What you'd actually do

Own the intake, prioritization, and completion of all inbound customer security questionnaires, RFPs, and due diligence requests including SIG, CAIQ, and custom enterprise questionnaires with a commitment to accuracy, thoroughness, and turnaround time.

Serve as the primary customer-facing representative for security and compliance, leading calls and meetings with enterprise customers, prospects, and their security or procurement teams.

Build and maintain a comprehensive, evergreen response library for common security and compliance questions, reducing duplication of effort and ensuring consistency across all customer engagements.

Build and maintain automations to continuously validate the organization's compliance posture across key frameworks including SOC2 Type II, ISO 27001, and HIPAA, coordinating evidence collection, managing external auditor relationships, and driving readiness for annual assessments.

Build dashboards and reporting pipelines that provide leadership with real-time visibility into compliance posture, open risks, and program health.

Skills

Required

8+ years of experience in GRC, information security compliance, or a closely related field.
Deep, hands-on experience with at least two major compliance frameworks (SOC2, ISO 27001, HIPAA, PCI-DSS, or FedRAMP), including direct involvement in audits and assessments.
Proven track record managing high volumes of security questionnaires and enterprise due diligence requests, including SIG and CAIQ formats.
Strong understanding of the security program’s influence on company revenue and a partnership mindset with the Go To Market function.
Scripting and automation fluency (Python, Bash, or similar) and a track record of building tools, not just spreadsheets.
Strong customer-facing communication skills, you are equally comfortable presenting to a CISO, walking a procurement team through a control matrix, or discussing technical security controls with customer engineering leaders.
Solid understanding of risk management principles, with hands-on experience performing risk assessments and maintaining a risk register.
Ability to translate technical security controls into clear, business-appropriate language for non-technical audiences including customers, legal teams, and executives.
Strong organizational skills and the ability to manage multiple concurrent questionnaire engagements, each with distinct deadlines and stakeholder requirements.
Bachelor's degree in Information Security, Computer Science, Business, or a related field (or equivalent experience).

Nice to have

Security certifications: CISSP, CISM, CRISC, CISA, or CCSP.
Experience with GRC platforms such as Vanta, Drata, Sprinto, or similar.
Familiarity with NIST CSF or NIST 800-53 control frameworks.
Background in SaaS, fintech, or healthcare environments with regulated data handling requirements.
Experience drafting or reviewing Data Processing Agreements (DPAs), Business Associate Agreements (BAAs), or security-related contract language.
Experience supporting FedRAMP authorization or state-level public sector compliance programs.

About Us

Temporal is an open source programming model that can simplify code, make applications more reliable, and help developers focus on the important things like delivering features faster. We are on a mission to be the reliable foundation of every developer’s toolbox, and are building the team that will make that happen.

Our values guide us —they are present in how we show up, make decisions, and work together to make an impact. We’re curious, driven, collaborative, genuine and humble.

Temporal is growing and we are looking for those who share our values, challenge 'standard' thinking, and want to influence our future. If you have a passion for improving the developer experience, building world-class open-source software and communities, and want to be a part of our amazing team, we'd love to hear from you!

Summary

Join our team as a Senior Security Engineer, GRC, where you'll be the primary owner of our customer-facing compliance program and a trusted partner throughout the enterprise sales cycle. In this role, you will manage the end-to-end lifecycle of security questionnaires, due diligence requests, and compliance reviews and automate parts of that process. You will ensure prospective and existing customers have full confidence in our security posture and you will work closely with Sales, Legal, and Product to represent our compliance program externally, while maintaining the internal rigor of our governance and risk frameworks.

What You'll Do

Own the intake, prioritization, and completion of all inbound customer security questionnaires, RFPs, and due diligence requests including SIG, CAIQ, and custom enterprise questionnaires with a commitment to accuracy, thoroughness, and turnaround time.
Serve as the primary customer-facing representative for security and compliance, leading calls and meetings with enterprise customers, prospects, and their security or procurement teams.
Build and maintain a comprehensive, evergreen response library for common security and compliance questions, reducing duplication of effort and ensuring consistency across all customer engagements.
Build and maintain automations to continuously validate the organization's compliance posture across key frameworks including SOC2 Type II, ISO 27001, and HIPAA, coordinating evidence collection, managing external auditor relationships, and driving readiness for annual assessments.
Build dashboards and reporting pipelines that provide leadership with real-time visibility into compliance posture, open risks, and program health.
Design and automate the third-party risk assessment process, including vendor tiering logic, questionnaire workflows, and continuous monitoring for critical vendors.
Perform ongoing risk assessments and maintain a risk register that reflects the current threat and compliance landscape, escalating material findings to leadership with clear remediation recommendations.
Conduct third-party vendor risk assessments, including use case-specific risk analysis, ongoing tiering and monitoring, and implementation recommendations.
Author, maintain, and operationalize security policies and procedures; track employee acknowledgments and manage exceptions through to resolution.
Coordinate and participate in customer security review meetings, including onsite or virtual sessions with enterprise security, legal, and procurement stakeholders.
Collaborate cross-functionally with Engineering, Legal, and Product to gather documentation, validate control descriptions, and resolve compliance gaps surfaced through customer inquiries.

