GRC Engineer
We usually respond within a week
The Role
At FrankieOne, where we revolutionise identity verification and onboarding to be swift, seamless, and scalable, your role as GRC Engineer is crucial and plays a pivotal role in assessing and prioritising information security and cybersecurity risks across the organisation. Your technical and automation skills, combined with your ability to manage risks and ensure compliance, make you a key player in our cybersecurity strategy.
You will be at the heart of ensuring continuous compliance and audit readiness - not through manual, point-in-time effort, but by engineering automation that does the heavy lifting. You will design and build automated evidence collection, continuous control monitoring, and security metrics pipelines that keep our compliance posture live and audit-ready at all times. You will also automate and streamline third-party and security risk management, from vendor risk assessments through to keeping our risk register continuously up to date, and support various external and customer audits and due diligence requests with reusable, automated evidence.
Our team is specialised and handles our most strategic and high-value projects. We are looking for an individual who can not only own and lead the administration and maintenance of our critical business systems - ensuring compliance, security, and efficiency across the board - but who also brings an automation-first mindset, constantly seeking to replace repetitive manual GRC work with scalable, repeatable, and auditable automated workflows.
Your Ticket to Success:
Be an advocate. For FrankieOne, for the product, for our people, and for our values.
You will have excellent analytical and problem-solving skills; be proactive, with the ability to work autonomously, with a sense of urgency and positive attitude, to prioritize and manage multiple tasks in a fast-paced environment.
You will also have strong written and verbal communication skills, along with a proven ability to build and manage relationships with different stakeholders.
Responsibilities:
Maintain continuous compliance with relevant standards (e.g. ISO 27001 and SOC 2)
Conduct security risk assessments across the organisation and of third-parties
Maintain up-to-date audit evidence, project plans, risk register and continuous improvement registers etc.
Support external security audit and customer assessments and conduct internal assessments
Assisting with Management reviews and reports, Policy management and Security Awareness program
Key member of the response team in the event of information security incidents and breaches ensuring process and policy is adhered to
Proactively seek areas for improvement across our processes
Provide insightful advice and value-added guidance on process and control enhancements.
Share information with managers to avoid surprises and ensure timely delivery.
Stay up-to-date with industry procedures and methods.
Manage security standards, policies, and practices annually to meet corporate demands.
Respond to inquiries from business units about ongoing operational compliance.
Collaborate with all areas in the business ensuring compliance with ISO27001 and SOC 2 standards and company policies.
Automate control monitoring and testing, building scripts or integrations that continuously validate control operation and flag failures or drift, rather than relying on point-in-time manual checks.
Streamline the vendor/third-party risk assessment lifecycle through automation - automating questionnaire distribution, evidence intake, risk scoring, and reassessment scheduling, and integrating vendor data with the risk register.
In a Previous Life You Have:
Worked in remote teams for offshore clients, with atleast 3 years of information security experience with emphasis on risk and compliance in a similar sized business.
2+ years of expertise conducting ISO 27001 and SOC 2 audits and handling audit responses.
Good understanding of regulatory compliance requirements (ISO 27001, SOC 2, NIST, PCI, GDPR, etc.).
Knowledge of security practices like identity and access management, encryption, backups, secure software development life cycle, vulnerability management etc.
Familiarity with GRC tool techniques and best practices (e.g. Drata, Vanta etc.)
Proven track record of contributing or managing risk and compliance projects.
Successfully managed third-party audits, compile evidence, and organise audit responses.
Familiarity with GRC platform APIs and building integrations across cloud, security, and ITSM tooling.
Experience translating manual compliance processes into automated, repeatable, auditable workflows.
Project management experience highly preferred
Preferred Qualifications
Bachelor’s degree in information cybersecurity, risk management, governance, or a related field is highly desirable, but not mandatory.
ISO 27001 Lead Auditor, CISA, CISM, CRISC or CISSP certification (or working toward certification)
- Department
- Finance, Governance & Legal
- Locations
- Indonesia, India
- Remote status
- Fully Remote
About FrankieOne
At FrankieOne our goal is to help scale fintechs and financial institutions alike by providing seamless access to the global ecosystem of identity and fraud solutions. Our customisable orchestration platform, coupled with access to all global tools in one place, delivers unparalleled customer experiences. In order to do that, over the last four years we have created a unique culture focused on high performance, accountability, being frank - essentially where Frankies can thrive and our customers can feel confident that they are compliant.