GRC Controls Tester

We’re seeking a GRC Controls Tester to join our growing team that manages over 30 product audits including SOC 2, PCI, and ISO 27001. This role will be a key contributor to technical control testing, with a focus on cloud-native environments (AWS, Azure), IAM, and Cloud Operations. You will collaborate with engineering, security, DevOps, and audit teams to evaluate control effectiveness, support remediation efforts, and drive audit readiness in a fast-paced, cloud-centric environment.

Lead the design and effectiveness testing of technical and operational controls across multiple compliance frameworks and Develop, execute, and maintain control testing scripts and walkthroughs to validate configurations, access controls, and cloud-native security mechanisms. Conduct gap assessments against regulatory and industry standards, document findings, and recommend mitigation strategies. Evaluate technical controls across IAM, cloud operations, CI/CD, IaC, container security, and vulnerability management to ensure compliance alignment.

Automate audit evidence collection using scripts, APIs, and tools; maintain a standardized control library and audit-ready documentation for assurance activities.