
How your CV stacks up
Upload your CV to see how well it fits this job role
?%
About The Role
Taktile empowers financial institutions to transform into truly AI-native organizations. We’re growing rapidly with enterprise customers across banks and insurance companies, and we’re looking for a GRC Engineer.
Operating in highly regulated markets means trust isn't a feature for us, it's the foundation of every customer relationship. As we scale into larger enterprise and fintech accounts, a strong, demonstrable security and compliance posture is what lets us win and keep that trust.
As our GRC Engineer on the Platform Team, you'll own the controls, evidence, and processes that keep Taktile secure, compliant, and continuously audit-ready. You'll be the engineering-minded backbone of our compliance program, turning frameworks like SOC 2, ISO 27001, GDPR, and the EU AI Act into automated, continuously-monitored controls rather than one-off, point-in-time checklists.
This is a cross-functional, high-leverage role. You'll partner with Security, Engineering, Product, and IT to close the gap between policy and control implementation, and with Sales, Legal, Support, and Leadership to make compliance a competitive advantage rather than a bottleneck.
The ideal candidate pairs deep framework knowledge with the technical ability to automate it; fielding a complex customer security questionnaire in the morning and scripting AWS evidence collection in the afternoon.
What You'll Do
- Own continuous compliance end-to-end; SOC 2, ISO 27001, and customer security reviews, keeping us audit-ready year-round rather than scrambling at renewal time.
- Manage and evolve the compliance roadmap, prioritizing initiatives against business and customer needs; own Vanta end-to-end, including tasks, documentation, integrations, and automated evidence collection.
- Lead quarterly access reviews across all systems in collaboration with IT and Engineering, ensuring findings are tracked through to remediation.
- Run vendor risk reviews and DPIAs for new tools (especially AI tooling) and help teams adopt new software quickly without compromising our risk posture.
- Serve as the technical voice on customer security questionnaires and DPAs, working alongside Sales and Legal to keep deals moving.
- Define and report compliance and risk KPIs to leadership, giving them a clear, ongoing view of our posture and where investment is needed.
- Partner with the Security Architect to identify and close gaps between written policy and actual control implementation.
Requirements
- 4+ years in GRC, security compliance, or audit readiness at a SaaS company, ideally in a regulated environment (Finance, Insurance, Healthcare).
- Has owned a SOC 2 program end-to-end (must-have), ideally ISO 27001 too, from gap analysis through audit and maintenance; familiar with GDPR, PCI DSS, and the EU AI Act.
- Deep experience running Vanta (or Drata/Secureframe) as a continuous compliance backbone, not a point-in-time checklist.
- Technically hands-on: comfortable scripting against AWS APIs to automate evidence collection, with a solid grasp of software development and security concepts.
- A strong writer and communicator who can turn around a 200-row security questionnaire quickly and accurately, and translate fluently between compliance and technical teams.
Reasons to use Rodeo
I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?
Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.
Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.
Start with a chat, not a search bar
Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.
Graduate Consultant — 2026 Scheme
Why you're a good match
StrongYour economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.
See breakdownIt searches the market for you
Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.
Why you're a good match
You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.
Experience fit
Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.
Only hits
No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.
Ideal, but not required
- Experience with customer trust programs (Trust Center, FAQs, security whitepapers).
- DORA / EU AI Act / fintech regulatory exposure.
- Has shipped engineering-led automation (not just dashboards).
- Familiarity with NIST CSF, CIS Controls, or GDPR/DPAs.
What we offer
- Work with colleagues that lift you up, challenge you, celebrate you and help you grow. We come from many different backgrounds, but what we have in common is the desire to operate at the very top of our fields. If you are similarly capable, caring, and driven, you'll find yourself at home here.
- Make an impact and meaningfully shape an early-stage company.
- Experience a truly flat hierarchy and communicate directly with founding team members. Having an opinion and voicing your ideas is not only welcome but encouraged, especially when they challenge the status quo.
- Learn from experienced mentors and achieve tremendous personal and professional growth. Get to know and leverage our network of leading tech investors and advisors around the globe.
- Receive a top-of-market equity and cash compensation package.
- Get access to a self-development budget you can use to e.g. attend conferences, buy books or take classes.
- Use the equipment of your choice including meaningful home office set-up.
Our Stance
- We're eager to meet talented and driven candidates regardless of whether they tick all the boxes. We're looking for someone who will add to our culture, not just fit within it. We strongly encourage individuals from groups traditionally underestimated and underrepresented in tech to apply.
- We seek to actively recognize and combat racism, sexism, ableism and ageism. We embrace and support all gender identities and expressions, and celebrate love in its many forms. We won't inquire about how you identify or if you've experienced discrimination, but if you want to tell your story, we are all ears.
About Us
Taktile enables financial institutions to transform into AI-native organizations that are increasingly powered by autonomous agents. With our modular Agentic Decision Platform, customers combine AI agents, rules, relevant context, and human oversight to safely automate and optimize their decisions-approving more customers, reimbursing claims instantly, stopping fraud before it spreads, and financing every business worth funding. Founded in 2020, Taktile powers millions of decisions daily for institutions including Mercury, Monzo, Faire, and Pleo. With offices in New York, Berlin, London, São Paulo, and Iași, the company has raised $184M from Growth Equity at Goldman Sachs Alternatives, Index Ventures, Tiger Global, Balderton Capital, and Y Combinator. Learn more at taktile.com.


Get help with your application
Your very own career expert that helps elevate your application to the next level.
About Your Employment
Taktile operates through regional entities worldwide. Depending on the location of this role, your employment or engagement will be with Taktile LLC (US), Taktile GmbH (Germany), Taktile Ltd (UK), or Taktile SRL (Romania). The applicable entity will be confirmed during the offer process.
Your Privacy
Taktile (“we” or “us”) is the controller of the personal data you provide during this application process. We collect and process your name, contact details, resume/CV, work history, education, and any other information you submit or that we obtain from publicly available sources or references.
- How we use your data: We process your personal data to evaluate your candidacy, communicate with you about the recruitment process, comply with legal obligations (such as right-to-work verification), and, with your consent, to consider you for future opportunities.
- Legal basis (EU/UK applicants): We rely on (i) pre-contractual steps at your request (GDPR/UK GDPR Art.6(1)(b)), (ii) legal obligations (Art. 6(1)(c)), and (iii) our legitimate interest in evaluating candidates (Art.6(1)(f)).
- Retention: If your application is unsuccessful, we retain your data for 12 months after the recruitment process concludes, unless you consent to longer retention. Successful candidates’ data becomes part of their employment records.
- Your rights: Depending on your location, you may have the right to access, correct, delete, or restrict the processing of your personal data, to data portability, and to withdraw consent.
- Automated decision-making: We use automated tools to assist in screening applications. No hiring decision is made solely by automated means without human review.
- International transfers: Your data may be transferred to and processed in the United States, Germany, the United Kingdom, or Romania. Where required, transfers are protected by Standard Contractual Clauses or other approved mechanisms.
By submitting your application, you acknowledge that you have read and understood Taktile’s Applicant Privacy Policy. To exercise your rights or ask questions, contact privacy@taktile.com.
“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”
Jessica, London
Skills
Location