Flock is the leading safety technology platform, helping communities thrive by taking a proactive approach to crime prevention and security. Our hardware and software suite connects cities, law enforcement, businesses, schools, and neighborhoods in a nationwide public-private safety network. Trusted by over 5,000 communities, 4,500 law enforcement agencies, and 1,000 businesses, Flock delivers real-time intelligence while prioritizing privacy and responsible innovation.
We’re a high-performance, low-ego team driven by urgency, collaboration, and bold thinking. Working at Flock means tackling big challenges, moving fast, and continuously improving. It’s intense but deeply rewarding for those who want to make an impact.
With nearly $700M in venture funding and a $7.5B valuation, we’re scaling intentionally and seeking top talent to help build the impossible. If you value teamwork, ownership, and solving tough problems, Flock could be the place for you.
We are hiring a Senior GRC Engineer to build and scale an engineering-driven, automation-first, and AI-enabled approach to Governance, Risk, and Compliance (GRC).
This role goes far beyond traditional GRC. You will design and implement intelligent, automated systems that integrate directly into our engineering and cloud environments—transforming compliance from a manual, point-in-time exercise into a continuous, real-time capability.
You will leverage automation, data pipelines, and emerging AI/LLM capabilities to reduce manual effort, improve signal quality, and enable proactive risk management.
This is a high-impact role at the intersection of security engineering, compliance, and data—helping evolve GRC into a measurable, scalable, and product-aligned function.
Build GRC Engineering Capabilities
Design and implement policy-as-code and compliance-as-code frameworks
Automate control testing and evidence collection using cloud and CI/CD telemetry
Integrate GRC processes with engineering tools and workflows
Develop reusable tooling and internal platforms for scalable, self-service compliance
Build and deploy production-grade automation leveraging LLMs and AI tooling (e.g., for control mapping, evidence analysis, and anomaly detection)
Own the design, development, and maintenance of core GRC automation systems and services
Drive Risk Visibility and Measurement
Develop KPIs and KRIs using engineering and cloud data
Support risk quantification efforts using frameworks such as FAIR
Maintain and improve the security risk register
Apply data modeling and AI techniques to identify emerging risks and reduce false positives
Build automated risk scoring and prioritization models using real-time engineering and security data
Support Audits and Certifications
Lead and support audits including SOC 2, ISO 27001, ISO 27701, FedRAMP and CJIS
Build automated audit readiness and continuous compliance processes
Serve as a key point of contact for internal and external auditors
Partner Across the Business
Work with Product and Engineering teams on security and privacy requirements
Support customer security reviews, RFIs, and trust center initiatives
Collaborate with Legal and Privacy teams on regulatory alignment
Third-Party Risk Management
Automate vendor assessments using AI-assisted questionnaire analysis and response validation
Build workflows to ingest, analyze, and score third-party risk data at scale
Experience
5+ years in GRC, security engineering, or related roles
Experience working in cloud-native environments, AWS is a must
Experience supporting audits such as SOC 2, ISO 27001, or similar
Relevant certifications such as CISA, CRISC, FAIR, AWS Security Specialty, ISO 27001/42001 Lead Auditor certifications a plus
Technical Skills
Experience integrating security and compliance into CI/CD pipelines
Ability to work with APIs, automation tools, or scripting languages
Experience implementing policy-as-code, compliance-as-code, or security-as-code frameworks
Familiarity with tools such as Terraform, CloudFormation, or similar IaC frameworks
AI & Automation Mindset
Thinks in terms of systems and scale, not manual tasks—automating repetitive work wherever possible
Curious about and experienced with applying AI to operational problems, especially in security or compliance
Comfortable experimenting with emerging technologies and rapidly evolving tooling
Focused on signal over noise, reducing manual overhead while increasing accuracy
GRC Expertise
Strong understanding of frameworks such as SOC2 Type II, NIST 800-53, ISO 27001, and CJIS
Experience with third-party risk management and vendor assessments
Ability to translate regulatory requirements into technical controls
Mindset
Automation-first thinking
Strong problem-solving skills and ownership mentality
Ability to balance security, compliance, and business needs
Ability tocollaborate effectively with engineering, security, and business stakeholders
GRC processes are automated and integrated into engineering workflows
Audit readiness becomes continuous rather than periodic
Risk is measured using real-time data and clear metrics, tied to revenue
Engineering teams experience GRC as an enabler, not a blocker
Customer trust and security assurance scale with company growth
Manual GRC processes are replaced with intelligent, automated workflows
AI-assisted systems reduce audit preparation time and improve evidence quality
GRC insights directly influence engineering prioritization and business decision-making
Feeling uneasy that you haven’t ticked every box? That’s okay; we’ve felt that way too. Studies have shown women and minorities are less likely to apply unless they meet all qualifications. We encourage you to break the status quo and apply to roles that would make you excited to come to work every day.
We prescribe to 90 day plans and believe that good days lead to good weeks, which lead to good months. This serves as a preview of the 90 day plan you will receive if you were to be hired in this role at Flock.
The First 30 Days
Ramp on systems, architecture, and existing GRC processes
Build relationships with Engineering, Security, and Legal
Identify initial automation opportunities
The First 60 Days
Begin implementing automation for control testing and evidence collection