What You'll Bring

8+ years of experience in GRC, information security compliance, or a closely related field.
Deep, hands-on experience with at least two major compliance frameworks (SOC2, ISO 27001, HIPAA, PCI-DSS, or FedRAMP), including direct involvement in audits and assessments.
Proven track record managing high volumes of security questionnaires and enterprise due diligence requests, including SIG and CAIQ formats.
Strong understanding of the security program’s influence on company revenue and a partnership mindset with the Go To Market function.
Scripting and automation fluency (Python, Bash, or similar) and a track record of building tools, not just spreadsheets.
Strong customer-facing communication skills, you are equally comfortable presenting to a CISO, walking a procurement team through a control matrix, or discussing technical security controls with customer engineering leaders.
Solid understanding of risk management principles, with hands-on experience performing risk assessments and maintaining a risk register.
Ability to translate technical security controls into clear, business-appropriate language for non-technical audiences including customers, legal teams, and executives.
Strong organizational skills and the ability to manage multiple concurrent questionnaire engagements, each with distinct deadlines and stakeholder requirements.
Bachelor's degree in Information Security, Computer Science, Business, or a related field (or equivalent experience).

Nice to Have

Security certifications: CISSP, CISM, CRISC, CISA, or CCSP.
Experience with GRC platforms such as Vanta, Drata, Sprinto, or similar.
Familiarity with NIST CSF or NIST 800-53 control frameworks.
Background in SaaS, fintech, or healthcare environments with regulated data handling requirements.
Experience drafting or reviewing Data Processing Agreements (DPAs), Business Associate Agreements (BAAs), or security-related contract language.
Experience supporting FedRAMP authorization or state-level public sector compliance programs.

Compensation

The estimated pay range for this role is $180,000 - $225,000, depending on qualifications and location.
This role is eligible to participate in Temporal's equity plan.

Compensation ranges reflect salary and commission compensation (when applicable) across several geographic markets. Employment offers carefully consider multiple factors, including prior experience, knowledge, expertise, skillset, market location, and job level assessed during the interview process.

_Employee benefits and perks below are for full-time employees, part-time or temporary positions are excluded. _

**U.S. Benefits **

Unlimited PTO, 12 Holidays + 2 Floating Holidays
100% Premiums Coverage for Medical, Dental, and Vision
AD&D, LT & ST Disability, and Life Insurance (Standard & Supplemental Available)
Empower 401K Plan
Additional Perks for Learning & Development, Lifestyle Spending, In-Home Office Setup, Professional Memberships, WFH Meals, Internet Stipend and more!

International Benefits

Paid Time Off (PTO) and Benefits outside the United States vary by country, and are issued in partnership with Remote.com. Additionally, Temporal offers perks to all international employees for learning & career development, a lifestyle spending account, in-home office setup (in addition to company-issued hardware), professional memberships, work-from-home meals, and access to the Calm app for mental wellness.

Travel

Temporal is a globally distributed, collaborative team that values opportunities for in-person connection. Occasional travel may be required for company events, team offsites, and other meaningful moments that bring us together.

**Additional Perks **

$3,600 / Year Work from Home Meals
$1,800 / Year Professional Enrichment (Career Development & Professional Memberships)
$1,200 / Year Lifestyle Spending Account
$1,000 / Year In-Home Office Setup (In addition to Temporal issued equipment - laptop, monitor, keyboard, mouse, trackpad, and extension power cable at no cost to you)
$74 / Month Reimbursement for Internet
Calm App Subscription for Mental Health & Wellness

Temporal Technologies is an Equal Opportunity Employer. Temporal Technologies does not discriminate on the basis of race, religion, color, sex, gender identity, sexual orientation, age, non-disqualifying physical or mental disability, national origin, veteran status, or any other basis covered by appropriate law. All employment is decided on the basis of qualifications, merit, and business need. We embrace and celebrate differences and diversity.

Temporal is committed to providing access, equal opportunity, and reasonable accommodation for individuals with disabilities in employment, its services, programs, and activities. If you need to request a reasonable accommodation, please let your Recruiter know so we can assist.

We are not working with external recruitment agencies, thanks.

About Us

Our values guide us —they are present in how we show up, make decisions, and work together to make an impact. We’re curious, driven, collaborative, genuine and humble.

