Act as the technical anchor for the GRC team, mentoring GRC analysts and engineers.
Own the technical vision for Replit’s GRC program, moving toward "Compliance-as-Code" and automated evidence collection.
Champion a culture of security and privacy across the company, educating teams on *why* controls exist.
Partner with Architects and Engineering Leads to incorporate compliance requirements early in the design phase.
Work closely with Legal Counsel to implement requirements for Privacy (GDPR, CCPA) and emerging AI-specific regulations.
Enable the Sales team by managing the Customer Trust Center and handling security questionnaires.
Own and cultivate the relationship with external auditors, ensuring requests are relevant to our tech stack.
Manage the Cybersecurity Risk Register, identifying, quantifying, and tracking risks.
Manage compliance posture across SOC 2, ISO 27001, and prepare for future certifications in regulated markets.
Drive the shift from manual evidence collection to continuous monitoring and assess third-party vendors.

Requirements

8+ years of experience in GRC or Information Security
Leadership Experience: Proven experience mentoring other GRC professionals or leading complex cross-functional projects.
Technical Fluency: Ability to speak the language of engineering, cloud (GCP/AWS), and security architecture. You can anticipate how architectural decisions impact risk and compliance.
Regulatory Breadth: Deep experience with SOC 2, ISO 27001, PCI, HIPPA, and Privacy laws.
Collaborative Communication: Strong ability to explain risk and tradeoffs to technical (Engineers), legal, and commercial (Sales/Execs) stakeholders.
Automation Mindset: Experience with GRC automation tools (e.g., Vanta, Drata) and a bias toward reducing manual toil.

Benefits

Competitive Salary & Equity
401(k) Program with a 4% match
Health, Dental, Vision and Life Insurance
Short Term and Long Term Disability
Paid Parental, Medical, Caregiver Leave
Commuter Benefits
Monthly Wellness Stipend
Autonomous Work Environment
In Office Set-Up Reimbursement
Flexible Time Off (FTO) + Holidays
Quarterly Team Gatherings
In Office Amenities

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

GRCInformation SecurityCompliance-as-CodeCybersecurity Risk ManagementRisk AssessmentContinuous MonitoringAutomationSecurity ArchitectureTechnical VisionEvidence Collection

Soft Skills

MentoringLeadershipCollaborative CommunicationCross-functional Project ManagementEducating TeamsRelationship ManagementStakeholder EngagementProblem SolvingAnalytical ThinkingCultural Advocacy

Certifications

SOC 2ISO 27001PCIHIPAA