What are the responsibilities and job description for the Senior Governance, Risk, and Compliance Analyst position at Engine?
Join Our Journey at Engine
At Engine, we're revolutionizing work travel. Our modern travel platform isn't just about booking trips; it's about transforming how businesses and their teams experience travel. From seamless booking options with top airlines, hotels, and car rental providers to single-invoice billing and flexible trip modifications, we make travel not only easier to manage but also enjoyable. Backed by powerhouse investors like Telescope Partners, Blackstone, Elefund, and Permira, we're growing fast—and we want you to be part of it.
Engine is seeking a highly-skilled and motivated Senior GRC (Governance, Risk, and Compliance) Analyst to join our team. In this role, you will be responsible for strengthening our security posture, ensuring compliance with critical standards such as SOC 2, GDPR, and CCPA, and managing audits, risk assessments, and compliance tracking across the organization. You will work closely with senior leadership, employees, and external auditors to ensure that Engine adheres to best practices in governance, risk management, and compliance.
Your Mission:
As part of the Engine team, you'll play a vital role in an environment where innovation meets collaboration. Here's what you'll take charge of:
We're looking for someone who's ready to make an impact and grow alongside us:
We believe in rewarding great work with great benefits:
Join us on our mission to transform how work travel works—for businesses, for travelers, and for the industry. Apply now and let's make travel simpler, smarter, and more enjoyable—together.
At Engine, we're revolutionizing work travel. Our modern travel platform isn't just about booking trips; it's about transforming how businesses and their teams experience travel. From seamless booking options with top airlines, hotels, and car rental providers to single-invoice billing and flexible trip modifications, we make travel not only easier to manage but also enjoyable. Backed by powerhouse investors like Telescope Partners, Blackstone, Elefund, and Permira, we're growing fast—and we want you to be part of it.
Engine is seeking a highly-skilled and motivated Senior GRC (Governance, Risk, and Compliance) Analyst to join our team. In this role, you will be responsible for strengthening our security posture, ensuring compliance with critical standards such as SOC 2, GDPR, and CCPA, and managing audits, risk assessments, and compliance tracking across the organization. You will work closely with senior leadership, employees, and external auditors to ensure that Engine adheres to best practices in governance, risk management, and compliance.
Your Mission:
As part of the Engine team, you'll play a vital role in an environment where innovation meets collaboration. Here's what you'll take charge of:
- Lead the configuration and management of GRC tools such as Secureframe to ensure integration with security systems.
- Manage the main dashboard for SOC 2 reporting, ensuring accuracy and compliance.
- Develop and maintain a comprehensive risk management program and conduct risk assessments.
- Manage and conduct regular audits (weekly, monthly, quarterly, and bi-annual) across business, IT, and security processes to ensure best practices and legal compliance.
- Oversee the development and execution of security procedures across multiple domains.
- Develop, update, and maintain Contingency Planning strategies and procedures.
- Execute routine operational tasks related to security awareness training.
- Audit the access and compliance of third-party vendors and contractors.
- Review procurement requests for security standards and ensure all engagements meet company standards and regulatory requirements.
- Conduct audits of internal administrative tools to detect and prevent misuse and address security vulnerabilities.
We're looking for someone who's ready to make an impact and grow alongside us:
- Proven experience in managing GRC functions, ideally within a fast-paced, high-growth company.
- Strong understanding of ISO 27001, SOC 2, GDPR, CCPA, PCI-DSS, and SOX compliance standards.
- Excellent organizational, communication, and leadership skills.
- Ability to manage complex GRC initiatives and work across multiple teams.
- Ability to act urgently to address critical IT emergencies.
- Skilled in using GRC platforms and tools to manage compliance and risk management activities.
- Strong knowledge of security concepts, including risk management, identity and access management (IAM), key management, data protection, and network security.
- Track record of building security/GRC programs across various domains.
- Certifications such as CISM, CISSP, or CRISC
- Experience with data protection and privacy law compliance.
- Familiarity with cloud security components of platforms like AWS, GCP, or Azure.
- Excellent problem-solving, analytical, and communication skills.
- Ability to work collaboratively with cross-functional teams, including IT, engineering, and HR teams.
- A passion for mentoring others.
We believe in rewarding great work with great benefits:
- Compensation: Competitive base pay tied to role and experience, with opportunities for bonuses, commissions, and equity.
- Benefits: Check out our full list at engine.com/culture.
- Environments for Success: Different roles have different needs in terms of the environments that drive success which is why we have a hybrid-hub model. Whether you are in one of our amazing offices or fully remote, we'll make sure you have what you need to succeed.
Join us on our mission to transform how work travel works—for businesses, for travelers, and for the industry. Apply now and let's make travel simpler, smarter, and more enjoyable—together.
