Security GRC Engineer

Who we are

Employment Hero is on a mission to make employment easier and more valuable for everyone. Our Employment Operating System brings hiring, HR, payroll and benefits into an all-in-one solution. 

Since our inception in 2014, we’ve scaled to a $2 billion valuation and gained a presence in 6 countries globally - Australia, New Zealand, Singapore, Malaysia, the UK and Canada. We now service over 300,000 businesses and more than 2 million employees. 

The EH Way

At Employment Hero, we’re proud of our unique DNA, which we call The EH Way.  

1. We are Mission First - everything we do (from what we work on, to how we allocate capital and where we focus) is driven by our Mission
2. We are Remote First - we champion a remote environment with a preference for asynchronous communication and a high degree of autonomy 
3. We are AI First - we are committed to using AI to accelerate our mission; AI is not just a tool, it’s a fundamental part of how we operate, innovate, and scale
4. We are Apolitical - we do not take a position on political or social topics, unless it relates to our Mission
5. We Live by Our Values - we role model our values 100% of the time
6. We Expect High Performance - we set a high standard and we’re not satisfied with being average

This role 

We’re looking for a Security GRC Engineer to help us embed governance, risk, and compliance directly into our engineering workflows. This role moves beyond traditional compliance coordination—focusing instead on building scalable, automated, and stakeholder-friendly security and risk capabilities.

You’ll be part of a team driving continuous assurance, risk-informed decision-making, and compliance-by-default design, helping ensure that security supports—not slows—our innovation and product velocity.

If you have been working on GRC automation and enjoys hands-on scripting work, or simply a developer looking to build your career in the GRC space, this is the role for you.

Your key focus areas will be

• Integrate GRC into engineering - Work closely with development, DevOps, and product teams to implement shift-left security and GRC-as-Code practices.
• Automate security controls and evidence collection - Design and maintain automated compliance checks, policy-as-code, and continuous monitoring systems.
• Enhance stakeholder experience - Build security and GRC solutions that are seamless and empathetic to how teams actually work.
• Support compliance frameworks - Help maintain ISO 27001, SOC 2, and other standards by embedding controls into workflows rather than bolting them on after the fact.
• Monitor and measure risk - Use data and quantitative metrics to guide risk decisions and report meaningful outcomes—not just pass audits.
• Drive continuous improvement - Identify gaps, remove friction, and prototype better ways of achieving GRC outcomes through system design and process iteration.
• Contribute to GRC handbook - Participate in internal knowledge-sharing, open-source projects, and the broader GRC engineering ecosystem.
• Automate security controls and evidence collection - Design and maintain automated compliance checks, policy-as-code, and continuous monitoring systems. This includes building automation using tools like n8n and integrating with Slack to facilitate timely reminders and improve workflow visibility.
  

Who you are 

To thrive at Employment Hero, you’ll need to embody The EH Way - operating with focus, agility, and an obsession with impact. For this role, you'll have

• A strong GRC automation mindset with hands-on scripting experience
• Dependabot usage for compliance and vulnerability management workflows
• Jira/Slack integration and automation for audit traceability
• Familiar with LLMs and n8n for AI-driven process improvement
• Strong understanding of ISO 27001, SOC 2 frameworks
• Able to translate technical risk into clear, actionable language
• Focused on scalable, sustainable security governance practices

Bonus Points If You Have

• Experience building or contributing to internal tools or open-source GRC projects.
• A product or stakeholder-centric view of security and compliance.
• Exposure to security tooling like Vanta, Drata or custom internal platforms.
• Experience operating in fast-paced, product-led tech environments.
  

What we can offer

At Employment Hero, we don’t just talk about a better way to work - we live it. Joining Employment Hero means

• You will work remotely, with the flexibility to own your time and impact
• You will access cutting-edge tools to amplify your work, knowledge and outputs 
• You’ll surround yourself with ambitious, outcome-driven colleagues who challenge you to do the best work of your life
• You’ll own ESOP (employee share options) in one of the world’s fastest-growing tech companies 
• You’ll also have access to a wide range of benefits that includes - a very generous paternity leave policy, subsidised egg freezing (so you can make the choice that’s right for you, on your terms), a WFH office expense budget, and outstanding learning & development opportunities 

At Employment Hero, we are committed to safeguarding the privacy of your application data. To understand how we do so, you can read our Applicant Privacy Policy here - https://employmenthero.com/legals/applicant-policy/

Employment Hero celebrates diverse perspectives and experiences, we invite people of all backgrounds and identities to apply for this position.