Skip to content
Houtini.
Contact
Replit
Replit

Risk and Compliance Lead

Foster City, CA Engineering Senior USD210k–270k Posted 6d ago

Apply at source. Replit handles the application directly; Houtini doesn't take a fee from candidates or companies. We curate which companies appear; the listings come from yubhub.

Role description

What the team is looking for.

Compensation

The base salary for this role ranges from $210K – $270K, with equity offered.

Replit is the agentic software creation platform that enables anyone to build applications using natural language. With millions of users worldwide, Replit is democratizing software development by removing traditional barriers to application creation.

About the role:

Replit is building the security GRC function that will scale with an AI-native product. As the Risk & Compliance lead, you will own the certification and audit program end to end: SOC 2, ISO 27001, and eventually ISO 42001 (AI management systems). You will also own the company's master security risk register and continuous compliance monitoring. You will report to the Head of Security GRC and work closely with Engineering to ensure controls hold up in practice.

Responsibilities

  • Own the end-to-end certification roadmap (SOC 2 Type II, ISO 27001, and future frameworks like ISO 42001)
  • Manage relationships with external auditors and drive the annual audit calendar
  • Own and maintain the company's master security risk register
  • Build and maintain continuous compliance monitoring
  • Own core audit artifacts that back every certification
  • Run regular audits and readiness assessments
  • Support GDPR and broader privacy compliance alongside the Legal/Privacy team
  • Partner with the GRC Engineer to define what evidence collection and control monitoring should be automated
  • Track and report on compliance posture and audit findings to security leadership

Required Skills & Experience

  • 8+ years in security compliance, IT audit, or GRC roles
  • Direct ownership of at least one SOC 2 and/or ISO 27001 certification cycle
  • Working knowledge of common frameworks (SOC 2, ISO 27001, NIST CSF)
  • Hands-on experience authoring or substantially maintaining an ISMS, SSP, or equivalent audit-facing documentation set
  • Experience owning a formal risk register
  • Experience with GRC/compliance automation platforms
  • Experience working directly with external auditors
  • Comfortable reading technical control evidence and having detailed conversations with engineers
  • Working familiarity with GDPR/privacy fundamentals

Bonus Qualifications

  • Experience scoping or pursuing ISO 42001 or other AI governance frameworks
  • Familiarity with FedRAMP or other government compliance regimes
  • Background in a developer tools, platform, or AI/ML product company
  • Relevant certifications (CISA, CISSP, ISO 27001 Lead Auditor/Implementer)
  • Experience standing up a compliance program from an early or pre-certification stage

Benefits

  • Competitive Salary & Equity
  • 401(k) Program with a 4% match (US Only)
  • Health, Dental, Vision and Life Insurance
  • Short Term and Long Term Disability
  • Paid Parental, Medical, Caregiver Leave
  • Flexible Time Off (FTO) + Holidays
  • Commuter Benefits (In-Office Only)
  • Monthly Wellness Stipend
  • Autonomous Work Environment
  • In Office Set-Up Reimbursement (In-Office Only)
  • Quarterly Team Gatherings
  • In Office Amenities (In-Office Only)
Skills mentioned
  • security compliance
  • IT audit
  • GRC roles
  • SOC 2
  • ISO 27001
  • NIST CSF
  • ISMS
  • SSP
  • risk register
  • GRC/compliance automation platforms
  • external auditors
  • GDPR/privacy fundamentals
  • ISO 42001
  • FedRAMP
  • developer tools
  • platform
  • AI/ML product company
  • CISA
  • CISSP
  • ISO 27001 Lead Auditor/Implementer