GRC Engineering Consultant

Start: ASAP

Length: 6 months

Location: On-site in Stockholm 5 days a week

Utilization: 100 %, full-time

About the Company

The client is a high-growth legal AI SaaS company, rapidly scaling their security and trust function to meet the demands of enterprise customers and increasingly stringent regulatory expectations.

What You'll Do

• Build automations that cut down on manual compliance overhead - covering evidence collection, control testing, questionnaire responses, and audit preparation.

• Develop Claude-powered workflows for questionnaires, policy Q&A, evidence summarisation, and other GRC needs.

• Configure and integrate our compliance tooling stack (Vanta, Linear, Serval) so it accurately reflects how we actually operate.

• Support the ongoing improvement of our compliance frameworks (ISO 27001, ISO 42001, SOC 2 Type II), driving control enhancements through automation wherever possible.

• Partner with the engineering team to surface security and compliance signals from our Azure infrastructure and CI/CD pipelines.

Required Experience

• 3+ years in a technical role - software engineering, DevOps, IT, or similar.

• A strong interest in GRC, security, and compliance. Prior compliance engineering experience isn't required, but you should be genuinely motivated to build in this space.

• Comfortable with scripting and automation (Python, TypeScript, Bash, PowerShell, or similar).

• Hands-on experience building with Claude or comparable LLMs - producing output reliable enough to put in front of an auditor.

• Experience with automation tooling (n8n, Zapier, or similar) and integrating via APIs.

Preferred

• Familiarity with Vanta; experience with Serval and Linear is a bonus.

• Exposure to cloud platforms (Azure preferred) and CI/CD pipelines.

• Awareness of compliance frameworks (ISO 27001, SOC 2, NIST 800-53) - or a strong desire to get up to speed quickly.

• An interest in AI governance and ISO 42001.

You'll Thrive in This Role If You

• Get genuinely energised by turning repetitive manual work into automated processes.

• Operate independently and ship without needing heavy oversight.

• Can bridge the gap between engineering and compliance, translating technical work into clear, accessible risk language.