GRC Engineering Consultant

Start: ASAP Length: 6 months Location: On-site in Stockholm 5 days a week Utilization: 100 %, full-time About the Company The client is a high-growth legal AI SaaS company, rapidly scaling their security and trust function to meet the demands of enterprise customers and increasingly stringent regulatory expectations. What You'll Do • Build automations that cut down on manual compliance overhead - covering evidence collection, control testing, questionnaire responses, and audit preparation. • Develop Claude-powered workflows for questionnaires, policy Q&A, evidence summarisation, and other GRC needs. • Configure and integrate our compliance tooling stack (Vanta, Linear, Serval) so it accurately reflects how we actually operate. • Support the ongoing improvement of our compliance frameworks (ISO 27001, ISO 42001, SOC 2 Type II), driving control enhancements through automation wherever possible. • Partner with the engineering team to surface security and compliance signals from our Azure infrastructure and CI/CD pipelines. Required Experience • 3+ years in a technical role - software engineering, DevOps, IT, or similar. • A strong interest in GRC, security, and compliance. Prior compliance engineering experience isn't required, but you should be genuinely motivated to build in this space. • Comfortable with scripting and automation (Python, TypeScript, Bash, PowerShell, or similar). • Hands-on experience building with Claude or comparable LLMs - producing output reliable enough to put in front of an auditor. • Experience with automation tooling (n8n, Zapier, or similar) and integrating via APIs. Preferred • Familiarity with Vanta; experience with Serval and Linear is a bonus. • Exposure to cloud platforms (Azure preferred) and CI/CD pipelines. • Awareness of compliance frameworks (ISO 27001, SOC 2, NIST 800-53) - or a strong desire to get up to speed quickly. • An interest in AI governance and ISO 42001. You'll Thrive in This Role If You • Get genuinely energised by turning repetitive manual work into automated processes. • Operate independently and ship without needing heavy oversight. • Can bridge the gap between engineering and compliance, translating technical work into clear, accessible risk language.