Summary

What You'll Do

Own the intake, prioritization, and completion of all inbound customer security questionnaires, RFPs, and due diligence requests including SIG, CAIQ, and custom enterprise questionnaires with a commitment to accuracy, thoroughness, and turnaround time.
Serve as the primary customer-facing representative for security and compliance, leading calls and meetings with enterprise customers, prospects, and their security or procurement teams.
Build and maintain a comprehensive, evergreen response library for common security and compliance questions, reducing duplication of effort and ensuring consistency across all customer engagements.
Build and maintain automations to continuously validate the organization's compliance posture across key frameworks including SOC2 Type II, ISO 27001, and HIPAA, coordinating evidence collection, managing external auditor relationships, and driving readiness for annual assessments.
Build dashboards and reporting pipelines that provide leadership with real-time visibility into compliance posture, open risks, and program health.
Design and automate the third-party risk assessment process, including vendor tiering logic, questionnaire workflows, and continuous monitoring for critical vendors.
Perform ongoing risk assessments and maintain a risk register that reflects the current threat and compliance landscape, escalating material findings to leadership with clear remediation recommendations.
Conduct third-party vendor risk assessments, including use case-specific risk analysis, ongoing tiering and monitoring, and implementation recommendations.
Author, maintain, and operationalize security policies and procedures; track employee acknowledgments and manage exceptions through to resolution.
Coordinate and participate in customer security review meetings, including onsite or virtual sessions with enterprise security, legal, and procurement stakeholders.
Collaborate cross-functionally with Engineering, Legal, and Product to gather documentation, validate control descriptions, and resolve compliance gaps surfaced through customer inquiries.

What You'll Bring

8+ years of experience in GRC, information security compliance, or a closely related field.
Deep, hands-on experience with at least two major compliance frameworks (SOC2, ISO 27001, HIPAA, PCI-DSS, or FedRAMP), including direct involvement in audits and assessments.
Proven track record managing high volumes of security questionnaires and enterprise due diligence requests, including SIG and CAIQ formats.
Strong understanding of the security program’s influence on company revenue and a partnership mindset with the Go To Market function.
Scripting and automation fluency (Python, Bash, or similar) and a track record of building tools, not just spreadsheets.
Strong customer-facing communication skills, you are equally comfortable presenting to a CISO, walking a procurement team through a control matrix, or discussing technical security controls with customer engineering leaders.
Solid understanding of risk management principles, with hands-on experience performing risk assessments and maintaining a risk register.
Ability to translate technical security controls into clear, business-appropriate language for non-technical audiences including customers, legal teams, and executives.
Strong organizational skills and the ability to manage multiple concurrent questionnaire engagements, each with distinct deadlines and stakeholder requirements.
Bachelor's degree in Information Security, Computer Science, Business, or a related field (or equivalent experience).

Nice to Have

Security certifications: CISSP, CISM, CRISC, CISA, or CCSP.
Experience with GRC platforms such as Vanta, Drata, Sprinto, or similar.
Familiarity with NIST CSF or NIST 800-53 control frameworks.
Background in SaaS, fintech, or healthcare environments with regulated data handling requirements.
Experience drafting or reviewing Data Processing Agreements (DPAs), Business Associate Agreements (BAAs), or security-related contract language.
Experience supporting FedRAMP authorization or state-level public sector compliance programs.

Compensation

The estimated pay range for this role is $180,000 - $225,000, depending on qualifications and location.
This role is eligible to participate in Temporal's equity plan.

_Employee benefits and perks below are for full-time employees, part-time or temporary positions are excluded. _

**U.S. Benefits **

Unlimited PTO, 12 Holidays + 2 Floating Holidays
100% Premiums Coverage for Medical, Dental, and Vision
AD&D, LT & ST Disability, and Life Insurance (Standard & Supplemental Available)
Empower 401K Plan
Additional Perks for Learning & Development, Lifestyle Spending, In-Home Office Setup, Professional Memberships, WFH Meals, Internet Stipend and more!

International Benefits

Travel

**Additional Perks **

$3,600 / Year Work from Home Meals
$1,800 / Year Professional Enrichment (Career Development & Professional Memberships)
$1,200 / Year Lifestyle Spending Account
$1,000 / Year In-Home Office Setup (In addition to Temporal issued equipment - laptop, monitor, keyboard, mouse, trackpad, and extension power cable at no cost to you)
$74 / Month Reimbursement for Internet
Calm App Subscription for Mental Health & Wellness

We are not working with external recruitment agencies, thanks.

Senior Security Engineer, Grc

What you'd actually do

Skills

Required

Nice to have

What the JD emphasized

About Us

Summary

About Us

Summary