Senior Risk & Compliance Engineer (Third Party Risk Management)

Join to apply for the Senior Risk & Compliance Engineer (Third Party Risk Management) role at Instacart.

Get AI-powered advice on this job and more exclusive features.

We're transforming the grocery industry

At Instacart, we believe everyone should have access to the food they love and more time to enjoy it together. We see exciting complexity and opportunity in grocery delivery, serving diverse community needs. We deliver essential services and offer flexible earning opportunities to our Personal Shoppers.

Instacart is a Flex First team

Our employees choose where they work—home, office, or coffee shop—while staying connected through in-person events. Learn more about our flexible work approach.

Overview

About the Role -

Join Instacart’s Governance, Risk, and Compliance (GRC) team as a Risk & Compliance Engineer focused on Third Party Risk Management. You will safeguard our security and privacy by managing risks with our third-party vendors, overseeing the entire vendor lifecycle, and assessing security and privacy risks, including emerging AI-related risks. You will influence decision-makers to mitigate risks and enable secure growth, using advanced risk quantification models like FAIR-TAM and innovative tools.

Your work will inform broader security strategies by ensuring vendor controls meet regulatory standards such as GDPR, CCPA, ISO 27001, NIST, and SOC 2.

About The Team -

The GRC team collaborates with IT, Legal, Security Engineering, and other departments to proactively identify and reduce risks. We focus on maturing third-party risk management with cutting-edge techniques, automation, and data sharing.

About The Job

You will:

• Review third-party vendors during onboarding and evaluations, focusing on cybersecurity, data privacy, and compliance risks.
• Operate and enhance risk management systems, using tools like Zip and Safe Security.
• Embed security and privacy requirements into contracts, aligning with policies and compliance frameworks.
• Engage with vendors to understand and improve their security posture.
• Develop scalable processes for evaluations, monitoring, and offboarding.
• Quantify risks, propose mitigations, and influence stakeholders to implement controls.
• Maintain risk documentation, develop reports using models like FAIR-TAM, and present findings to leadership.
• Assist in investigating and responding to third-party security incidents.

About You -

We seek a collaborative, technically skilled professional passionate about reducing third-party risks and enabling scalable solutions.

Minimum Qualifications

• 7+ years in third-party security risk management, vendor audits, or compliance, preferably in tech.
• Experience with TPRM and GRC tools (e.g., OneTrust, Archer, Prevalent, etc.).
• Knowledge of compliance standards (GDPR, CCPA, SOC2, NIST, ISO 27001).
• Understanding of security concepts like access controls, firewalls, vulnerabilities, and supply chain risks.
• Ability to review vendor security documentation and audit reports.
• Experience with privacy risk assessments and mitigation.
• Strong communication skills to engage stakeholders and explain technical risks.

Preferred Qualifications

• Certifications like CISSP, CRISC, CISM, CISA, CIPP/US, ISO 27001 Lead Auditor, etc.
• Experience negotiating vendor contracts with security/privacy clauses.
• Knowledge of risk quantification frameworks like FAIR and cybersecurity metrics.
• Experience with automation, AI, and continuous monitoring in risk management.
• Familiarity with AI security risks, including prompt injection and data poisoning.
• Understanding data lakes/warehouses risks and regulatory compliance.

We offer competitive compensation and benefits. This remote role is available in Ontario, Alberta, British Columbia, and Nova Scotia, with salary ranges of $151,000—$168,000 CAD. Offers depend on experience and skills. Details about benefits and remote work policies are available on our site.

• Mid-Senior level

• Full-time

• Management and Manufacturing

• Software Development

Referrals increase your chances of interviewing at Instacart by 2x.