FREE ACCESS
5,000–10,000 jobs/day

See all jobs on JobTailor
Search thousands of fresh jobs every day.
Discover
- Fresh listings
- Fast filters
- No subscription required
Create a free account and start exploring right away.

Risk and Compliance Lead
ReplitRisk and Compliance Lead overseeing security GRC function for AI-native product. Responsible for certifications, audits, and risk management with compliance monitoring.
Posted 7/10/2026full-timeFoster City • California • 🇺🇸 United StatesSenior💰 $210,000 - $270,000 per yearWebsite
About the role
Key responsibilities & impact- Own the end-to-end certification roadmap (SOC 2 Type II, ISO 27001, and future frameworks like ISO 42001) including scoping, gap assessments, remediation, and audit execution
- Manage relationships with external auditors and drive the annual audit calendar so certifications renew without last-minute scrambles
- Own and maintain the company's master security risk register including risk identification, scoring methodology, treatment plans, and residual risk reporting
- Build and maintain continuous compliance monitoring so control status reflects real-time state rather than point-in-time snapshots
- Own the core audit artifacts that back every certification including ISMS documentation, Statements of Applicability, risk assessments, and potentially FedRAMP System Security Plans (SSPs)
- Run regular audits and readiness assessments, and track remediation of findings and control gaps to closure
- Support GDPR and broader privacy compliance alongside the Legal/Privacy team, without owning the legal interpretation of requirements
- Partner with the GRC Engineer to define what evidence collection and control monitoring should be automated versus manually reviewed
- Track and report on compliance posture and audit findings to security leadership
Requirements
What you’ll need- 8+ years in security compliance, IT audit, or GRC roles, with direct ownership of at least one SOC 2 and/or ISO 27001 certification cycle
- Working knowledge of common frameworks (SOC 2, ISO 27001, NIST CSF) and how to map controls across them
- Hands-on experience authoring or substantially maintaining an ISMS, SSP, or equivalent audit-facing documentation set and not just filling out a template
- Experience owning a formal risk register including risk identification, scoring methodology, treatment plans, and residual risk reporting to leadership
- Experience with GRC/compliance automation platforms (e.g., Anecdotes, Vanta, Drata, etc.) and continuous control monitoring
- Experience working directly with external auditors and managing an audit end to end
- Comfortable reading technical control evidence and having detailed conversations with engineers about how systems actually work
- Working familiarity with GDPR/privacy fundamentals sufficient to partner effectively with a legal team
Benefits
Comp & perks- Competitive Salary & Equity
- 401(k) Program with a 4% match (*US Only*)
- Health, Dental, Vision and Life Insurance
- Short Term and Long Term Disability
- Paid Parental, Medical, Caregiver Leave
- Flexible Time Off (FTO) + Holidays
- Commuter Benefits (*In-Office Only*)
- Monthly Wellness Stipend
- Autonomous Work Environment
- In Office Set-Up Reimbursement (*In-Office Only*)
- Quarterly Team Gatherings
- In Office Amenities (*In-Office Only*)
ATS Keywords
✓ Tailor your resumeApplicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard Skills & Tools
Security ComplianceIT AuditRisk IdentificationControl MappingAudit ExecutionContinuous Compliance MonitoringControl Evidence AnalysisGDPR ComplianceNIST CSF FamiliarityRemediation Tracking
Soft Skills
Relationship ManagementCommunicationCollaboration