Security Engineer II

About us HighLevel is an AI-powered business operating system that gives agencies, entrepreneurs and SMBs the infrastructure to build, automate and scale. Today, HighLevel supports SMBs across 150+ countries, fueling community-driven growth rooted in real customer outcomes. To date, businesses operating on HighLevel have generated over $7 billion in ecosystem value, demonstrating the impact of shared infrastructure at scale. By centralizing conversations, automation and intelligence into one system, we help businesses move faster, reduce complexity and execute efficiently. Behind the platform, HighLevel powers more than 4 billion API hits and 2.5 billion message events daily. With 250 terabytes of distributed data, 250+ microservices and over 1 million domain names supported, our architecture is built for performance, resilience and long-term scalability. Our people With over 2,000 team members across 10+ countries, HighLevel operates as a global, remote-first organization built for speed and ownership. We value initiative, clarity and execution, creating space for ambitious people to build systems that support millions of businesses worldwide. Here, innovation thrives, ideas are celebrated and people come first, no matter where they call home. Our impact Every month, HighLevel enables more than 1.5 billion messages, 200 million leads and 20 million conversations for the more than 1 million businesses we support. Behind those numbers are real people building independence, expanding opportunity and creating measurable impact. We’re proud to be a part of that. Learn more about us on our YouTube Channel or Blog Posts Responsibilities

Develop, maintain, and continuously improve GRC policies, standards, procedures, and control frameworks.

Lead and support SOC 2 Type II, ISO 27001, PCI DSS and other compliance initiatives, including evidence collection, control validation, and remediation tracking.

Partner with Security and Platform teams to ensure controls are technically implemented, not just documented.

Collaborate with Security Architecture and Engineering to validate whether exceptions meet security and compliance expectations.

Track, review, and periodically reassess approved exceptions to prevent long-term risk accumulation.

Partner with Procurement, Legal, and Application Security teams to assess vendor risk posture and define remediation or contractual security requirements

Design scalable workflows for:Risk assessments, vendor reviews, evidence management, control testing and reporting

Deliver targeted GRC and security awareness training, including guidance on risk ownership, exception handling, and vendor security responsibilities.

Prepare risk, compliance, and third-party security posture reports for senior leadership.

Translate technical risks into business-impact language to support informed decision-making.

Perform business impact analysis and facilitate BCDR table top tests

Qualifications

• Bachelor’s degree in Information Systems, Computer Science, Cybersecurity, or a related field.

• 4.5+ years of experience in GRC, risk management, or compliance, with exposure to technical security controls.

  • Strong understanding of security frameworks and standards (SOC 2, ISO 27001, NIST).

  • Hands-on experience with technical risk assessments, exception management, and third-party security reviews.

  • Ability to interpret technical security data (architecture diagrams, cloud controls, access models).

  • Strong analytical, documentation, and stakeholder communication skills.

  Preferred Qualifications

  • Master’s degree in a relevant field.

  • Certifications such as CISA, CRISC, CGEIT, CISSP, or equivalent.

  • Experience working with cloud-native or SaaS environments.

  • Familiarity with TPRM tooling, GRC automation platforms, and risk engineering workflows.

  • Knowledge of data protection and privacy regulations (GDPR, CCPA).