We are looking for a GRC Lead to serve as the Technical Lead for our compliance and risk management ecosystem. You will architect the systems and processes that automate trust, guiding a team of GRC specialists while partnering deeply across the organization.
The role requires a pragmatic operator who understands that GRC exists to enable the business,balancing rigorous standards with the velocity of a high-growth startup.
Key responsibilities include:
- Technical Leadership & Mentorship:
- Act as the technical anchor for the GRC team.
- Mentor GRC analysts and engineers, setting the standard for quality, technical depth, and operational efficiency.
- Own the technical vision for Replit's GRC program, moving the team from manual workflows toward 'Compliance-as-Code' and automated evidence collection.
- Cross-Functional Collaboration:
- Partner with Architects and Engineering Leads to 'bake in' compliance requirements early in the design phase.
- Work closely with Legal Counsel to interpret and implement requirements for Privacy (GDPR, CCPA) and emerging AI-specific regulations (e.g., EU AI Act).
- Enable the Sales team by managing the Customer Trust Center and handling complex security questionnaires.
- Risk Management & Strategic Compliance:
- Own the Cybersecurity Risk Register.
- Identify, quantify, and track risks, distinguishing between theoretical compliance gaps and meaningful business risks.
- Manage and evolve our compliance posture across SOC 2, ISO 27001, and prepare the organization for future certifications in regulated markets (e.g., FedRAMP, ITAR, PCI, HIPAA).
- Automation & Efficiency:
- Drive the shift from manual evidence collection to continuous monitoring.
- Identify opportunities to automate audit work, ensuring GRC scales with the business.
- Architect a scalable framework for assessing third-party vendors and AI model providers, ensuring our supply chain remains secure without creating administrative bottlenecks.
The ideal candidate will have:
- 8+ years of experience in GRC or Information Security.
- Leadership experience, proven by mentoring other GRC professionals or leading complex cross-functional projects.
- Technical fluency, speaking the language of engineering, cloud (GCP/AWS), and security architecture.
- Regulatory breadth, with deep experience with SOC 2, ISO 27001, PCI, HIPAA, and Privacy laws.
- Collaborative communication skills, explaining risk and tradeoffs to technical, legal, and commercial stakeholders.
- An automation mindset, with experience with GRC automation tools (e.g., Vanta, Drata) and a bias toward reducing manual toil.
Bonus qualifications include familiarity with FedRAMP, ITAR, or AI regulation.
We value pragmatism, business enablement, solutions-oriented leadership, and clarity. This is a full-time role that can be held from our Foster City, CA office, with an in-office requirement of Monday, Wednesday, and Friday.
Full-time employee benefits include competitive salary and equity, 401(k) program with a 4% match, health, dental, vision, and life insurance, short-term and long-term disability, paid parental, medical, caregiver leave, commuter benefits, monthly wellness stipend, autonomous work environment, in-office set-up reimbursement, flexible time off (FTO) + holidays, quarterly team gatherings, and in-office amenities.
XML job scraping automation by YubHub
