Aircall is a unicorn, AI-powered customer communications platform used by 22,000+ companies worldwide to drive revenue, resolve issues faster, and scale customer-facing teams. We’re redefining customer communications by bringing voice, SMS, WhatsApp, and AI together into one seamless workspace.

Our momentum comes from a simple idea: help teams work smarter, not harder. Aircall’s AI Voice Agent automates routine calls, AI Assist streamlines post-call work, and AI Assist Pro delivers real-time guidance so people can do their best work. The result is higher revenue, faster resolutions, and teams that scale with confidence.

Aircall is headquartered in Paris, our European HQ, with a strong North American presence anchored in Seattle, our North American HQ, and teams across Madrid, London, Berlin, San Francisco, New York City, Sydney, and Mexico City. We’ve built a product customers love and a business that’s scaling quickly, backed by world-class investors and driven by rapid AI innovation across multiple product lines.

At Aircall, you’ll join a company in motion. We’re ambitious, product-driven, and execution-focused, with visible impact, fast decisions, and real growth.

How we work at Aircall: We’re customer-obsessed, data-driven, and focused on delivering meaningful outcomes. We value ownership, continuous learning, and thoughtful speed. If you thrive in a collaborative, fast-moving environment where trust and impact matter, you’ll feel at home here.

Aircall is hiring a Senior GRC Engineer to build and operate the engineering backbone of our Governance, Risk & Compliance program. You'll join the Security Engineering team, reporting to the Security Engineering Manager, and partner closely with IT, Privacy, Legal, Product, and Engineering to make compliance a continuously-verified property of how we build and run Aircall — not a once-a-year audit scramble.

This is a hands-on engineering role. You'll automate controls, integrate our GRC platform with the systems that produce evidence, and turn policies into code where possible. You'll be the technical owner of SOC 2 and ISO 27001 readiness from an engineering perspective, and a key contributor to how we mature risk management, vendor security, and audit operations as Aircall scales.

This role will sit within the CTO organization, alongside Security & Infrastructure Engineering building the security foundation of a future Governance, Risk & Compliance (GRC) function.

Key Responsibilities

Design, implement, and operate technical controls that satisfy SOC 2, ISO 27001, NIST, and GDPR requirements across our cloud (AWS), SaaS, and corporate environments.

Build and maintain integrations between our GRC platform (Drata) and source systems — IdP, cloud providers, ticketing, code repositories, HRIS, endpoint management — to automate evidence collection and continuous control monitoring.

Engineer "compliance-as-code" workflows: codify policies and controls, automate drift detection, and surface failing controls back to owning teams via Jira, Slack, or dashboards.

Support and progressively automate audit readiness: SOC 2 Type II, ISO 27001 (and any future certifications such as HIPAA, FedRAMP, PCI as the strategy evolves), preparing evidence, walking auditors through controls, and remediating findings.

Operate the enterprise risk register day-to-day: run risk assessments, track mitigations, and produce reporting that helps leadership make decisions.

Build and run the technical side of the vendor security program — questionnaire automation, tiering, evidence review, and ongoing monitoring of critical vendors.

Partner with IT, Product, and Engineering to embed security and compliance requirements into the SDLC, change management, access reviews, and infrastructure provisioning.

Contribute to incident response from the GRC side: maintain runbooks and policies, ensure regulatory and contractual notification timelines are met, and capture evidence and lessons learned.

Partner with Legal/Privacy on GDPR obligations, data residency, DPAs, and customer security commitments.

Help mature security awareness and training — measuring effectiveness, not just running it.

Author and maintain security policies and standards in clear, accurate language that engineers will actually read.

Promote a security-first culture across all functions, ensuring employees understand their role in protecting company and customer data.

Qualifications

5+ years in security, with at least 2–3 years in a GRC engineering, security engineering, or compliance automation role at a SaaS or cloud-native company.

Strong working knowledge of SOC 2, ISO 27001, NIST CSF / 800-53, and GDPR, and what it takes to actually operate (not just pass) them.

Hands-on experience with a modern GRC platform (Ideally Drata) — including building or extending its integrations, not just clicking through the UI.

Comfortable using AI tools to accelerate delivery and scale impact.

Comfortable writing code (Python, Go, or similar) and working with cloud APIs (AWS), Terraform/IaC, and CI/CD pipelines.

Solid understanding of cloud security, identity and access management, and how engineering teams ship software.

Experience supporting external audits as a technical lead and remediating findings.

Working knowledge of risk management frameworks and vendor security assessment.

Strong written communication — you can turn a control requirement into a clear ticket, runbook, or policy that gets adopted.

Bonus: relevant certifications (CISA, CISSP, ISO 27001 LI/LA, AWS/GCP security), experience with privacy engineering, or prior work building a GRC function from early stage to audit-ready.

Senior GRC Engineer

About this role

Key Responsibilities

Qualifications

Skills

Explore related jobs

More jobs at Aircall

Similar Audits jobs

Browse these categories