GRC Engineer - Platform Team
Sign in to build your German application, then apply.
Job Description
ABOUT THE ROLE
Taktile empowers financial institutions to transform into truly AI-native organizations. We’re growing rapidly with enterprise customers across banks and insurance companies, and we’re looking for a GRC Engineer.
Operating in highly regulated markets means trust isn't a feature for us, it's the foundation of every customer relationship. As we scale into larger enterprise and fintech accounts, a strong, demonstrable security and compliance posture is what lets us win and keep that trust.
As our GRC Engineer on the Platform Team, you'll own the controls, evidence, and processes that keep Taktile secure, compliant, and continuously audit-ready. You'll be the engineering-minded backbone of our compliance program, turning frameworks like SOC 2, ISO 27001, GDPR, and the EU AI Act into automated, continuously-monitored controls rather than one-off, point-in-time checklists.
This is a cross-functional, high-leverage role. You'll partner with Security, Engineering, Product, and IT to close the gap between policy and control implementation, and with Sales, Legal, Support, and Leadership to make compliance a competitive advantage rather than a bottleneck.
The ideal candidate pairs deep framework knowledge with the technical ability to automate it; fielding a complex customer security questionnaire in the morning and scripting AWS evidence collection in the afternoon.
WHAT YOU'LL DO
-
Own continuous compliance end-to-end ; SOC 2, ISO 27001, and customer security reviews, keeping us audit-ready year-round rather than scrambling at renewal time.
-
Manage and evolve the compliance roadmap, prioritizing initiatives against business and customer needs; own Vanta end-to-end, including tasks, documentation, integrations, and automated evidence collection.
-
Lead quarterly access reviews across all systems in collaboration with IT and Engineering, ensuring findings are tracked through to remediation.
-
Run vendor risk reviews and DPIAs for new tools (especially AI tooling) and help teams adopt new software quickly without compromising our risk posture.
-
Serve as the technical voice on customer security questionnaires and DPAs, working alongside Sales and Legal to keep deals moving.
-
Define and report compliance and risk KPIs to leadership, giving them a clear, ongoing view of our posture and where investment is needed.
-
Partner with the Security Architect to identify and close gaps between written policy and actual control implementation.
REQUIREMENTS
-
4+ years in GRC, security compliance, or audit readiness at a SaaS company, ideally in a regulated environment (Finance, Insurance, Healthcare).
-
Has owned a SOC 2 program end-to-end (must-have), ideally ISO 27001 too, from gap analysis through audit and maintenance; familiar with GDPR, PCI DSS, and the EU AI Act.
-
Deep experience running Vanta (or Drata/Secureframe) as a continuous compliance backbone, not a point-in-time checklist.
-
Technically hands-on: comfortable scripting against AWS APIs to automate evidence collection, with a solid grasp of software development and security concepts.
-
A strong writer and communicator who can turn around a 200-row security questionnaire quickly and accurately, and translate fluently between compliance and technical teams.
IDEAL, BUT NOT REQUIRED
-
Experience with customer trust programs (Trust Center, FAQs, security whitepapers).
-
DORA / EU AI Act / fintech regulatory exposure.
-
Has shipped engineering-led automation (not just dashboards).
-
Familiarity with NIST CSF, CIS Controls, or GDPR/DPAs.
WHAT WE OFFER
-
Work with colleagues that lift you up, challenge you, celebrate you and help you grow. We come from many different backgrounds, but what we have in common is the desire to operate at the very top of our fields. If you are similarly capable, caring, and driven, you'll find yourself at home here.
-
Make an impact and meaningfully shape an early-stage company.
-
Experience a truly flat hierarchy and communicate directly with founding team members. Having an opinion and voicing your ideas is not only welcome but encouraged, especially when they challenge the status quo.
-
Learn from experienced mentors and achieve tremendous personal and professional growth. Get to know and leverage our network of leading tech investors and advisors around the globe.
-
Receive a top-of-market equity and cash compensation package.
-
Get access to a self-development budget you can use to e.g. attend conferences, buy books or take classes.
-
Use the equipment of your choice including meaningful home office set-up.
OUR STANCE
-
We're eager to meet talented and driven candidates regardless of whether they tick all the boxes. We're looking for someone who will add to our culture, not just fit within it. We strongly encourage individuals from groups traditionally underestimated and underrepresented in tech to apply.
-
We seek to actively recognize and combat racism, sexism, ableism and ageism. We embrace and support all gender identities and expressions, and celebrate love in its many forms. We won't inquire about how you identify or if you've experienced discrimination, but if you want to tell your story, we are all ears.
ABOUT US
Taktile enables financial institutions to transform into AI-native organizations that are increasingly powered by autonomous agents. With our modular Agentic Decision Platform, customers combine AI agents, rules, relevant context, and human oversight to safely automate and optimize their decisions-approving more customers, reimbursing claims instantly, stopping fraud before it spreads, and financing every business worth funding. Founded in 2020, Taktile powers millions of decisions daily for institutions including Mercury, Monzo, Faire, and Pleo. With offices in New York, Berlin, London, São Paulo, and Iași, the company has raised $184M from Growth Equity at Goldman Sachs Alternatives, Index Ventures, Tiger Global, Balderton Capital, and Y Combinator. Learn more at taktile.com http://taktile.com.
About Your Employment. Taktile operates through regional entities worldwide. Depending on the location of this role, your employment or engagement will be with Taktile LLC (US), Taktile GmbH (Germany), Taktile Ltd (UK), or Taktile SRL (Romania). The applicable entity will be confirmed during the offer process.
Your Privacy. Taktile (“we” or “us”) is the controller of the personal data you provide during this
application process. We collect and process your name, contact details, resume/CV, work history, education, and any other information you submit or that we obtain from publicly available sources or references.
How we use your data: We process your personal data to evaluate your candidacy, communicate with you about the recruitment process, comply with legal obligations (such as right-to-work verification), and, with your consent, to consider you for future opportunities.
Legal basis (EU/UK applicants): We rely on (i) pre-contractual steps at your request (GDPR/UK GDPR Art.6(1)(b)), (ii) legal obligations (Art. 6(1)(c)), and (iii) our legitimate interest in evaluating candidates (Art.6(1)(f)).
Retention: If your application is unsuccessful, we retain your data for 12 months after the recruitment process concludes, unless you consent to longer retention. Successful candidates’ data becomes part of their employment records.
Your rights: Depending on your location, you may have the right to access, correct, delete, or restrict the processing of your personal data, to data portability, and to withdraw consent.
Automated decision-making: We use automated tools to assist in screening applications. No hiring decision is made solely by automated means without human review.
International transfers: Your data may be transferred to and processed in the United States, Germany, the United Kingdom, or Romania. Where required, transfers are protected by Standard Contractual Clauses or other approved mechanisms.
By submitting your application, you acknowledge that you have read and understood Taktile’s Applicant Privacy Policy. To exercise your rights or ask questions, contact privacy@taktile.com
Visa & salary
ELIGIBLE§ 6 BeschV · On BA Positivliste · no priority check
§ 18 AufenthG · Skilled Immigration Act · qualified employment
What to do next
- Generate a German Lebenslauf + Anschreiben in your Application Kit.
- Confirm your degree is recognised (anabin / Skilled Immigration Act).
- Apply directly, then open your visa file with the employer's offer.