Senior Risk and Compliance Automation Engineer

Job Description

We’re transforming the grocery industry

At Instacart, we invite the world to share love through food because we believe everyone should have access to the food they love and more time to enjoy it together. Where others see a simple need for grocery delivery, we see exciting complexity and endless opportunity to serve the varied needs of our community. We work to deliver an essential service that customers rely on to get their groceries and household goods, while also offering safe and flexible earnings opportunities to Instacart Personal Shoppers.

Instacart has become a lifeline for millions of people, and we’re building the team to help push our shopping cart forward. If you’re ready to do the best work of your life, come join our table.

Instacart is a Flex First team

There’s no one-size fits all approach to how we do our best work. Our employees have the flexibility to choose where they do their best work—whether it’s from home, an office, or your favorite coffee shop—while staying connected and building community through regular in-person events. Learn more about our flexible approach to where we work.

Overview

Instacart is hiring a Senior Risk & Compliance Automation Engineer to scale its Governance, Risk & Compliance (GRC) program through engineered automation. This senior individual contributor role emphasizes engineering and leverage GRC background to design and build end-to-end automation systems — including evidence pipelines, real-time control checks, automated workflows, dashboards, and risk data pipelines. You’ll partner with GRC subject matter experts to confirm requirements and create scalable systems they can operate independently, while serving as the automation SME for troubleshooting, system design, and expanding capabilities. Early priorities focus on automating compliance across the Common Controls Framework and core GRC processes to improve efficiency, effectiveness, and data quality. The role also to establish structured, automation-ready risk data foundations that support reporting, KRIs, control maturity insights, and scenario-ready datasets.

About the Job

In this role, you will:

• Design and build automation for GRC processes, including evidence collection, control validations, real‑time control effectiveness checks, and broader GRC workflows (e.g., risk register, Third Party Risk assessments, enterprise systems controls definition).
• Use AI‑native tools (Cursor, Claude Code, MCP integrations) to rapidly build recurring scripts, agents, and automations, prioritizing speed and scalability.
• Build integrations across Snowflake, Databricks, Jira, GitHub, Okta, cloud APIs, and internal systems to unify and automate control evidence.
• Design data pipelines that aggregate and normalize risk‑relevant data across Snowflake, Databricks, Jira, GitHub, Okta, and security tooling to support KRIs, control‑maturity insights, and risk dashboards.
• Build dashboards and operational views that present risk trends, scenario inputs, and control‑maturity indicators alongside audit‑readiness status.
• Mentor and upskill GRC teammates on automation patterns, enabling them to run and maintain systems.
• Serve as the SME for automated workflows when issues arise, partnering with GRC team members to validate expected behavior and troubleshoot gaps.
• Develop vendor‑agnostic automation solutions, using orchestration tools where helpful but writing custom code when needed.
• Contribute to scalable onboarding of new subsidiaries by templating automation patterns that apply across diverse business units.

About You

You have a strong technical foundation and a passion for modernizing risk and compliance practices.

Minimum Qualifications

• BS Degree in Computer Science or Engineering, or a related field (or equivalent practical experience).
• 8+ years in compliance automation, backend engineering, SRE, GRC engineering, or similar technical fields.
• Strong experience in Python, SQL, and SaaS/cloud API integrations (Snowflake, Databricks, AWS, Okta, Jira, GitHub).
• Demonstrated ability to automate GRC processes (evidence pipelines, control checks, dashboards, or similar).
• Experience building data pipelines or structured reporting for risk, security, or compliance programs.
• AI‑native working style; daily use of Cursor, Claude Code, MCP workflows, or equivalent.
• Experience building recurring automations that are reliable but not necessarily production‑grade (scripts, agents, services).
• Understanding of security and compliance frameworks (SOC2, PCI, ISO27001, NIST CSF, privacy).

Preferred Qualifications

• Experience with GRC automation platforms (e.g., Tines, ZenGRC, Hyperproof, Drata, or equivalent).
• Familiarity with risk metrics, scenario modeling inputs, or control‑maturity frameworks (not required to perform quantification).
• Experience automating controls across multi‑subsidiary or multi‑product environments.
• Comfort with policy‑as‑code concepts or infrastructure scanning patterns.
• Familiarity with real‑time control monitoring and drift detection.
• Experience building dashboards for security/compliance programs.

Instacart provides highly market-competitive compensation and benefits in each location where our employees work. This role is remote and the base pay range for a successful candidate is dependent on their permanent work location. Please review our Flex First remote work policy here.

Offers may vary based on many factors, such as candidate experience and skills required for the role. Additionally, this role is eligible for a new hire equity grant as well as annual refresh grants. Please read more about our benefits offerings here.

For US based candidates, the base pay ranges for a successful candidate are listed below.

CA, NY, CT, NJ

$218,000—$230,000 USD

WA

$209,000—$220,500 USD

OR, DE, ME, MA, MD, NH, RI, VT, DC, PA, VA, CO, TX, IL, HI

$200,000—$211,000 USD

All other states

$182,000—$192,000 USD