Senior GRC Security Engineer



Remote · United States
Posted on Friday, May 19, 2023

GRC Security Engineer | Customer and Regulatory Assurance Engineer

Location(s): New York, US Remote

We are looking for a GRC Security Engineer to join the growing Information Security organization. This founding member of the function is responsible for ensuring Paxos commitment to a regulatory-first approach is kept to the highest bar by owning regulatory audits within Information Security, customer due diligence requests, and compliance to internal policies. We are looking for someone to have an automation first mindset to remove manual repetitive processes and hit our goal of being an “audit once/report many” operation. You will be a key player in an organization protecting billions in assets.

About Paxos

Paxos is on a mission to enable the movement of any asset, any time, in a trustworthy way. Today’s financial infrastructure is archaic, expensive, inefficient and risky - supporting a system that leaves out more people than it lets in. So we’re rebuilding it.

As a regulated blockchain infrastructure company, we use technology to tokenize, custody, trade, and settle assets for enterprise clients like PayPal, Bank of America, and Interactive Brokers. Paxos is a top-funded blockchain company, with more than $500 million in total funding from leading investors like OakHC/FT, Founders Fund, PayPal Ventures, and Declaration Partners. Together, we empower today’s financial leaders to build a more open, trusted economy.

As a GRC Security Engineer, you’ll get to:

  • Interface with Growth team and large enterprise customers to respond to RFIs and due diligence requests
  • Work cross functionally with internal audit, legal, compliance, and product engineering on regulatory audits and requests
  • Identify and risk score any identified gaps in regulatory or customer expectations and work with engineering leadership to prioritize
  • Automation of various tools (consuming APIs of services like GitHub, Jira, AWS, etc.) to improve our ability to capture and evidence important data, moving us to a “audit once/report many” mindset
  • Immerse yourself in blockchain technology, cryptocurrency for enterprises and investors, our regulation-first approach, and more!

Your experience should include:

  • Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate complex information security topics to technical and nontechnical audiences at various levels
  • At least 5 years of direct experience in the GRC, internal and external audit, and security space, with significant experience in not just meeting, but raising the bar in all aspects of information security compliance in a regulated or public firm
  • Knowledge of one or more scripting languages, databases, etc. and commercial tools to automate and catalog audit evidence collection

You might also have:

  • Software development or DevOps background
  • One or more certifications such as CEH, CISSP, CISA or CISM

What you’ll love about Paxos:

Paxos has consistently been recognized on the Forbes Fintech 50, CB Insights Blockchain 50 and Built In’s “Best Places to Work” lists. Paxonians have significant ownership and impact on our business, as well as benefits like company equity, health insurance, family leave, a quarterly stipend for development, a stipend for home office setup and unlimited PTO. From team product demos and virtual lounge and learns to care packages and an active Slack #shoutouts channel, there are countless opportunities to connect and make your mark. Help us continue to build a new, open financial system from one of our three offices or right from your home!

Learn more:




Our Paxos team is made up of passionate people from all over the world with different perspectives and experiences. If this opportunity excites you, but your experience doesn’t perfectly match the description…apply! Unique voices help us build a more transparent and open economy.