Workstate is hiring a Senior Security Engineer! As a key member of the GRC team, you will play a critical role in our transformation to a multi-tenant platform. Your initial focus will be on remediating SOX compliance gaps within our current access control model, and your scope will expand to help define and govern the future of role-based access control (RBAC) at our client.

Residents of Colombia or Argentina with the right to work in that country are eligible for this role.

Responsibilities

• Drive the evolution of access control from a single-tenant to a multi-tenant architecture, ensuring compliance and security are built-in by default.
• Serve as a primary contributor to the Role Discovery and Governance Program, with an immediate focus on analyzing and documenting over 200 existing platform roles to achieve SOX compliance.
• Collaborate with GRC, Security, Engineering, and Product teams to create and maintain a centralized Role Catalog, establishing a single source of truth for all access permissions.
• Document the business purpose, ownership, and consumption patterns for each role to eliminate ambiguity and support future migration to a new RBAC system.
• Help develop and implement a formal governance process for the entire role lifecycle, including creation, modification, deprecation, and periodic access reviews.
• Analyze the current role landscape to identify opportunities for simplification and consolidation, recommending the deprecation of redundant or unused roles.
• Partner with business process owners and engineering teams during the design and modification of processes and controls to ensure they align with our multi-tenancy goals and compliance requirements.
• Liaise with internal and external auditors to support SOX audits, control testing, and the remediation of any identified deficiencies.

The ideal candidate will typically have 5-7 years of professional experience and have demonstrated many of the following skills:

• You have 3-5 years of experience in Information Security, with a focus on Identity and Access Management (IAM), Role-Based Access Control (RBAC), and risk management.
• Direct, hands-on experience with SOX compliance is required; familiarity with frameworks like NIST, COSO, or ISO 27001 is a plus.
• You are skilled at communicating complex security and risk concepts to diverse audiences, from engineers to business leaders.
• You have a proven ability to collaborate cross-functionally to implement new security programs and controls.
• You understand the unique challenges of securing a platform at scale; experience in a SaaS or multi-tenant environment is highly desirable.
• You are empathetic and accountable, capable of working with teams to find practical solutions that balance security requirements with business objectives.
• You enjoy the challenge of investigation, are adept at identifying the root cause of issues, and can drive impactful remediation plans.