ForgeApply · Job listing
GRC Engineer
Butterflymx
Apply in about a minute — without sacrificing quality.
ForgeApply autofills this application and tailors your resume to this exact posting. You review everything before it's sent. Free trial, no card required.
About this role
OUR MISSION
ButterflyMX is on a mission to empower people to open and manage doors & gates from a smartphone. Our products are installed in more than 20,000+ multifamily, commercial, gated communities, and student-housing properties worldwide, including properties developed, owned, and managed by the most trusted names in real estate. Our features are designed for developers, owners, property managers, and tenants and our products lower operating costs and improve tenant satisfaction.
OUR SOLUTION
Developers and owners no longer need to run building wiring or install in-unit hardware. Property managers can grant building access, revoke permissions, and review entry logs from an online dashboard. Residents can open doors from their smartphones, issue visitor access, and see who is trying to enter the building.
OUR CULTURE & VALUES
Fantastic people are the key to our success. As a distributed, primarily remote workforce, we’re looking for more intelligent, passionate, collaborative, ai-forward, and down-to-earth individuals to join our growing team. We’re driven by a shared commitment to excellence and innovation, grounded in our core values: We delight our customers, We take ownership, We are a community of collaborators, We speak up, We think big and do small, and We are tenacious.
ROLE OVERVIEW
ButterflyMX is seeking a GRC Engineer who is equal parts practitioner and builder. You will own the governance, risk, and compliance program. But more importantly, you will re-engineer how that program operates: replacing manual, point-in-time processes with AI-assisted, automated, and agentic workflows wherever possible. From continuous controls monitoring to automated vendor risk intake to AI-accelerated policy drafting, you will design a GRC function built for scale.
This is a generalist role that spans the full GRC surface: compliance operations, risk management, audit management, trust and assurance, vendor/supply chain risk, and operational privacy support. You will own the day-to-day operations of our compliance posture: managing audit readiness, maintaining our risk register, driving policy development, coordinating vendor risk assessments, and building sustainable processes through engineering automations. You are equally comfortable automating a controls evidence request (not just handing it to the control owner!); conducting a supply chain risk analysis (software, firmware, hardware); and building automations and workflows to reduce compliance and documentation burdens. It is an individual contributor position reporting directly to the CISO to build and sustain our governance, risk, and compliance program.
RESPONSIBILITIES
- Own and continuously mature the company risk register; design a risk management workflow that uses AI tooling to surface, score, and route emerging risks with minimal manual intervention, ensuring the register reflects real-time posture, not a quarterly snapshot.
- Lead external audit management (SOC 2 Type II); automate evidence collection pipelines in Vanta so that audit cycles are driven by continuous monitoring rather than evidence sprints, and begin scoping a readiness path for ISO 42001 (AI management systems).
- Engineer the Trust and Assurance program for scale: build automated intake and triage workflows for security questionnaire requests, deploy AI-assisted response generation against a curated knowledge base, and expand the trust portal so that partner due diligence is largely self-service.
- Build a vendor and supply chain risk program that goes beyond static spreadsheets. Design automated vendor intake, tiered risk scoring, and continuous monitoring triggers (news alerts, rating service integrations, release notes, expiration tracking) that surface risk without requiring manual sweeps.
- Redesign and maintain security and privacy policies; use AI to draft, version, and track policy updates, and build a lightweight workflow for owner review, approval, and attestation that doesn't require a ticketing system to chase people down.
- Own common controls monitoring in Vanta. Configure and tune integrations, checks, and alerting so that control failures surface automatically to the right owners, not just to a GRC inbox. Drive the organization toward an always-on compliance posture.
- Modernize the security awareness and training program.
- Design and operationalize an integrated compliance calendar covering SOC 2, security and IT systems licensing renewals, applicable state privacy regulations, and any other active frameworks with automated reminders and status tracking rather than manual coordination.
- Support the CISO and General Counsel on operational privacy practices: administer cookie consent management tooling, handle or route data subject requests (DSRs) through a documented and auditable workflow, and help maintain the company's privacy notice and data mapping inventory.
- Monitor the regulatory and compliance landscape, including AI governance developments (EU AI Act, NIST AI RMF, ISO 42001). Proactively surface changes that require a policy, control, or product response.
- Leverage AI tools across every GRC workflow; this role is expected to demonstrate measurable efficiency gains through automation and tooling, not simply to own a portfolio of manual processes.
REQUIREMENTS
- 3+ years of experience in GRC, information security compliance, or risk management.
- Working knowledge of SOC 2 (Trust Services Criteria), with hands-on experience supporting or leading audits.
- Familiarity with additional frameworks is a strong plus: CIS Controls v8, NIST CSF, NIST AI RMF, NIST Privacy Framework, NIST SP 1800 series, NIST 800-53 r5, ISO 42001, ISO 27701, ISO 27001, OWASP Top 10 for Agentic Applications, MITRE D3FEND, MITRE SoT, MITRE ALTAS.
- Experience conducting rapid third-party/vendor risk assessments and managing a supply chain risk program.
- Strong organizational skills with the ability to m
Ready to apply to Butterflymx?
Apply in about a minuteSimilar jobs
- GRC Engineer — Replit · Remote
- GRC Engineer — Verkada · San Mateo, CA United States
- Senior GRC Engineer — Postman · San Francisco, California, United States
- Senior GRC Engineer — Life360 · Remote
- Senior GRC Engineer — Employerdirecthealthcare · Dallas, TX - Hybrid (3x in office/week)
- GRC Manager — Cloudzero · Boston
- GRC Manager — Mattermost · Remote
- GRC Analyst — Rogo · New York City