Staff GRC Engineer

ezCater is the #1 food tech platform for workplaces in the US.

The company makes it easy for any organization to manage its food needs and order from over 125,000 restaurants nationwide.

For workplaces, ezCater provides flexible and scalable solutions for everything from employee meal programs to one-off meetings, all backed by beyond helpful 24/7 service and business-grade reliability.

For restaurant partners, ezCater helps grow their business by bringing them new high-value customers and large orders. ezCater is looking for a Staff GRC Engineer to join the Security Engineering & Compliance team as a senior individual contributor who can help mature our governance, risk, compliance, and data security capabilities in a way that is durable, measurable, and embedded into how our systems operate day to day.

This is not a narrow audit coordinator or policy only role.

We’re looking for a balanced builder-operator who can raise the quality and maturity of our security controls by expanding control monitoring, strengthening data security governance, automating and instrumenting the program where stronger evidence and better monitoring are needed, and improving the operational follow through that makes the program scalable, sustainable, and effective.

What You'll Do: Lead control program maturity Design and maintain an auditable control framework that fits ezCater ’s SaaS, cloud, data, and engineering environment rather than forcing generic controls onto modern systems.

Shape and define ezCater ’s AI Governance strategy with stakeholders across the Legal, Data, Engineering, and IT domains.

Define how key controls are implemented, tested, evidenced, and improved over time, with a strong bias toward reliability and highly-automated, low/no friction evidence paths.

Partner with internal and external audit stakeholders on control design, walkthroughs, exceptions, remediation, and readiness activities tied to SOX and related frameworks.

Help rationalize overlapping control requirements across SOC 2, PCI, SOX, and internal policy expectations into a coherent operating model.

Build continuous control monitoring and automation Identify where quarterly or annual checks should become continuous or near-real-time monitoring, especially for high-value controls and failure-prone workflows.

Partner with Security Engineering, IT, Data, and platform teams to automate control testing, evidence collection, validation, and recurring compliance workflows.

Define the logs, metadata, dashboards, and signals needed to assess control health and make compliance more observable and less dependent on screenshots and one-off pulls.