Compliance Engineer

About Gridware Gridware is a San Francisco-based technology company dedicated to protecting and enhancing the electrical grid. We pioneered a groundbreaking new class of grid management called active grid response (AGR), focused on monitoring the electrical, physical, and environmental aspects of the grid that affect reliability and safety. Gridware’s advanced Active Grid Response platform uses high-precision sensors to detect potential issues early, enabling proactive maintenance and fault mitigation. This comprehensive approach helps improve safety, reduce outages, and ensure the grid operates efficiently. The company is backed by climate-tech and Silicon Valley investors. For more information, please visit www.Gridware.io. Role Description We are building our information security compliance program and this role sits at the center of that effort. As our Compliance Engineer, you will work directly with the Head of Information Security to design, implement, and operationalize controls across multiple frameworks (SOC 2, ISO 27001, NIS 2, CIS IG3, NERC CIP, and NIST). You will also own customer-facing security assurance, including security questionnaires and audit evidence requests. This is a high-visibility role for someone energized by building structure in ambiguous environments and who understands that good compliance is good engineering. **At this time, Gridware is unable to provide visa sponsorship or immigration support for this role. We’re only able to consider candidates who are currently authorized to work in the country of employment without visa sponsorship now or in the future.** This describes the ideal candidate; many of us have picked up this expertise along the way. Even if you meet only part of this list, we encourage you to apply! Benefits Health, Dental & Vision (Gold and Platinum with some providers plans fully covered) Paid parental leave Alternating day off (every other Monday) “Off the Grid”, a two week per year paid break for all employees. Commuter allowance Company-paid training Responsibilities Framework Implementation & Control Management Design a unified control framework mapped across SOC 2, ISO 27001, CIS IG3, NERC CIP, and NIST (CSF/800-53), eliminating duplication and creating a single source of truth for compliance posture. Develop and maintain a control library, policy inventory, and risk register. Translate technical control requirements into actionable guidance for engineering, IT, and operations teams. Audit Readiness & Evidence Collection Build a structured, repeatable evidence collection process supporting concurrent audits across all frameworks. Maintain a continuously updated evidence repository and coordinate with Engineering, DevOps, HR, and Legal to gather and validate artifacts. Serve as primary liaison with external auditors; manage schedules, fieldwork, and findings remediation through to closure. Customer Security Assurance Own intake, triage, and completion of customer security questionnaires (SIG Lite, CAIQ, custom assessments). Maintain a living questionnaire knowledge base and develop customer-facing security documentation, including trust portal content. Program Development Define compliance workflows, SOPs, tooling requirements, and automation opportunities as the program matures. Monitor regulatory changes across NERC CIP, NIS 2, and NIST; proactively communicate impacts to the team. Required Skills 2–4 years in information security compliance, GRC, or a related discipline. Working knowledge of two or more: SOC 2, ISO 27001, NIST CSF/800-53, CIS Controls, NERC CIP. Experience supporting or leading external audits, including evidence collection and auditor coordination. Ability to perform cross-framework control mapping and identify gaps or conflicts. Strong written communication skills across technical and non-technical audiences. Bonus Skills Hands-on experience with NERC CIP (CIP-002 through CIP-014) in an OT or critical infrastructure environment. Familiarity with GRC platforms such as Vanta, Drata, OneTrust, or Archer. Certifications: CISA, CRISC, ISO 27001 Lead Implementer/Auditor, or NERC CIP.

