information, please see the E-Verify Participation Poster and the Right to Work Poster.

*Canada coverage differs.

At Magic, we build with inclusion in mind, from our products to our team. We encourage candidates of all backgrounds and identities to apply and are proud to be an equal opportunity employer.

We’re committed to making our hiring process accessible to everyone. If you need assistance or an accommodation during the application process, please complete our Accommodation Request Form.

US Candidates: Magic Labs, Inc. participates in E-Verify to confirm the identity and employment eligibility of all new US hires. For more information, please see the E-Verify Participation Poster and the Right to Work Poster.