What is the salary for this Information Security Engineer, GRC role?

Salary information is not publicly listed for this position. Apply directly to discuss compensation with Xbowcareers.

Where is this Information Security Engineer, GRC position located?

This is an on-site position at Xbowcareers located in Remote.

How do I apply for this Information Security Engineer, GRC job at Xbowcareers?

Click the 'Apply' button on this page to be redirected to Xbowcareers's application portal. Make sure to have your resume ready and tailor your application to highlight relevant experience.

Xbowcareers is actively hiring for Engineering roles. Visit the company page to see all open positions and learn more about working at Xbowcareers.

Information Security Engineer, GRC

Xbowcareers Remote Today

engineering

About XBOW

At XBOW, we’re redefining the future of cybersecurity by building the world's first autonomous pentester, powered by AI. Today, the gold standard for securing software systems is human pentesters, but with the rise of artificial intelligence, we’re stepping up to scale offensive security to meet the ever-growing demand.

AI is transforming the landscape of both cybersecurity and cyberattacks. While millions of people without security expertise are creating software, bad actors are using AI to launch more effective attacks. XBOW fights back with AI-driven superpowers, enabling security teams to stay one step ahead.

What makes XBOW truly unique? Like human experts, it forges creative attacks, adapts its learnings, and continuously works to find vulnerabilities faster than anyone ever could. We’re not only simulating threats—we’re also finding and responsibly disclosing real-world vulnerabilities, ensuring organizations can fix issues before they’re exploited. XBOW isn’t just a tool; it’s a transformative force in the secure development lifecycle.

Backed by Sequoia Capital and a team that includes the creators of GitHub Copilot and GitHub Advanced Security, XBOW is not just keeping up with the times—we’re shaping the future of cybersecurity. Our mission is simple: to defeat the bad actors before they strike, using AI to revolutionize how we approach offensive security.

We’re building something that must be built, and we’re the team to do it. Join us in shaping the next frontier of autonomous security.

Your Role: Information Security Analyst, GRC

We’re looking for a detail-oriented, Governance, Risk & Compliance Analyst to help scale our security and trust function as we grow. In this role, you’ll play a key part in supporting customer and prospect security reviews, assessing third-party vendor risk, and continuously improving how we identify and manage risk across the business.

This is an individual contributor role with no initial people-management responsibilities. However, as the risk and compliance function matures, there is a clear opportunity for this role to grow in scope and responsibility.

You’ll work closely with Security, Engineering, Legal, Sales, and Customer teams, acting as a trusted partner in communicating our security posture and ensuring we meet customer and regulatory expectations.

What You'll Do

Support customers and prospects by completing technical security questionnaires, risk assessments, and due-diligence requests
Partner with Sales and Customer teams to explain XBOW’s security controls, architecture, and compliance posture
Assess and manage third-party and vendor security risk, including reviews of SaaS providers and service partners
Help maintain and improve risk assessment frameworks, methodologies, and documentation
Track and support remediation of identified risks in collaboration with internal stakeholders
Contribute to compliance initiatives aligned with frameworks such as SOC 2 and ISO 27001
Maintain clear, well-structured risk registers, policies, and supporting evidence
Coordinate risk management sessions and processes
Identify opportunities to streamline and automate risk and compliance processes as the company scales
Support audits, customer reviews, and internal assurance activities as needed

Who You Are

3–5+ years of experience in risk, compliance, security assurance, or related roles
Hands-on experience completing or reviewing technical security questionnaires and customer risk assessments
Familiarity and experience with common security and compliance frameworks (e.g. SOC 2, ISO 27001, NIST, FedRAMP)
Comfortable assessing technical controls and working with engineers to understand system architecture
Experience conducting or supporting vendor / third-party risk assessments
Strong written communication skills, with the ability to explain complex security concepts clearly
Highly organized and detail-oriented, with a pragmatic approach to risk
Comfortable working in a fast-moving, remote-first startup environment

Bonus Points

Experience working in a SaaS or security-focused company
Security or risk certifications (e.g. CRISC, SOC2, ISO 27001 Lead Implementer, FedRAMP)
Experience supporting a company through audit readiness or first-time compliance efforts

What We Offer

Compensation & Equity: Competitive salary and meaningful stock options.
Growth: Opportunity to learn from and collaborate with top security and AI experts
Impact: Work on complex technical challenges that support the foundation of our company
Remote-First:Work from anywhere, with regular opportunities to meet in person

What Else You Should Know

Location: Remote US East Coast preferred (all team members are remote but we meet regularly and you’re supported to travel to collaborate with colleagues in person)
Contract: Full-time.
Hiring Process:
1. Talent Introduction
2. HM Interview
3. Security Knowledge Interview
  - We’d provide you some information live, and then ask you to analyze the information and provide a response from a security lens.
4. Final Interview as needed

We’re a security company that builds with AI at the core - so you’ll be protecting a team that moves fast, iterates aggressively, and lives in the command line. If that sounds like your kind of environment, let’s talk.