Senior GRC Engineer

Kin is redesigning insurance to be smarter, faster, and centered on the customer. We use intelligent pricing, offer seamless bundling, and make every step (from purchasing, servicing to claims) simple and friction-free, especially in the places traditional insurers often ignore.

We empower people to protect what matters most, starting with their homes and expanding to all they value, in a world where climate risks, rising costs, and outdated systems leave too many behind. Our approach has fostered amazing growth, attracted marquee investors, and earned us accolades, including being named to:

• Built In Chicago's Best Places to Work, Midsize Companies (2021-2025).
• Forbes' America's Best Startup Employers (2021- 2024, Ranked #37 in 2024).
• Inc. 5000 Fastest-Growing Private Companies.
• Forbes’ Fintech 50.

Simply put, our people are what make us great – we need forward-thinking, inspired game-changers like you to join us in our mission.

What You’ll Do

• Lead and support cybersecurity controls testing across frameworks (NIST CSF, SOC2, PCI DSS).
• Manage control evidence gathering, documentation, and remediation tracking.
• Maintain and update the cybersecurity risk register; conduct risk assessments on new vendors, technologies, and processes.
• Drive vendor security reviews, assigning risk ratings, validating documentation, and partnering with legal and procurement teams.
• Configure and optimize GRC tooling (Drata, OneTrust) for controls, assessments, and risk workflows.
• Collaborate with DevOps and infrastructure teams to validate cloud security controls in AWS (IAM, networking, logging).
• Create security awareness training, resources, and communications for cross-functional teams.

What You’ll Bring

• 8+ years of experience in cybersecurity, GRC, IT audit, or risk management roles.
• Hands-on expertise in controls testing, vendor security reviews, and risk assessments.
• Knowledge of NIST CSF, SOC2, PCI DSS, and related audit processes.
• Proficiency in GRC tools (Drata, OneTrust, or similar).
• Familiarity with AWS cloud platforms and security best practices.
• Strong communication, documentation, and stakeholder engagement skills.

A Day in the Life Could Include

• Testing internal security controls and validating audit evidence.
• Tracking, mitigating, and communicating business risks to leadership.
• Reviewing vendor security documentation and ensuring compliance with standards.
• Optimizing GRC workflows and integrating with other systems for efficiency.
• Collaborating with DevOps teams on cloud control validation.
• Building training materials to support security awareness across the company.
• Leading audit activities to ensure successful audits are completed

I’ve Got the Skills...But Do I Have the Necessary Ones?

• 8+ years of relevant cybersecurity/GRC experience.
• Hands-on controls testing, vendor assessments, and risk management.
• Framework knowledge: NIST CSF, SOC2, PCI DSS.
• Experience with Drata, OneTrust, or similar GRC platforms.
• Basic working knowledge of AWS.
• Excellent written and verbal communication.

Oh, and don’t worry, we’ve got you covered!

We offer a comprehensive benefits program, allowing you to choose the benefits that are best for you and your family including: Medical, Dental, Vision, Life Insurance, Short and Long Term Disability Insurance options, Employee Assistance Program, as well as elective voluntary benefits such as accident insurance, hospital indemnity, critical illness, legal assistance and pet insurance. Kinfolk become eligible for benefits on the first day of the month following their start date.

In addition to these benefits, we also are excited to offer the following:

• Competitive salary and company equity through Restricted Stock Units (RSUs), granted as part of our standard compensation package and based on role and level.
• 401K with company match of up to 4% of eligible earnings
• Flexible PTO for exempt employees (employees typically take 15-20 days annually), along with 8 company-observed holidays
• A paid parental leave program that provides 100% salary continuation of up to 14 weeks for birthing parents and 8 weeks for non birthing parents
• Continuing education and professional development opportunities

Kin will accept applications for the role until November, 7, 2025

#LI-REMOTE

For Sales Agents and Customer Service Agents: These roles sit in any of the following 30 states: AL, AZ, CO, FL, ID, IL, IN, KS, KY, MA, MD, ME, MI, MN, MO, MT, NC, NE, NM, NV, NY, OH, OK, PA, SC, TN, TX, UT, VT, VA, WA, and WI.

For all other positions, these roles can sit in any of the following 40 states: AL, AR, AZ, CA (exempt only), CO, CT, FL, GA, ID, IL, IN, IA, KS, KY, MA, ME, MD, MI, MN, MO, MT, NC, NE, NJ, NM, NV, NY, OH, OK, OR, PA, SC, SD, TN, TX, UT, VT, VA, WA, and WI. Please only apply if you are able to live and work full-time in one of the states listed above.

State locations and specifics are subject to change as our hiring requirements shift.

About Kin

Kin is the only pure-play, direct-to-consumer digital insurer focused on the growing home insurance market. We make policies convenient and affordable through a technology platform that delivers a seamless user experience, customized options for coverage, and fast, high-quality claims service. Kin is a fully licensed carrier that offers coverage through its reciprocal exchanges which are owned by its policyholders. To learn more, visit www.kin.com