Search...

GRC Engineer

NinjaTrader logo
NinjaTrader

NinjaTrader is a futures trading provider offering an integrated, multi-device trading platform for active traders. It provides tools, services, and support for both new and experienced traders to access global futures markets, including Micro E-mini futures.

Chicago, USA

Investors

About NinjaTrader

NinjaTrader delivers integrated multi-device trading using a cloud-based technology designed for active futures traders. They provide access to the world’s most popular futures markets, including E-mini indexes, with no deposit minimums, low margins, and low commissions. The platform is highly customizable, allowing users to integrate thousands of third-party add-ons or develop their own tools using a C# based framework. NinjaTrader is a futures trading provider that centralizes tools and services for both new and experienced traders, offering professional trading platforms for charting, free trading simulation, and comprehensive support resources.

View jobs by NinjaTrader

Skills

About the Role

You'll help scale the compliance program through automation and run audits across SOC 2, ISO 27001, and SOX. This is a hands-on, technical role where you'll spend as much time writing code and integrating systems as you do reviewing controls. You'll serve as the bridge between Security, Engineering, and the business by transforming manual, evidence-heavy compliance work into automated, repeatable processes while helping leadership understand and prioritize risk. This role is ideal for you if you have GRC or security experience and want to move beyond spreadsheets and checklists into building the tooling that makes a compliance program efficient, scalable, and audit-ready year-round.

Requirements

  • 3–5 years of experience in GRC, IT audit, security compliance, or a related field
  • Hands-on experience supporting or leading audits for SOC 2, ISO 27001, SOX, or a comparable framework
  • Working knowledge of SOC 2 Trust Services Criteria, ISO 27001 Annex A, COSO/SOX ITGCs, NIST, or similar control frameworks
  • Experience with scripting and automation using Python or a similar language, including working with REST APIs to automate evidence collection
  • Familiarity with at least one major cloud platform (AWS, GCP, or Azure) and its security and logging services
  • Strong understanding of access management, change management, logging and monitoring, vulnerability management, and SDLC controls
  • Excellent written communication skills with the ability to create clear control documentation, risk assessments, and stakeholder reporting
  • Ability to manage multiple priorities while driving audit findings and remediation efforts to completion

Responsibilities

  • Build and maintain automation for continuous control monitoring, evidence collection, and audit readiness through scripts, APIs, and GRC platform integrations
  • Integrate compliance workflows with cloud providers, identity systems, ticketing platforms, and CI/CD pipelines to automatically collect control data and evidence
  • Reduce manual compliance work by codifying control checks and pulling evidence directly from source systems
  • Develop dashboards and reporting that provide stakeholders with real-time visibility into control health and audit readiness
  • Run and coordinate audits for SOC 2 (Type I and Type II), ISO 27001, and SOX, including scoping, evidence collection, control walkthroughs, and auditor coordination
  • Map controls across multiple compliance frameworks to reduce duplication and maintain a unified control library
  • Track audit findings and control gaps through remediation and closure with business and technical stakeholders
  • Maintain audit-ready documentation including policies, procedures, control narratives, and evidence repositories
  • Identify, assess, and document organizational risks while maintaining the enterprise risk register
  • Support risk assessments, including likelihood and impact scoring, treatment planning, and remediation tracking
  • Partner with Engineering and IT to evaluate the control impact of new systems, vendors, and architectural changes
  • Contribute to the third-party risk management program
  • Partner with control owners to ensure controls are operating effectively and generating appropriate evidence
  • Translate compliance requirements into practical, engineering-focused guidance
  • Support customer security questionnaires, trust requests, and due diligence activities

Benefits

  • Generous PTO
  • 7 Paid Holidays Annually + 5 Conditional Holidays Annually
  • 1 Service Day Annually
  • 401k with 3.5% Company Match
  • Paid Parental Bonding Leave
  • Health, Vision, Dental Coverage
  • Life and Disability Insurance Covered 100% by NinjaTrader
  • 20 additional flex remote days annually
  • 5 Company Wide Office-Optional weeks tied to major holidays