Information Security Engineer (GRC)

As an Information Security Engineer focused on Governance, Risk, and Compliance (GRC) at Clutch, you will own and mature our trust foundation. You will operationalize our security controls, drive evidence collection and continuous monitoring, and partner with product, engineering, and business teams to reduce risk while enabling speed. You will join a small, high‑impact Security team that partners closely with Infrastructure, Product Engineering, Legal, and GTM. Within 6 months, you will: Lead our next SOC 2 Type II audit cycle end‑to‑end, including auditor coordination, population requests, and walkthroughs. Roll out a vendor risk management workflow integrated with procurement and Legal, including tiering, due diligence, and continuous monitoring. Partner with Engineering to define secure SDLC checkpoints and automate evidence from GitHub, CI, and cloud. Within 9 months, you will: Drive PCI DSS certification readiness, including SoA ownership, internal audits, and management review inputs. Establish KPI/KRIs and dashboards for control effectiveness and risk trends consumed by execs and customers. Mature incident response playbooks and conduct at least one cross‑functional tabletop with measurable improvements.