GRC Engineer

Acoustic is a global marketing and customer engagement provider delivering solutions that give brands a deeper understanding of their customers and the ability to act in the moments that matter. Our mission is to help brands build closer customer connections through data-driven visibility and personalized engagement. Acoustic has approximately 650 employees around the globe, maintaining a local presence with a global footprint. With 25+ years of MarTech experience, the team of trusted experts helps brands across industries exceed expectations and build meaningful, lasting customer relationships.

• Strong hands-on experience with AWS environments and cloud security controls (EC2, IAM, CloudTrail, Config, Security Hub, etc.)
• Scripting skills in Python, Bash, or similar languages to automate compliance tasks and evidence collection
• Proven experience implementing and managing GRC automation tools such as Drata, Vanta, or similar platforms
• Understanding of compliance frameworks like ISO 27001, SOC 2, GDPR, and CCPA (formal audit experience not required)
• Comfort reading technical documentation and collaborating with engineering teams
• Strong project management skills with ability to manage multiple compliance initiatives simultaneously
• Clear communication skills for both technical and non-technical audiences
• Technical background preferred over traditional audit experience
• Certifications like AWS Security Specialty, CRISC, CISA, or CISSP a plus

• Own compliance programs including ISO 27001 and SOC 2, coordinating audits, managing evidence collection, and maintaining certifications
• Implement and manage a GRC automation platform (Drata, Vanta, or similar) to streamline compliance workflows and continuous monitoring
• Develop and refine security policies and procedures that meet regulatory requirements while remaining practical for engineering teams
• Assess risks across production, non-production, and QA environments, prioritizing security initiatives based on business impact and compliance obligations
• Bridge technical and business stakeholders by translating security requirements into language appropriate for different audiences
• Manage vendor security assessments and third-party risk reviews in partnership with procurement and legal teams
• Develop metrics and reporting that give leadership visibility into compliance status and risk landscape

• Work with a supportive security team that values both technical expertise and GRC discipline
• Leadership backing for necessary security investments
• Opportunity to shape compliance strategy as the company grows