Senior GRC Engineer
Kin Insurance
Kin is on a mission to change home insurance from what it is to what it should be. Whether we’re leveraging data to create customizable coverage or providing claims service that goes above and beyond expectations, our members are at the heart of everything we do. In the face of ever-growing climate risk, they deserve an insurance company that cares about them. We aim to stick with our members through thick and thin.
We use efficient technology that lets homeowners buy directly from us to keep costs down. This is the essence of Kin. Our approach has fostered amazing growth, attracted marquee investors, and earned us accolades, including being named to:
Built In Chicago's Best Places to Work, Midsize Companies (2021-2024).
Forbes' America's Best Startup Employers (2021- 2023).
Inc. 5000 Fastest-Growing Private Companies.
Forbes’ Fintech 50.
Simply put, our people are what make us great – we need forward-thinking, inspired game-changers like you to join us in our mission.
So, what’s the role?
We are seeking a highly skilled and experienced Senior Security GRC Engineer to join our growing cybersecurity team. This role is ideal for a seasoned professional passionate about designing, implementing, and managing Governance, Risk, and Compliance (GRC) solutions to support the organization's security initiatives. As a senior team member, you will take ownership of designing scalable solutions to complex GRC challenges, mentoring junior staff, and driving continuous improvement in our compliance and risk management programs. This position emphasizes collaboration with cross-functional teams to protect sensitive data and ensure alignment with regulatory and organizational security objectives.
A day in the life could include:
GRC Solution Design and Implementation
Architect, configure, and manage GRC tooling to automate and streamline governance, risk, and compliance processes.
Maintain and optimize the organization's GRC platform, ensuring it meets evolving business and compliance needs.
Lead integration efforts to align GRC tools with other security, IT, and business systems.
Compliance and Audit Support
Serve as a subject matter expert for audits and assessments, including SOC2 Type 2 and insurance industry-specific compliance.
Ensure readiness for and successful execution of external audits.
Manage an internal controls framework aligned with NIST CSF, conducting ongoing control testing to maintain compliance.
Lead PCI DSS compliance activities and support readiness assessments for future certifications.
Risk Management and Training
Conduct comprehensive risk assessments and manage a cybersecurity risk register.
Support organization-wide training and awareness programs to strengthen the company’s security posture.
Develop internal communications and guidance on cybersecurity governance, risk, and compliance initiatives.
Cloud Security and Controls
Design, implement, and monitor security controls in cloud environments such as AWS, ensuring alignment with industry standards.
Collaborate with cloud infrastructure teams to address risks and ensure compliance for cloud-native applications.
Provide expertise in securing cloud environments, including containerized workloads.
Operational Security Oversight
Manage tools and practices supporting vulnerability management, SIEM platforms, and risk assessment reporting.
Research and implement new security protocols, methodologies, and practices to enhance enterprise security.
Develop and refine risk assessment processes, remediation plans, and reporting mechanisms.
Mentorship and Leadership
Mentor junior staff to build their expertise in GRC and technical cybersecurity.
Promote a culture of collaboration, knowledge-sharing, and continuous learning within the security team.
Collaboration and Stakeholder Engagement
Partner with internal stakeholders, including IT, Legal, and Engineering, to align security and compliance objectives with business goals.
Present findings and actionable insights to leadership, driving informed decision-making and continuous improvement.
I’ve got the skills… but do I have the necessary ones?
Bachelor's degree in Information Security, Computer Science, or a related field (or equivalent experience).
7+ years of experience in cybersecurity governance, risk, and compliance, with at least 2 years in a senior or lead role.
Demonstrated expertise with compliance frameworks such as SOC2, PCI DSS, or NIST CSF.
Hands-on experience with GRC tools (e.g., Drata, ServiceNow GRC, OneTrust) and their configuration.
Proficiency in risk assessment methodologies and control design.
Experience managing security controls in cloud environments (e.g., AWS).
Excellent communication skills, with the ability to translate technical concepts into actionable insights for diverse audiences.
Preferred Skills
Certifications such as CISSP, CISM, CRISC, or CISA.
Familiarity with privacy regulations (e.g., GDPR, CCPA).
Knowledge of cloud security frameworks, container security, and DevSecOps principles.
Experience supporting or managing BCP/DR programs and testing processes.
Oh, and don’t worry, we’ve got you covered!
We offer a comprehensive benefits program, allowing you to choose the
benefits that are best for you and your family including: Medical, Dental, Vision, Life Insurance and Disability Insurance options, Employee Assistance Program, as well as elective voluntary benefits such as accident insurance, hospital indemnity, critical illness, legal assistance and pet insurance.
In addition to these benefits, we also are excited to offer the following:
Competitive salary and equity
401K with company match of up to 4%
Flexible PTO for exempt employees, along with 8 company-observed holidays
A paid parental leave program that provides 100% salary continuation of up to 14 weeks for birthing parents and 8 weeks for non birthing parents
Continuing education and professional development opportunities
Kin will accept applications for the role until March, 24, 2025
#LI-REMOTE
For Sales Agents and Customer Service Agents: These roles sit in any of the following 30 states: AL, AZ, CO, FL, ID, IL, IN, KS, KY, MA, MD, ME, MI, MN, MO, MT, NC, NE, NM, NV, NY, OH, OK, PA, SC, TN, TX, UT, VT, VA, WA, and WI.
For all other positions, these roles can sit in any of the following 40 states: AL, AR, AZ, CA (exempt only), CO, CT, FL, GA, ID, IL, IN, IA, KS, KY, MA, ME, MD, MI, MN, MO, MT, NC, NE, NJ, NM, NV, NY, OH, OK, OR, PA, SC, SD, TN, TX, UT, VT, VA, WA, and WI. Please only apply if you are able to live and work full-time in one of the states listed above.
State locations and specifics are subject to change as our hiring requirements shift.
About Kin
Kin is the only pure-play, direct-to-consumer digital insurer focused on the growing home insurance market. We make policies convenient and affordable through a technology platform that delivers a seamless user experience, customized options for coverage, and fast, high-quality claims service. Kin is a fully licensed carrier that offers coverage through its reciprocal exchanges which are owned by its policyholders. To learn more, visit www.kin.com.
EEOC Statement
Kin is proud to be an Equal Employment Opportunity and Affirmative Action Employer. We don't just accept difference – we honor it, nurture it, and celebrate it. We don’t discriminate based on race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics.