Staff Trust, Risk and Compliance Engineer

Are you driven to solve complex problems with cloud first automation?
Are you interested in designing security and compliance programs for scale, repeatability, and security?
Do you want to lead with your mix of technical and business skills in a cloud-first, global technology company?
As a Staff Trust, Risk, and Compliance Engineer you will operate at the center of Rapid7's Information Security organization, and have an opportunity to architect security and compliance systems, improve operations for a public company security program, and elevate how risk and compliance enable the business at scale.
In this role you will shape the long-term direction of Rapid7's global compliance and risk programs. You'll ensure our Information Security program is not only compliant, but intentionally designed, deeply integrated, and resilient - capable of evolving alongside Rapid7's technology, products, and growth.
This role is based in Prague and is part of a team that values collaboration, curiosity, thoughtful experimentation, and meaningful impact.
About the Team
Rapid7's Trust, Risk & Compliance team sits within the broader Information Security organization and plays a critical role in building and sustaining customer trust. We design and operate governance programs, manage security risk, and partner deeply across Engineering, Platform, IT, Enterprise Applications, Legal, Procurement, and Business Owners to embed security and compliance into how Rapid7 works - from inception, not cleanup.
Our work spans global regulatory and compliance programs, and we are actively transforming Trust, Risk & Compliance into a living, data-driven capability through better tooling, automation, and technical enablement.
About the Role
We're looking for a Staff Trust, Risk, and Compliance Engineer to design, drive, and evolve Trust, Risk, and Compliance programs at scale. In this role, you'll resolve complex, cross-functional challenges, influence direction across teams, and architect TRC capabilities that reduce friction, strengthen trust, and enable Rapid7 to move faster with confidence.
You will operate with a high degree of autonomy, shaping not just execution, but how TRC work is conceived, built, and sustained across the organization.
Specifically, your focus will be to:

• Design and drive end-to-end Trust, Risk, and Compliance programs across multiple complex regulatory and compliance regimes
• Architect and evolve Rapid7's TRC technology ecosystem, connecting applicability, assessment, implementation, operation, and meaningful reporting
• Improve TRC maturity at scale, reducing uncertainty and friction while strengthening risk management outcomes
• Operate autonomously across most situations, managing timelines, dependencies, and escalations without being chased
• Run multiple complex initiatives in parallel with broad, cross-functional scope
• Partner with senior leaders across Information Security, Engineering, Platform, IT, Enterprise Applications, and the business to shape direction and outcomes
• Apply deep engineering judgment to navigate and integrate Rapid7's technical stack, including AWS, Okta, commercial GRC platforms, Tableau, Terraform and Rapid7 products (such as InsightCloudSec, Surface Command, and InsightVM), and other security tooling
• Leverage APIs, automation, scripting (e.g., Python), data, and AI-driven approaches to modernize how TRC operates
• Integrate with productivity and collaboration tools (e.g., Slack, Google Workspace, Atlassian Portfolio) to deliver a seamless Trust, Risk, and Compliance experience
• Influence how Rapid7 employees ("Moose") think about security and compliance - shifting left, embedding controls early, and avoiding reactive cleanup
• Resolve ambiguous, cross-functional problems repeatedly, operating with manager-level judgment and systems-level thinking

The skills and qualities you'll bring include:

• Extensive experience (typically 10+ years) building bridge-layers between complex business requirements and technical operations. We value the ability to translate high-level governance into scalable, automated execution.
• Deep understanding of managing complex lifecycles-whether in Trust, Risk, and Compliance (NIST, ISO) or other highly regulated, high-scale technical fields. You should be comfortable navigating "rule-heavy" environments and distilling them into engineering requirements.
• A proven track record of designing systems that don't just "work" but scale. You have built platforms or programs that handle increasing complexity without proportional increases in manual overhead.
• A design-thinking-led microservices architecture that allows the TRC stack to adapt and evolve organically.
• Strong engineering mindset applied to governance, risk, and compliance challenges
• Advanced technical fluency, including:
  
  • Cloud environments (AWS)
  • APIs, automation, and scripting (e.g., Python)
  • Commercial GRC platforms and security tooling
• Ability to influence direction, negotiate outcomes, and shape how peers and leaders approach problems
• Exceptional judgment, communication skills, and ability to resolve ambiguity
• Comfort operating at scale, balancing competing priorities, and enabling others to be effective
• Embody our core values to foster a culture of excellence that drives meaningful impact and collective success.

Great if you also have:

• Experience creating executive-level or operational reporting that drives decision-making
• Exposure to Federal or US Public Sector compliance environments
• Experience applying advanced automation, data engineering, or AI to security or GRC programs
• A portfolio or examples of systems, platforms, or programs you've designed, scaled, or transformed (feel free to include this in your application)

We know that the best ideas and solutions come from multi-dimensional teams. That's because these teams reflect a variety of backgrounds and professional experiences. If you are excited about this role and feel your experience can make an impact, please don't be shy - apply today.
#LI-SIM
About Rapid7
At Rapid7, our vision is to create a secure digital world for our customers, our industry, and our communities. We do this by harnessing our collective expertise and passion to challenge what's possible and drive extraordinary impact. We're building a dynamic and collaborative workplace where new ideas are welcome.
Protecting 11,000+ customers against bad actors and threats means we're continuing to push the envelope just like we' ve been doing for the past 20 years. If you 're ready to solve some of the toughest challenges in cybersecurity, we're ready to help you take command of your career. Join us.