Security Engineer, GRC San Francisco, CA

Nearly every company in the world runs on custom software: Gartner estimates that up to 50% of all code is written for internal use. This is the operational software for refunding orders, underwriting loans, onboarding employees, analyzing transactions, and providing customer support. But most companies don’t have adequate resources to properly invest in these tools, leading to a lot of old and clunky internal software or, even worse, users still stuck in manual and spreadsheet flows.At Retool, we’re on a mission to bring good software to everyone. We’re building a new type of development platform that combines the benefits of traditional software development with a drag-and-drop UI editor and AI, making it dramatically faster to build internal tools. We believe that the future of software development lies in abstracting away the tedious and repetitive tasks developers waste time on, while creating reusable components that act as a force multiplier for future developers and projects. The result is not just productivity, but good software by default. And that’s a mission worth striving for.Today, our customers span from small startups building their first operational tools to Fortune 500 companies building mission-critical apps for thousands of users across their business. Interested in joining us? Let us know!WHY WE’RE LOOKING FOR YOUOur security team is seeking a highly experienced Security Engineer to plan and build our security posture for governance, risk and compliance! In this role, you will play a critical role in fulfilling the vision to secure Retool’s platform and cloud offerings through a combination of policy governance, security risk management, third party risk management, technical expertise and certification compliance. This is a hands-on position where you’ll build and scale processes dedicated to safeguarding our platform and ensuring compliance with industry standards, own audits and work closely with cross-functional teams to integrate compliance processes across all areas of the business.At Retool, we're not just building a product—we're building a company where security is foundational to everything we do. If you're passionate about leading a critical function in a dynamic, innovative environment, we'd love to hear from you.IN THIS ROLE, YOU WILL:Own all internal audit programs working to expedite reviews and mitigate operational impacts.Implement and support scalable processes for the security risk lifecycle management including risk assessments, treatment, and monitoring to help engineering and product teams deliver a successful and secure product.Communicate and collaborate effectively with counterparts within engineering, GTM, legal and beyond.Mature our security risk management program alongside a team of outstanding individuals.THE SKILLSET YOU'LL BRING:5+ years working in Security governance, risk, and compliance roles.Extensive familiarity with industry regulations (e.g., GDPR, ISO 27001, NIST 800-53, Fedramp) and hands-on experience ensuring compliance, along with a deep understanding of security technologies, application security programs, common vulnerabilities like OWASP Top 10, and security tooling such as SAST, DAST, as well as other testing technologies.Proficiency in navigating through ambiguity, managing stakeholders, as well as driving maximal accountability and excellence.Excellent verbal communication skills with the ability to translate complex technical concepts into business language.Strong analytical and problem-solving skills.Retool offers generous benefits to all employees and hybrid work location. For more information, please visit the benefits and perks section of our careers page!Retool is currently set up to employ all roles in the US and specific roles in the UK. To find roles that can be employed in the UK, please refer to our careers page and review the indicated locations.

#J-18808-Ljbffr