Logo for FrankieOne

GRC Engineer

Role overview

Qualifications

  • At least 3 years of information security experience with emphasis on risk and compliance
  • 2+ years of expertise conducting ISO 27001 and SOC 2 audits
  • Good understanding of regulatory compliance requirements (ISO 27001, SOC 2, NIST, PCI, GDPR, etc.)
  • Proven track record of contributing or managing risk and compliance projects

Responsibilities

  • Maintain continuous compliance with relevant standards (e.g. ISO 27001 and SOC 2)
  • Conduct security risk assessments across the organisation and of third-parties
  • Maintain up-to-date audit evidence, project plans, risk register and continuous improvement registers
  • Support external security audits and customer assessments

About the company

FrankieOne logo

FrankieOne

At FrankieOne, we believe verification and onboarding should be fast, flexible and frictionless. We're a trusted compliance, identity and fraud detection engine that helps banks, fintechs and other companies onboard and protect their customers. Our platform is optimised to verify customers safely and securely, minimising risk and maximising your opportunity. Simply put, we’re helping companies balance regulatory compliance with a positive customer experience, every time. As the gateway to the global ecosystem of compliance, identity and fraud detection tools, FrankieOne is the best way to unlock more customers quickly and detect suspicious activity fast, for true scalability and security. Our platform includes KYC (know your customer), Biometrics, IDV (identity verification), KYB (know your business), AML/CTF (anti-money laundering and counter terrorism financing) compliance, transaction monitoring and fraud prevention.

Company details

Company size51 - 200

Your match analysis

See how your profile stacks up against this role.

We compared the job requirements to your profile to show where you're strong and where you fall short.

Job description

The Role

At FrankieOne, where we revolutionise identity verification and onboarding to be swift, seamless, and scalable, your role as GRC Engineer is crucial and plays a pivotal role in assessing and prioritising information security and cybersecurity risks across the organisation. Your technical and automation skills, combined with your ability to manage risks and ensure compliance, make you a key player in our cybersecurity strategy.

You will be at the heart of ensuring continuous compliance and audit readiness - not through manual, point-in-time effort, but by engineering automation that does the heavy lifting. You will design and build automated evidence collection, continuous control monitoring, and security metrics pipelines that keep our compliance posture live and audit-ready at all times. You will also automate and streamline third-party and security risk management, from vendor risk assessments through to keeping our risk register continuously up to date, and support various external and customer audits and due diligence requests with reusable, automated evidence.

Our team is specialised and handles our most strategic and high-value projects. We are looking for an individual who can not only own and lead the administration and maintenance of our critical business systems - ensuring compliance, security, and efficiency across the board - but who also brings an automation-first mindset, constantly seeking to replace repetitive manual GRC work with scalable, repeatable, and auditable automated workflows.

Your Ticket to Success:

Be an advocate. For FrankieOne, for the product, for our people, and for our values.

You will have excellent analytical and problem-solving skills; be proactive, with the ability to work autonomously, with a sense of urgency and positive attitude, to prioritize and manage multiple tasks in a fast-paced environment.

You will also have strong written and verbal communication skills, along with a proven ability to build and manage relationships with different stakeholders.

Responsibilities:
  • Maintain continuous compliance with relevant standards (e.g. ISO 27001 and SOC 2)

  • Conduct security risk assessments across the organisation and of third-parties

  • Maintain up-to-date audit evidence, project plans, risk register and continuous improvement registers etc.

  • Support external security audit and customer assessments and conduct internal assessments

  • Assisting with Management reviews and reports, Policy management and Security Awareness program

  • Key member of the response team in the event of information security incidents and breaches ensuring process and policy is adhered to

  • Proactively seek areas for improvement across our processes

  • Provide insightful advice and value-added guidance on process and control enhancements.

  • Share information with managers to avoid surprises and ensure timely delivery.

  • Stay up-to-date with industry procedures and methods.

  • Manage security standards, policies, and practices annually to meet corporate demands.

  • Respond to inquiries from business units about ongoing operational compliance.

  • Collaborate with all areas in the business ensuring compliance with ISO27001 and SOC 2 standards and company policies.

  • Automate control monitoring and testing, building scripts or integrations that continuously validate control operation and flag failures or drift, rather than relying on point-in-time manual checks.

  • Streamline the vendor/third-party risk assessment lifecycle through automation - automating questionnaire distribution, evidence intake, risk scoring, and reassessment scheduling, and integrating vendor data with the risk register.

In a Previous Life You Have:
  • Worked in remote teams for offshore clients, with atleast 3 years of information security experience with emphasis on risk and compliance in a similar sized business.

  • 2+ years of expertise conducting ISO 27001 and SOC 2 audits and handling audit responses.

  • Good understanding of regulatory compliance requirements (ISO 27001, SOC 2, NIST, PCI, GDPR, etc.).

  • Knowledge of security practices like identity and access management, encryption, backups, secure software development life cycle, vulnerability management etc.

  • Familiarity with GRC tool techniques and best practices (e.g. Drata, Vanta etc.)

  • Proven track record of contributing or managing risk and compliance projects.

  • Successfully managed third-party audits, compile evidence, and organise audit responses.

  • Familiarity with GRC platform APIs and building integrations across cloud, security, and ITSM tooling.

  • Experience translating manual compliance processes into automated, repeatable, auditable workflows.

  • Project management experience highly preferred

Preferred Qualifications
  • Bachelor’s degree in information cybersecurity, risk management, governance, or a related field is highly desirable, but not mandatory.

  • ISO 27001 Lead Auditor, CISA, CISM, CRISC or CISSP certification (or working toward certification)

Apply once. Then go straight to the hiring manager.

After you apply, unlock the direct contact details of the people who actually make the call. A quick follow-up makes you 5x more likely to land an interview.

MR

Marcus Rivera

Chief Revenue Officer

m.rivera@company.com
linkedin.com/in/marcusrivera
Unlocked after you apply
Β·

Related jobs

Premium

Reach out to the hiring manager directly.

Gain access to the contact details of the hiring managers who actually decide, and reach out to network with them directly. That, plus more when you upgrade:

  • Full match report with fit score and gaps
  • Career diagnostics on how recruiters read you
  • Curated company matches and warm intros
  • 48h early access to new roles

Cancel anytime.