About Us

Legora is on a mission: to redefine how legal work gets done. From the very start we have been very clear about the fact that we are not building a solution for lawyers, we are building it with them, because it is the only way to make sure it gets done the right way; working side-by-side every step of the way.

Our AI-native workspace empowers legal professionals not just to work faster - but to ask better questions, unlock new insights. Every day, we push the boundaries of legal tech to make complex processes smarter, faster, and more human. From thousands of documents analysed in minutes to intelligent workflows designed in collaboration with leading practices, we’re turning possibility into reality.

Today we are trusted by global firms like Cleary Gottlieb, Goodwin, Bird & Bird and Linklaters in over 40 countries, but we have no plans on stopping here. We ship fast, we iterate effectively, and we scale rapidly - not by accident, but by design.

When you join Legora, you become part of a team that believes "good enough" isn’t good enough and that the way to win is together, by empowering lawyers to do their best work with technology that truly understands them. If you’re excited by building from first principles, working with exceptional people, and accelerating change in a high-stakes, high-impact domain—then this is the moment and the place.

We’re not just shaping the future of legal tech — we’re defining it. Ready to join us in building the intelligent future of law?

The role

At Legora, protecting our clients' highly sensitive legal data is fundamental to everything we do. We're building a security and compliance program designed for the AI era: Zero Trust architecture, rigorous governance, and continuous compliance as non-negotiables.

We are expanding our security team with a technical GRC Engineer who brings hands-on engineering experience into the world of governance, risk, and compliance. This role is for someone who has worked as a software engineer or has strong technical skills with programming and wants to build smart, automated GRC processes that work seamlessly with engineering teams. You'll be comfortable with frameworks like FedRAMP and can speak the language of our engineers, understand our infrastructure, and act as a proactive enabler embedded within engineering teams to solve and mitigate security and compliance risks.

*This role can be either based in Stockholm, Sweden or NYC, US. For both locations, we have a 5-day in-office policy, we believe building together in person drives better outcomes.

What you will be doing:

• Own and maintain compliance frameworks including ISO 27001, ISO 42001, SOC 2 Type II, ensuring all policies, procedures, and controls are documented, implemented, and continuously improved through automation where possible.

• Embed with engineering teams to understand our Azure cloud infrastructure, development practices, and CI/CD pipelines — acting as a trusted technical advisor who can identify security and compliance risks early in the development lifecycle.

• Build and maintain automated GRC tooling and workflows using infrastructure-as-code, scripting (Python, Bash, PowerShell), and GenAI tools to streamline compliance activities and reduce manual overhead.

• Configure and manage logging tools, SIEM systems, and security monitoring platforms to ensure comprehensive audit trails and compliance evidence collection across the tech stack.

• Serve as incident manager for security incidents, coordinating cross-functional engineering efforts, managing communication, and ensuring timely resolution while maintaining compliance with incident response procedures.

• Conduct risk assessments, threat modeling, and gap analyses with a technical lens, working directly with product and infrastructure teams to prioritize and implement remediation efforts.

• Coordinate internal and external audits, penetration tests, and compliance assessments — leveraging your technical background to efficiently gather evidence, explain technical controls, and manage remediation plans.

• Develop lightweight, actionable security policies and standards that align with regulatory frameworks (GDPR, ISO 27001, SOC 2, ISO 42001, NIST 800-53) while being practical for engineering teams to implement.

• Support secure AI governance by defining technical controls that protect data in AI workflows, prevent adversarial use, and ensure responsible AI practices aligned with ISO 42001.

• Manage vendor risk through technical security reviews and due diligence assessments, evaluating third-party integrations and tools from both a compliance and security architecture perspective.

• Track and report on security metrics, KPIs, and compliance status to leadership, providing technical insights and data-driven recommendations.

Who you are

• You have 3+ years of experience as a software engineer, DevOps engineer, or in a technical role, and are transitioning into information security and GRC with a desire to apply your technical expertise to compliance and risk management.

• You have hands-on experience with cloud platforms (preferably Azure), infrastructure-as-code (Terraform, ARM templates), CI/CD pipelines, and modern development practices.

• You are comfortable with programming or scripting (Python, Bash, PowerShell, or similar) and can build automation to solve compliance challenges.

• You understand compliance frameworks such as FedRAMP, ISO 27001, SOC 2 Type II, and can navigate their technical control requirements with confidence.

• You have experience configuring and integrating logging tools (Azure Monitor, Sentinel, Splunk, ELK) using APIs and connectors to build automated monitoring and alerting workflows.

• You can serve as an incident manager for security incidents, coordinating engineering teams, managing timelines, and communicating effectively under pressure.

• You understand Zero Trust principles, OWASP Top 10 risks, and how to apply security best practices across identity, devices, DevOps processes, and cloud services.

• You have strong analytical and problem-solving skills, with the ability to translate complex technical issues into clear compliance and risk management language for non-technical stakeholders.

• You have excellent communication skills and can work collaboratively with both technical and non-technical teams, acting as a bridge between engineering and compliance.

• Experience with securing AI/ML workflows, FedRAMP authorization processes, and building automation with GenAI tools (Zapier, n8n, or similar) is a big plus.

Legora is an Equal Opportunity Employer

At Legora, we believe great teams are built on diversity of thought and experience. We’re proud to be an equal opportunity employer and committed to creating an inclusive, high-performance culture where everyone can do their best work. We welcome people of all backgrounds and don’t discriminate based on race, color, religion, national origin, gender, gender identity or expression, sexual orientation, age, disability, veteran status, or any other characteristic protected by law.