ezCater Logo

Staff GRC Engineer (Remote)

💰 $165k-$210k
🇺🇸 United States🔧 DevOps🔵 Mid-level

Job Description

ezCater is the #1 food tech platform for workplaces in the US. The company makes it easy for any organization to manage its food needs and order from over 125,000 restaurants nationwide. For workplaces, ezCater provides flexible and scalable solutions for everything from employee meal programs to one-off meetings, all backed by beyond helpful 247 service and business-grade reliability. For restaurant partners, ezCater helps grow their business by bringing them new high-value customers and large orders.

ezCater is looking for a Staff GRC Engineer to join the Security Engineering & Compliance team as a senior individual contributor who can help mature our governance, risk, compliance, and data security capabilities in a way that is durable, measurable, and embedded into how our systems operate day to day. This is not a narrow audit coordinator or policy only role. We’re looking for a balanced builder-operator who can raise the quality and maturity of our security controls by expanding control monitoring, strengthening data security governance, automating and instrumenting the program where stronger evidence and better monitoring are needed, and improving the operational follow through that makes the program scalable, sustainable, and effective.

What You’ll Do:

  • Lead control program maturity

    • Design and maintain an auditable control framework that fits ezCater’s SaaS, cloud, data, and engineering environment rather than forcing generic controls onto modern systems.
    • Shape and define ezCater’s AI Governance strategy with stakeholders across the Legal, Data, Engineering, and IT domains.
    • Define how key controls are implemented, tested, evidenced, and improved over time, with a strong bias toward reliability and highly-automated, low/no friction evidence paths.
    • Partner with internal and external audit stakeholders on control design, walkthroughs, exceptions, remediation, and readiness activities tied to SOX and related frameworks.
    • Help rationalize overlapping control requirements across SOC 2, PCI, SOX, and internal policy expectations into a coherent operating model.

  • Build continuous control monitoring and automation

    • Identify where quarterly or annual checks should become continuous or near-real-time monitoring, especially for high-value controls and failure-prone workflows.
    • Partner with Security Engineering, IT, Data, and platform teams to automate control testing, evidence collection, validation, and recurring compliance workflows.
    • Define the logs, metadata, dashboards, and signals needed to assess control health and make compliance more observable and less dependent on screenshots and one-off pulls.
    • Help shift the program from detective-only controls toward stronger preventive and engineering-embedded control patterns where appropriate.

  • Expand data security policy and program quality

    • Help define and mature data security policies, standards, and handling requirements so they are clear, enforceable, and tied to actual technical and operational practices.
    • Partner with Data, Engineering, and business stakeholders to ensure data governance shows up in meaningful places such as access patterns, role design, labels, masking, retention, and evidence paths.
    • Establish what a high-quality GRC program looks like by helping define operating cadences, ownership models, decision paths, metrics, and continuous improvement loops.
    • Drive clearer documentation, standards, and guidance that both technical teams and auditors can use effectively.

  • Drive operational quality improvements

    • Support day-to-day GRC and assurance work where hands-on execution is needed to keep the program moving, including control failures, remediation coordination, audit operations, and related follow-through.
    • Improve the team’s ability to handle questionnaires, trust requests, vendor and partner reviews, and other recurring work through better structure, reusable materials, and smarter agentic workflows.
    • Act as a practical partner to teams implementing or remediating controls, not just an assessor of whether the control exists on paper.

  • Lead through influence and systems thinking

    • Own a domain with high autonomy, lead cross-team efforts from start to finish, and improve the quality of systems, controls, and processes across that domain.
    • Drive alignment across stakeholders with different incentives and constraints, making pragmatic decisions that balance risk, cost, and operational reality.
    • Mentor others, improve documentation and knowledge sharing, and help raise the overall maturity of the Security Engineering & Compliance team and its partners.

What You Have:

  • 8+ experience in security GRC, compliance, risk, or security program work in a SaaS or cloud-native environment, including meaningful ownership of control design, testing, and program improvement.
  • Strong experience with security compliance frameworks such as ISO-27001, NIST CSF, SOC 2, ITGC, and PCI-DSS, including how to translate framework requirements into controls that work in real systems and teams.
  • Demonstrated ability to automate or instrument parts of a compliance or assurance program through scripting, APIs, dashboards, platform configuration, or other technical approaches.
  • Implementation of engineering system guardrails for ensuring compliance utilizing Policy-as-Code (Terraform) or secure configurations of platform systems within cloud hosted environments (AWS, GitHub, etc.)
  • Experience building or improving data security governance, classification, handling rules, or related control practices across business systems, data platforms, or collaboration environments.
  • Familiarity with governing and securing AI/Agentic systems and business processing.
  • Strong written communication and cross-functional influence skills, with the ability to explain controls, trade-offs, and program expectations to both technical and non-technical audiences.
  • Able to collaborate closely with engineers and technical teams to design controls as code, configuration, workflow, or monitoring instead of relying only on policy documents and manual checklists.
  • Strong systems thinker who can break ambiguous governance problems into workable operating models, measurable outcomes, and implementation steps.
  • Comfortable balancing strategic design work with operational execution when the program needs direct hands-on support.
  • Someone who improves process quality, identifies gaps between teams, and drives implementation of better ways of working.
  • Comfortable leveraging AI tooling and automated workflows to increase scale and velocity.

