GRC Engineer

Meet Method

Method has built the most modern way to connect to consumer financial accounts. Combining real-time liability connectivity with instant payment execution Methods API is designed to make it easy for people to connect their financial accounts to the apps and services they want to use.

We have helped 45 million users connect 350 million liability accounts credential-less and processed over $2.5B in payments helping users save millions in interest. One in every three credit cards in the United States is in the Method ecosystem and leading financial institutions like SoFi Bilt Cleo Sezzle Figure & Aven rely on our APIs to build magical experiences for millions of consumers.

Were a team of 50 people spread across offices in Austin SF New York City and Washington D.C! Were excited to continue the momentum working alongside our investors and advisors from Andreessen Horowitz Emergence Capital Y Combinator Avra and Ardent. To learn more about us check out our blog!

About the role

Were hiring a GRC Engineer to help build and operationalize Methods Security and Compliance function. Youll play a critical role in enabling trust for our customers by designing implementing and maintaining compliance programs for a modern financial platform used across a wide range of regulated industries.

This is a hands-on role with broad ownership and real impact. Youll own the day-to-day governance risk and compliance operations maintaining audit readiness responding to enterprise security reviews with confidence and scaling our compliance footprint as the business grows. That means understanding applicable frameworks translating requirements into practical and scalable controls and partnering across the company to embed compliance into our products systems and operations.

Youll work closely with Engineering Finance Legal and Go-to-Market teams to ensure our security controls are not only documented but operationalized. Youll have the opportunity to apply your expertise directly influence technical and business decisions and grow alongside a fast-moving organization as our compliance and security programs continue to evolve.

What youll do

• Partner cross-functionally to design implement and maintain compliance programs including SOC 2 PCI-DSS and others as needed.

• Own and maintain the compliance platform (Drata) including control mapping evidence collection continuous monitoring and audit workflows.

• Manage control documentation policies procedures and supporting artifacts across multiple compliance frameworks.

• Perform risk assessments vendor security reviews and control gap analyses and track remediation through to completion.

• Build and maintain vendor risk management processes including onboarding evaluations annual reviews risk scoring and data sensitivity assessments.

• Partner with Finance and Legal to implement structured vendor and customer risk profiling programs.

• Partner with Security IT and Engineering teams to ensure technical and administrative controls align with documented policies and compliance requirements including hands-on testing.

• Support Go-To-Market teams with customer security questionnaires audits and compliance packaging for sales cycles.

• Conduct periodic user access reviews and assist with access governance and RBAC validation.

• Develop and maintain compliance reporting metrics and executive-ready summaries.

• Identify process gaps and implement scalable governance improvements including automation and tooling to scale with the business.

• Oversee security awareness training and compliance education initiatives.

• Participate in incident response activities providing risk analysis and remediation support as needed.

Who you are

• 35 years of experience in IT Audit Governance Risk & Compliance and/or Information Security ideally in a startup or growth-stage environment.

• Direct experience with SOC 2; PCI-DSS experience strongly preferred.

• Comfortable working directly with auditors managing audit timelines and driving evidence collection across teams.

• Strong understanding of cloud infrastructure (AWS) identity systems (Okta) and SaaS environments.

• Able to understand and explain data flows APIs and infrastructure controls to both technical and non-technical audiences.

• Experience with GRC platforms security questionnaire tools or compliance automation tooling is a plus.

• Highly organized and process-oriented with strong written communication skills.

• Low ego collaborative and pragmatic someone teammates genuinely want to work with.

Extra awesome

• Hands-on coding or scripting experience (e.g. automation tooling or security-related development).

• Experience building or scaling a GRC program from the ground up.

• Security industry qualification (CISSP CISM CISA or similar).

• Cloud-specific certifications (CCSP AWS Certified Security Specialty CCSK etc.).

--

The annual US base salary range for this role is: $125000-$160000

Required Experience:

IC