Senior GRC Engineer

We are seeking a Senior GRC Engineer to transform our compliance and risk management capabilities through automation and engineering excellence. This role combines deep GRC expertise with hands-on technical skills to build scalable, automated compliance systems that support Magic Labs products and the Newton ecosystem. You'll lead the evolution from traditional checkbox compliance to continuous, automated compliance frameworks that enhance both security posture and developer experience.

• Build automation and integrations between GRC frameworks and security/engineering tools.
• Lead automation-driven control assessment, evidence collection, and reporting processes.
• Replace legacy GRC approaches with frameworks that avoid checkbox compliance and improve stakeholder experience.
• Design and implement compliance-as-code frameworks, integrating security controls into infrastructure as code (IaC) and CI/CD pipelines.
• Develop automated evidence collection, control testing, and reporting systems that eliminate manual audit preparation.
• Help define GRC best practices for web3 governance DAOs and policy management of on-chain funds.
• Create APIs and integrations between GRC platforms (Drata, Vanta, etc.) and security/engineering toolchains.
• Work closely with Infrastructure, Engineering, and IT teams to embed security and compliance requirements into technical workflows.
• Coordinate and track security-related audits including scope of audits, stakeholder engagement, and deliverable timelines; work with teams as appropriate to achieve audit readiness; provide guidance, evaluation, and advocacy on audit responses.

• 5+ years of experience in GRC, compliance, or security engineering roles with significant automation experience.
• Experience develop scripts in various scripting languages (Python, Go, etc.) and peer review code / implementation / automation scripts.
• Knowledge of various regulations and controls (SOX, GDPR, ISO27001, NIST etc).
• Experience with GRC software tools and platforms (e.g., Drata, Vanta): Designing, implementing, and managing GRC tools and technologies to streamline processes for risk assessment, and compliance monitoring.
• Experience leading SOC 2, ISO 27001, and other compliance audits from technical preparation through external audits.
• Understanding of infrastructure as code (Python CDK, CloudFormation, Terraform etc.) for embedding compliance controls.
• Previous experience in crypto/web3, or other financially regulated environments is preferred.

• For candidates based in the US, this role's annual base salary is USD $160,000-$200,000
• For candidates based in Canada, this role's annual base salary is CAD $140,000-$170,000

The final offer will take into account several factors, including your experience, skill set, and location. We also consider how your background aligns with the role and what we’re building as a team.

• Remote-first culture with flexible working hours
• Stock options and token grants
• 99% company-paid medical*, dental and vision insurance
• 100% company-paid life and disability insurance
• 401(k) plan (US) or pension plan (CAN)
• $3,600 annual reimbursement for remote work, wellness, and professional development
• Flexible time off
• Up to 12 weeks of paid parental leave

*Canada coverage differs.

At Magic, we build with inclusion in mind, from our products to our team. We encourage candidates of all backgrounds and identities to apply and are proud to be an equal opportunity employer.

We’re committed to making our hiring process accessible to everyone. If you need assistance or an accommodation during the application process, please complete our Accommodation Request Form.

US Candidates: Magic Labs, Inc. participates in E-Verify to confirm the identity and employment eligibility of all new US hires. For more information, please see the E-Verify Participation Poster and the Right to Work Poster.