Nice To Have:

  • Experience with scaling a unified control framework across multiple governance and compliance frameworks
  • Experience with continuous control monitoring, policy-as-code, or GRC platforms and evidence tooling.
  • Familiarity with AI governance or emerging technology risk, especially where governance needs to be translated into practical technical guardrails.

The national total target cash compensation range for this position, including base salary and bonus target, is $165,000–$210,000 annually.*

*Please note: Final offer amounts are determined by multiple factors, including prior experience, expertise and region & may vary from the amount above. This range does not represent additional compensation benefits (such as equity, 401K or medical, dental or vision insurance).

ezCater does not sponsor applicants for work visas or legal permanent residence.

What You’ll Get from Us:

You’ll get a terrifically compelling experience in an innovative, high performing environment. You’ll get to work with engaged and passionate colleagues on challenging and impactful projects. You will have opportunities to grow in your career, and work in a  place that values work/life harmony.

Oh, and you’ll get all this: Market competitive salary, stock options that you’ll help make worth a lot, 12 paid holidays, flexible PTO, 401K with ezCater match, health/dental/FSA, long-term disability insurance, mental health and family planning resources, remote-hybrid work from our awesome Boston office OR your home OR a mixture of both home and office, a tremendous amount of responsibility and autonomy, wicked awesome co-workers, employee meal program (and many more goodies) when you’re in our office, and knowing that you helped transform the food for work space.

ezCater is an equal opportunity employer. We embrace humans of every background, appearance, race, religion, color, national origin, gender, gender identity, sexual orientation, age, marital status, veteran status, and disability status. At the same time, we do not employ jerks, even brilliant ones. Following a conditional offer of employment, ezCater may require a background check.

For information on how ezCater collects and uses job applicants’ personal information, please visit our Job Applicant Privacy Policy.

#BI-Remote

Share this job:
Please let ezCater know you found this job on Remote First Jobs 🙏

19 similar remote jobs

Explore latest remote opportunities and join a team that values work flexibility.

View all jobs
Nagarro logo

Staff Engineer

Nagarro

Yesterday
Nagarro logo

Senior Staff Engineer

Nagarro

Month ago
Nagarro logo

Staff Engineer ServiceNow

Nagarro

Month ago
Onebrief logo

Staff Infrastructure Engineer

Onebrief

Week ago
6sense logo

Staff Security Engineer

6sense

$231k-$265k Month ago
6sense logo

Staff Security Engineer

6sense

4 Months ago

Remote companies like ezCater

Find your next opportunity with companies that specialize in Corporate Catering, Business Catering, and Food For Work. Explore remote-first companies like ezCater that prioritize flexible work and home-office freedom.

All companies
Lunchbox Logo

Lunchbox

201-500 lunchbox.io

An all-in-one restaurant technology platform for enterprise brands, offering online ordering, catering, and loyalty solutions.

View company profile →
Appfire Logo

Appfire

501-1000 www.appfire.com

We develop and maintain applications for global customers, including Jira Cloud apps and an engineering intelligence platform.

View company profile →
OpenSesame Logo

OpenSesame

201-500 www.opensesame.com

Integrated software, curated content, and expert services for workforce training and skill development.

View company profile →
TROOP Logo

TROOP

51-200 trooptravel.com

A cloud-based platform for planning in-person meetings and managing group travel logistics.

View company profile →
Coleman Research Logo

Coleman Research

201-500 www.colemanrg.com

Connects global organizations with specialized industry experts for insights to inform decision-making.

View company profile →
Speexx Logo

Speexx

201-500 www.speexx.com

Digital business coaching, corporate language training, and mentoring services for large organizations.

View company profile →

Project: Career Search

Rev. 2026.6

[ Remote Jobs ]
Direct Access

We source jobs directly from 21,000+ company career pages. No intermediaries.

Search Jobs Post a Job
01

Discover Hidden Jobs

Unique jobs you won't find on other job boards.

02

Advanced Filters

Filter by category, benefits, seniority, and more.

03

Priority Job Alerts

Get timely alerts for new job openings every day.

04

Manage Your Job Hunt

Save jobs you like and keep a simple list of your applications.

21,000+ SOURCES UPDATED 24/7
Apply