Risk Automation Engineer

Basic Function

Lumin Digital is looking for a Risk Automation Engineer who will fundamentally reimagine how risk management operates in a cloud-native, infrastructure-as-code environment. This role exists because traditional GRC processes (spreadsheet-driven assessments, manual remediation tracking, and documentation-heavy workflows) cannot keep pace with the velocity at which our technology evolves. The Risk Automation Engineer will design, build, and operate secure, agentic automation pipelines that handle risk and vendor lifecycle processes end-to-end, eliminating manual handoffs wherever human judgment is not required. Success in this position means Lumin’s risk posture is visible in near real time, risk processes are self-service and self-documenting, and the broader Risk Management team spends its time on strategic decisions rather than procedural coordination. This person will teach us what’s possible, not wait to be taught.

Essential Functions and Responsibilities:

Architect and build lights-off automation pipelines that orchestrate the full risk assessment lifecycle—from intake and scoping through evidence collection, control testing, findings generation, and remediation tracking—using AI-driven agentic workflows and tools such as Claude Code.

Design and implement automated vendor risk lifecycle management, including onboarding questionnaires, periodic reassessment triggers, continuous monitoring integrations, and contract-driven offboarding workflows that require zero manual coordination for routine vendor tiers.

Build and maintain near-real-time risk posture dashboards and reporting pipelines that programmatically aggregate data from cloud infrastructure, security tooling, vulnerability scanners, and GRC platforms to give leadership continuous visibility into the organization’s evolving risk landscape.

Develop secure agentic AI pipelines that autonomously triage, classify, and route risk-related tasks—escalating to human reviewers only when decisions exceed defined confidence thresholds or policy boundaries.

Engineer integrations between GRC platforms, cloud and vendor provider APIs, CI/CD pipelines, and internal systems to enable continuous control monitoring and evidence collection that replaces periodic, manual audit preparation.

Eliminate procedural ambiguity by codifying risk management processes into self-service, event-driven workflows so that stakeholders across the enterprise never need to ask how to initiate or proceed through a risk or vendor process.

Apply security-first engineering practices to all automation, including secrets management, least-privilege access, audit logging, input validation, and guardrails on AI agent behavior to ensure automated pipelines operate within defined trust boundaries.

Serve as an internal force multiplier by introducing and evangelizing AI-assisted engineering practices, including prompt enginee