Security GRC Engineer

at Employment Hero
  • Remote - Australia

Remote

Cybersecurity

Mid-level

Job description

Who we are

Employment Hero is on a mission to make employment easier and more valuable for everyone. Our Employment Operating System brings hiring, HR, payroll and benefits into an all-in-one solution.

Since our inception in 2014, we’ve scaled to a $2 billion valuation and gained a presence in 6 countries globally - Australia, New Zealand, Singapore, Malaysia, the UK and Canada. We now service over 300,000 businesses and more than 2 million employees.

The EH Way

At Employment Hero, we’re proud of our unique DNA, which we call The EH Way.

  1. We are Mission First - everything we do (from what we work on, to how we allocate capital and where we focus) is driven by our Mission
  2. We are Remote First - we champion a remote environment with a preference for asynchronous communication and a high degree of autonomy
  3. We are AI First - we are committed to using AI to accelerate our mission; AI is not just a tool, it’s a fundamental part of how we operate, innovate, and scale
  4. We are Apolitical - we do not take a position on political or social topics, unless it relates to our Mission
  5. We Live by Our Values - we role model our values 100% of the time
  6. We Expect High Performance - we set a high standard and we’re not satisfied with being average

This role

We’re looking for a Security GRC Engineer to help us embed governance, risk, and compliance directly into our engineering workflows. This role moves beyond traditional compliance coordination—focusing instead on building scalable, automated, and stakeholder-friendly security and risk capabilities.

You’ll be part of a team driving continuous assurance, risk-informed decision-making, and compliance-by-default design, helping ensure that security supports—not slows—our innovation and product velocity.

If you have been working on GRC automation and enjoys hands-on scripting work, or simply a developer looking to build your career in the GRC space, this is the role for you.

Your key focus areas will be

  • Integrate GRC into engineering - Work closely with development, DevOps, and product teams to implement shift-left security and GRC-as-Code practices.
  • Automate security controls and evidence collection - Design and maintain automated compliance checks, policy-as-code, and continuous monitoring systems.
  • Enhance stakeholder experience - Build security and GRC solutions that are seamless and empathetic to how teams actually work.
  • Support compliance frameworks - Help maintain ISO 27001, SOC 2, and other standards by embedding controls into workflows rather than bolting them on after the fact.
  • Monitor and measure risk - Use data and quantitative metrics to guide risk decisions and report meaningful outcomes—not just pass audits.
  • Drive continuous improvement - Identify gaps, remove friction, and prototype better ways of achieving GRC outcomes through system design and process iteration.
  • Contribute to GRC handbook - Participate in internal knowledge-sharing, open-source projects, and the broader GRC engineering ecosystem.
  • Automate security controls and evidence collection - Design and maintain automated compliance checks, policy-as-code, and continuous monitoring systems. This includes building automation using tools like n8n and integrating with Slack to facilitate timely reminders and improve workflow visibility.

Who you are

To thrive at Employment Hero, you’ll need to embody The EH Way - operating with focus, agility, and an obsession with impact. For this role, you’ll have

  • A strong GRC automation mindset with hands-on scripting experience
  • Dependabot usage for compliance and vulnerability management workflows
  • Jira/Slack integration and automation for audit traceability
  • Familiar with LLMs and n8n for AI-driven process improvement
  • Strong understanding of ISO 27001, SOC 2 frameworks
  • Able to translate technical risk into clear, actionable language
  • Focused on scalable, sustainable security governance practices

Bonus Points If You Have

  • Experience building or contributing to internal tools or open-source GRC projects.
  • A product or stakeholder-centric view of security and compliance.
  • Exposure to security tooling like Vanta, Drata or custom internal platforms.
  • Experience operating in fast-paced, product-led tech environments.

What we can offer

At Employment Hero, we don’t just talk about a better way to work - we live it. Joining Employment Hero means

  • You will work remotely, with the flexibility to own your time and impact
  • You will access cutting-edge tools to amplify your work, knowledge and outputs
  • You’ll surround yourself with ambitious, outcome-driven colleagues who challenge you to do the best work of your life
  • You’ll own ESOP (employee share options) in one of the world’s fastest-growing tech companies
  • You’ll also have access to a wide range of benefits that includes - a very generous paternity leave policy, subsidised egg freezing (so you can make the choice that’s right for you, on your terms), a WFH office expense budget, and outstanding learning & development opportunities

At Employment Hero, we are committed to safeguarding the privacy of your application data. To understand how we do so, you can read our Applicant Privacy Policy here - https://employmenthero.com/legals/applicant-policy/

Employment Hero celebrates diverse perspectives and experiences, we invite people of all backgrounds and identities to apply for this position.

Share this job:
Please let Employment Hero know you found this job on Remote First Jobs 🙏

Similar Remote Jobs

Latest Jobs at Employment Hero

Benefits of using Remote First Jobs

Discover Hidden Jobs

Unique jobs you won't find on other job boards.

Advanced Filters

Filter by category, benefits, seniority, and more.

Priority Job Alerts

Get timely alerts for new job openings every day.

Manage Your Job Hunt

Save jobs you like and keep a simple list of your applications.

Search remote, work from home, 100% online jobs

We help you connect with top remote-first companies.

Search jobs

Hiring remote talent? Post a job

Frequently Asked Questions

What makes Remote First Jobs different from other job boards?

Unlike other job boards that only show jobs from companies that pay to post, we actively scan over 20,000 companies to find remote positions. This means you get access to thousands more jobs, including ones from companies that don't typically post on traditional job boards. Our platform is dedicated to fully remote positions, focusing on companies that have adopted remote work as their standard practice.

How often are new jobs added?

New jobs are constantly being added as our system checks company websites every day. We process thousands of jobs daily to ensure you have access to the most up-to-date remote job listings. Our algorithms scan over 20,000 different sources daily, adding jobs to the board the moment they appear.

Can I trust the job listings on Remote First Jobs?

Yes! We verify all job listings and companies to ensure they're legitimate. Our system automatically filters out spam, junk, and fake jobs to ensure you only see real remote opportunities.

Can I suggest companies to be added to your search?

Yes! We're always looking to expand our listings and appreciate suggestions from our community. If you know of companies offering remote positions that should be included in our search, please let us know. We actively work to increase our coverage of remote job opportunities.

How do I apply for jobs?

When you find a job you're interested in, simply click the 'Apply Now' button on the job listing. This will take you directly to the company's application page. We kindly ask you to mention that you found the position through Remote First Jobs when applying, as it helps us grow and improve our service 🙏

Apply