We’re looking for a driven, motivated, and ambitious GRC Specialist to join our growing Security team at Torq. Here, we’re redefining how security teams operate - not by buying more tools, but by building smarter, AI-driven programs from the ground up. As our GRC Specialist, you'll own the compliance programs that underpin trust with our customers and partners, while actively shaping how we use AI and automation to make compliance faster, more rigorous, and less manual. This isn't a checkbox role. It's a builder role for someone who sees compliance as a competitive advantage and AI as the engine to get there.

Responsibilities:

Compliance Program Ownership

• Own and lead Torq's security compliance programs across SOC 2, ISO 27001, C5 BSI, and ISO 42001, ensuring continuous readiness and alignment with evolving requirements.
• Lead the scoping, planning, and implementation of new compliance frameworks as the business scales into new markets and regulatory environments.
• Act as the primary point of contact for audits — managing evidence collection, auditor relationships, and remediation tracking end-to-end.

AI-Driven Compliance Operations

• Design and operate continuous compliance monitoring programs leveraging AI and automation — replacing point-in-time snapshots with real-time assurance.
• Build internal AI-powered tooling and workflows (in partnership with the AI Transformation Lead) to automate evidence gathering, control validation, and risk signal aggregation.
• Evaluate and adopt emerging AI compliance methodologies, including AI-specific frameworks like ISO 42001, and translate them into actionable internal programs.

Risk & Vendor Management

• Manage the third-party risk program (TPRM), including vendor assessments, security questionnaires, and ongoing monitoring of the vendor landscape.
• Maintain and actively drive the risk register in close collaboration with the CISO, ensuring risks are tracked, owned, and remediated on time.

Policy & Culture

• Develop and maintain security policies, standards, and procedures that are practical, current, and aligned with both compliance requirements and business objectives.
• Drive security awareness training across the organization and champion secure development practices in collaboration with engineering and product teams.

Cross-functional Collaboration

• Serve as a trusted partner to the CISO, Information Security Manager, HR, Legal, and AI Transformation Lead on matters of risk, compliance, and security governance.

Requirements:

• A self-starter mindset: comfortable with ambiguity, able to set priorities without heavy direction, and capable of building structure where none exists.
• Demonstrated ability to build compliance and security programs from scratch, not just maintain inherited ones.
• 2+ years of hands-on experience in information security and GRC, ideally in a fast-moving SaaS or tech environment.
• Deep familiarity with major frameworks and regulations - SOC 2, ISO 27001, NIST, CIS, DORA, GDPR, and related standards.
• Practical experience with security and IT tooling across cloud environments (AWS, Azure, or GCP), application security, and infrastructure security.
• Exposure to SOC (cybersecurity operations center) environments and cybersecurity incident response.
• Strong written and verbal communication skills - able to translate technical risk into clear language for executives, auditors, and non-technical stakeholders.
• Hands-on experience with IT and Security tools
  
  AI Orientation (Non-Negotiable)-

• Genuine curiosity and working knowledge of AI tools, LLMs, and automation - you've used them, not just read about them.
• Experience building or operating AI-assisted workflows for compliance, risk, or security operations is a strong plus.
• Ability to think critically about AI risk, including how to govern and assess AI systems under frameworks like ISO 42001.
• Visionary outlook: you see the 2-year horizon where AI has transformed how GRC functions and you want to be the person who builds that future at Torq.

As an equal-opportunity employer, we are committed to a team defined and empowered by diversity. We consider qualified applicants without regard to race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.

We are waiting for you!

Transmit Security gives businesses the modern tools they need to build secure, trusted and end-to-end digital identity journeys to innovate and grow. 

CX-focused, cybersecurity conscious leaders rely on Transmit Security’s xCIAM platform to provide their customers with smooth experiences protected from fraud across all channels and devices. 

Transmit Security serves many of the world’s largest banks, insurers, retailers, and other leading brands, collectively responsible for more than $1.3 trillion in annual commerce. 

About the Role:

As a DevSecOps engineer you will be a part of our DevOps group and play a critical role in designing and implementing application and infrastructure security programs that will make sure that our systems continue to be secure and compliant with our clients’ high bar.

You will work closely with developers and DevOps engineers to help identify and remediate application and infrastructure security issues.

What you’ll do:

• Implement an application security program
• Design and implement security automation and controls within CI/CD pipelines utilizing SAST, DAST and SCA tools
• Collaborate on architecture reviews, threat modeling, and developer security training sessions to elevate AppSec maturity
• Implement an infrastructure security program
• Integrate and implement CSPM controls within a high scale cloud environment.
• Own strategy for security in IAM, secret management and similar security-critical components
• Own security training and review for DevOps teams.
• Orchestrate execution of penetration testing on infrastructure and application and a bug bounty program
• Own compliance processes within DevOps
• Build and continuously improve SOC2 compliance processes and audit readiness tooling
• Lead technical responses for internal and external audits, working closely with GRC, engineering, and cloud teams to resolve gaps and strengthen security posture.​

What you’ll need:

1. At least 3 years of experience in Application Security and Infrastructure Security in a SaaS company operating in a highly regulated market (finance, healthcare, crypto, security)
2. Experience managing SoC2 or ISO 27001 certifications.
3. Strong software development capabilities and application security knowledge.
4. Strong expertise in AWS, Google Cloud, and Azure security best practices.​
5. Hands-on work with CI/CD, IAC, artifact repositories and related technologies (GitHub Actions, Jenkins, ArgoCD, JFrog, Terraform, CloudFormation)
6. Hands-on work with CSPM,  SCA, SAST, secret scanning and similar tools (ORCA, Veracode, …)
7. Hands-on work with building automations and integrations around security tools.
8. Familiarity with SOC 2, ISO 27001, or NIST frameworks and 24x7 cloud security operations in regulated environments.​