{
  "content_hash": "bcf63a8f58ae747e2e4cf30e361e353547ef14043d9880cf81178a5e2e83f4ea",
  "source_hash": "3b89d9df7b0376dc262eaf66100ffb742b7395a7792edb0fabdf494c69fafe3c",
  "last_changed_at": "2026-06-06T07:56:45.776Z",
  "active_status": "active"
}

{
  "language": "en",
  "location": {
    "raw": "San Francisco, CA",
    "city": "San Francisco",
    "region": "CA",
    "country": "United States",
    "is_remote": false,
    "confidence": 0.9
  },
  "salary_max": 145000,
  "salary_min": 120000,
  "inferred_at": "2026-06-06T07:56:45.742Z",
  "launch_scope": {
    "reason": "english_us_canada",
    "included": true,
    "language": "en",
    "location": {
      "raw": "San Francisco, CA",
      "city": "San Francisco",
      "region": "CA",
      "country": "United States",
      "is_remote": false,
      "confidence": 0.9
    },
    "countries": [
      "United States"
    ]
  },
  "remote_policy": null,
  "salary_period": "year",
  "workplace_type": "on_site",
  "salary_currency": "USD"
}

{}

{
  "lists": [
    {
      "text": "Responsibilities",
      "content": "<div><strong>Framework Implementation &amp; Control Management</strong>\n\n<li>Design a unified control framework mapped across SOC 2, ISO 27001, CIS IG3, NERC CIP, and NIST (CSF/800-53), eliminating duplication and creating a single source of truth for compliance posture.&nbsp;</li>\n<li>Develop and maintain a control library, policy inventory, and risk register.&nbsp;</li>\n<li>Translate technical control requirements into actionable guidance for engineering, IT, and operations teams.&nbsp;</li>\n\n<strong><strong>Audit Readiness &amp;&nbsp;</strong>Evidence<strong>&nbsp;Collection</strong></strong>\n\n<li>Build a structured, repeatable evidence collection process supporting concurrent audits across all frameworks.&nbsp;</li>\n<li>Maintain a continuously updated evidence repository and coordinate with Engineering, DevOps, HR, and Legal to gather and validate artifacts.&nbsp;</li>\n<li>Serve as primary liaison with external auditors; manage schedules, fieldwork, and findings remediation through to closure.&nbsp;</li>\n\n<strong>Customer Security Assurance</strong>\n\n<li>Own intake, triage, and completion of customer security questionnaires (SIG Lite, CAIQ, custom assessments).&nbsp;</li>\n<li>Maintain a living questionnaire knowledge base and develop customer-facing security documentation, including trust portal content.&nbsp;</li>\n\n<strong>Program Development</strong>\n\n<li>Define compliance workflows, SOPs, tooling requirements, and automation opportunities as the program matures.&nbsp;</li>\n<li>Monitor regulatory changes across NERC CIP, NIS 2, and NIST; proactively communicate impacts to the team.&nbsp;</li>\n\n</div>"
    },
    {
      "text": "Required Skills",
      "content": "<div>\n\n<li>2–4 years in information security compliance, GRC, or a related discipline.&nbsp;</li>\n<li>Working knowledge of two or more: SOC 2, ISO 27001, NIST CSF/800-53, CIS Controls, NERC CIP.&nbsp;</li>\n<li>Experience supporting or leading external audits, including evidence collection and auditor coordination.&nbsp;</li>\n<li>Ability to perform cross-framework control mapping and identify gaps or conflicts.&nbsp;</li>\n<li>Strong written communication skills across technical and non-technical audiences.&nbsp;</li>\n\n</div>"
    },
    {
      "text": "Bonus Skills",
      "content": "<div>\n\n<li>Hands-on experience with NERC CIP (CIP-002 through CIP-014) in an OT or critical infrastructure environment.&nbsp;</li>\n<li>Familiarity with GRC platforms such as Vanta, Drata, OneTrust, or Archer.&nbsp;</li>\n<li>Certifications: CISA, CRISC, ISO 27001 Lead Implementer/Auditor, or NERC CIP.&nbsp;</li>\n\n</div>"
    }
  ],
  "country": "US",
  "createdAt": 1774398432543,
  "updatedAt": null,
  "categories": {
    "team": "IT",
    "location": "San Francisco, CA",
    "commitment": "Full-Time",
    "allLocations": [
      "San Francisco, CA"
    ]
  },
  "salaryRange": {
    "max": 145000,
    "min": 120000,
    "currency": "USD",
    "interval": "per-year-salary"
  },
  "workplaceType": "onsite"
}