Cybersecurity GRC Engineer

Cerebras Systems builds the world's largest AI chip, 56 times larger than GPUs. Our novel wafer-scale architecture provides the AI compute power of dozens of GPUs on a single chip, with the programming simplicity of a single device. This approach allows Cerebras to deliver industry-leading training and inference speeds and empowers machine learning users to effortlessly run large-scale ML applications, without the hassle of managing hundreds of GPUs or TPUs.  

Cerebras' current customers include global corporations across multiple industries, national labs, and top-tier healthcare systems. In January, we announced a multi-year, multi-million-dollar partnership with Mayo Clinic, underscoring our commitment to transforming AI applications across various fields. In August, we launched Cerebras Inference, the fastest Generative AI inference solution in the world, over 10 times faster than GPU-based hyperscale cloud inference services.

The Role

As a Cybersecurity GRC Engineer, you will have a rare opportunity as a cybersecurity and Governance, Risk, and Compliance (GRC) subject matter expert and top-tier engineer to not only drive compliance, but to build the technology that will shape our organization's security posture, and to establish yourself as a thought leader in both the cybersecurity and GRC industries. You will report directly to the Director of Cybersecurity Governance, Risk, and Compliance, and work closely with the Cybersecurity team, IT, Engineering / Developers, Legal, and additional stakeholder teams to drive innovative solutions for automating and enhancing security governance, risk, and compliance processes, and embed and integrate security risk and compliance across enterprise-wide processes, including development, change management, and third-party risk management.  

The Cybersecurity GRC Engineer will support the design, implementation, and ongoing evolution of a "Compliance‑as‑Code" program that translates security industry and regulatory requirements into automated, testable policies across cloud, infrastructure, and application layers. You will also be responsible for building real‑time compliance dashboards and reporting that give leadership clear visibility into the organization's security risk posture.  

Proficiency with AI tools (LLMs, prompt engineering, generative‑AI workflows) is a core requirement – you'll use AI to streamline policy creation and implementation, evidence generation, and remediation suggestions. Experience with designing and implementing autonomous "agentic AI" solutions is preferred. 

Responsibilities 

• Automation of Manual GRC Processes   
  • Understand, Automate, and Enhance currently manual GRC activities (e.g. risk‑assessment questionnaires, risk register, control‑evidence collection, audit‑readiness, supplier management, exception handling, etc.).  
  • Leverage generative AI and automation to prepare security questionnaire responses and evidence, synthesize findings, and propose remediation actions while embedding required human‑in‑the‑loop approvals. 
  • Integrate automated workflows across toolsets, CI/CD pipelines, and ticketing systems to create a single source of truth. 
  • Define success metrics (time saved, error reduction, audit‑readiness score) and continuously monitor, refine, and report on the automation's impact.  
• Compliance‑as‑Code Program  
  • Translate frameworks (e.g., ISO 27001, SOC 2, NIST SP800-53 / CSF, GDPR, CCPA, HIPAA, FedRAMP, etc.) into policy‑as‑code.  
  • Engineer and automate security controls across infrastructure, cloud, and SaaS systems to strengthen our control environment and streamline evidence collection  
  • Build reusable IaC modules that enforce security baselines and continuously verify compliance.   
  • Embed compliance checks into CI/CD pipelines (e.g., GitHub Actions, Jenkins).   
  • Design environments where evidence is produced automatically.  
  • Design environments that cannot operate any other way than in-compliance with controls  
  • Develop automated remediation playbooks and "push-button" routines to address suspected policy violations.  
• Collaborate with cross-functional teams to ensure new projects and systems are designed with security and compliance embedded / integrated.  
• Support internal and external audits by providing documentation, evidence, and responses to audit findings.  
• Implement, configure, and maintain GRC solutions, platforms, and/or toolsets. Build API‑based connectors to ingest data from cloud services, security tools, ticketing systems, asset‑management tools, and AI‑generated outputs.  
• Compliance Dashboards & Reporting: Architect, develop, and maintain real‑time compliance dashboards that visualize risk scores, control coverage, policy drift, and remediation status. Automate the generation of periodic compliance posture and audit readiness reports (e.g., SOC 2, ISO 27001, NIST, etc.) and deliver them to management

Skills & Qualifications 

Minimum 

• Education: Bachelor's degree in Computer Science, Information Security, Information Systems, or a related field (or equivalent practical experience).  
• Experience: 4+ years in Cybersecurity / Information Security, GRC, security engineering, or infrastructure automation; proven track record automating manual GRC processes and building compliance‑as‑code programs.  
• Technical Skills  
  • Strong scripting/programming (e.g., Python, Shell, PowerShell, YAML/JSON).   
  • AI Proficiency: Demonstrated proficiency using generative AI/LLMs for content creation, code assistance, and/or data summarization; ability to craft effective prompts, validate outputs, and embed AI into production workflows.  
  • Experience with IaC, Policy‑as‑Code, CI/CD pipeline integration, cloud-based platforms (AWS).  
  • Industry Standard / Regulatory Knowledge: Practical understanding of ISO 27001, SOC 2, NIST SP800-53, NIST CSF, GDPR/CCPA, and ability to translate them into technical controls.  
• Soft Skills  
  • Excellent communication - able to explain technical controls and AI‑generated findings to non‑technical stakeholders.  
  • Strong analytical thinking and problem‑solving.   
  • Ability to thrive in a fast‑growing, cross‑functional environment. 

Preferred 

• Agentic AI Experience – Designing, training, and supervising autonomous AI agents (e.g. custom functioncalling bots) that can autonomously scan IaC, generate remediation code, draft evidence artifacts, and/or run periodic compliance checks.  
• Professional Certifications: CISSP, CISM, CRISC, CCSP.   
• Experience conducting security audits (e.g., SOC 2 Type II, ISO 27001 certification, ITGCs).   
• Experience configuring and/or administering Compliance Automation, TPRM, and/or GRC tools / apps (e.g. Vanta, Drata, ServiceNow, Archer, ProcessUnity, OneTrust, etc.).  

Why Join Cerebras

People who are serious about software make their own hardware. At Cerebras we have built a breakthrough architecture that is unlocking new opportunities for the AI industry. With dozens of model releases and rapid growth, we've reached an inflection  point in our business. Members of our team tell us there are five main reasons they joined Cerebras:

1. Build a breakthrough AI platform beyond the constraints of the GPU.
2. Publish and open source their cutting-edge AI research.
3. Work on one of the fastest AI supercomputers in the world.
4. Enjoy job stability with startup vitality.
5. Our simple, non-corporate work culture that respects individual beliefs.

Read our blog: Five Reasons to Join Cerebras in 2025.

Apply today and become part of the forefront of groundbreaking advancements in AI

Cerebras Systems is committed to creating an equal and diverse environment and is proud to be an equal opportunity employer. We celebrate different backgrounds, perspectives, and skills. We believe inclusive teams build better products and companies. We try every day to build a work environment that empowers people to do their best work through continuous learning, growth and support of those around them.

This website or its third-party tools process personal data. For more details, click here to review our CCPA disclosure notice.

---