Risk and Compliance Lead
Apply at source. Replit handles the application directly; Houtini doesn't take a fee from candidates or companies. We curate which companies appear; the listings come from yubhub.
What the team is looking for.
Compensation
The base salary for this role ranges from $210K – $270K, with equity offered.
Replit is the agentic software creation platform that enables anyone to build applications using natural language. With millions of users worldwide, Replit is democratizing software development by removing traditional barriers to application creation.
About the role:
Replit is building the security GRC function that will scale with an AI-native product. As the Risk & Compliance lead, you will own the certification and audit program end to end: SOC 2, ISO 27001, and eventually ISO 42001 (AI management systems). You will also own the company's master security risk register and continuous compliance monitoring. You will report to the Head of Security GRC and work closely with Engineering to ensure controls hold up in practice.
Responsibilities
- Own the end-to-end certification roadmap (SOC 2 Type II, ISO 27001, and future frameworks like ISO 42001)
- Manage relationships with external auditors and drive the annual audit calendar
- Own and maintain the company's master security risk register
- Build and maintain continuous compliance monitoring
- Own core audit artifacts that back every certification
- Run regular audits and readiness assessments
- Support GDPR and broader privacy compliance alongside the Legal/Privacy team
- Partner with the GRC Engineer to define what evidence collection and control monitoring should be automated
- Track and report on compliance posture and audit findings to security leadership
Required Skills & Experience
- 8+ years in security compliance, IT audit, or GRC roles
- Direct ownership of at least one SOC 2 and/or ISO 27001 certification cycle
- Working knowledge of common frameworks (SOC 2, ISO 27001, NIST CSF)
- Hands-on experience authoring or substantially maintaining an ISMS, SSP, or equivalent audit-facing documentation set
- Experience owning a formal risk register
- Experience with GRC/compliance automation platforms
- Experience working directly with external auditors
- Comfortable reading technical control evidence and having detailed conversations with engineers
- Working familiarity with GDPR/privacy fundamentals
Bonus Qualifications
- Experience scoping or pursuing ISO 42001 or other AI governance frameworks
- Familiarity with FedRAMP or other government compliance regimes
- Background in a developer tools, platform, or AI/ML product company
- Relevant certifications (CISA, CISSP, ISO 27001 Lead Auditor/Implementer)
- Experience standing up a compliance program from an early or pre-certification stage
Benefits
- Competitive Salary & Equity
- 401(k) Program with a 4% match (US Only)
- Health, Dental, Vision and Life Insurance
- Short Term and Long Term Disability
- Paid Parental, Medical, Caregiver Leave
- Flexible Time Off (FTO) + Holidays
- Commuter Benefits (In-Office Only)
- Monthly Wellness Stipend
- Autonomous Work Environment
- In Office Set-Up Reimbursement (In-Office Only)
- Quarterly Team Gatherings
- In Office Amenities (In-Office Only)
- security compliance
- IT audit
- GRC roles
- SOC 2
- ISO 27001
- NIST CSF
- ISMS
- SSP
- risk register
- GRC/compliance automation platforms
- external auditors
- GDPR/privacy fundamentals
- ISO 42001
- FedRAMP
- developer tools
- platform
- AI/ML product company
- CISA
- CISSP
- ISO 27001 Lead Auditor/Implementer
Other roles you might consider.
Filtered through the same AI-companies allowlist.
Member of Technical Staff (Software Engineer, Inference & Training Platform)
Perplexity
Research Scientist, Life Sciences (Computational)
Anthropic
Product Manager, Safeguards (Verticals)
Anthropic
Power Systems Engineer (Data Center Infrastructure)
SpaceXAI
Electrical Reliability Engineer (Data Center Infrastructure)
SpaceXAI
Harness Engineer
OpenAI
New to AI work? Start with these.
Six pieces of orientation. Most AI-company job specs assume you've done this kind of hands-on work already. If you haven't, an afternoon with one of these is the cheapest way to close the gap.
Claude Desktop, from zero.
The agentic-AI assistant most of the people you'd be working alongside use every day. Install, configure, first useful prompts.
What MCPs areThe best MCPs for Claude Desktop.
MCP servers extend an AI assistant with tools and data. The catalogue most teams use. Useful technical context for any AI-engineering role.
Code with AIClaude Code, the complete beginners' guide.
The CLI for AI-paired development. Required reading if you're applying for any engineering role that mentions agents, or any role full stop.
Run a local modelHow to set up LM Studio.
Running a model on your own machine teaches you more about how AI products work in three hours than a year of using ChatGPT will.
The hardware realityBeginner's guide to AI hardware.
What the infrastructure under the model actually looks like. Useful context for infrastructure, applied-AI and hardware roles.
Browse the stackMCP catalogue.
Eleven MCP servers Houtini maintains or recommends. Each detail page describes a real piece of working AI infrastructure.