Apply

Ready to go for it?

AI Apply speeds things up—apply directly if you prefer.

FREE ACCESS
5,000–10,000 jobs/day
JobTailor Logo

See all jobs on JobTailor

Search thousands of fresh jobs every day.

Discover
  • Fresh listings
  • Fast filters
  • No subscription required
Create a free account and start exploring right away.
Replit

Risk and Compliance Lead

Replit

Risk and Compliance Lead overseeing security GRC function for AI-native product. Responsible for certifications, audits, and risk management with compliance monitoring.

Posted 7/10/2026full-timeFoster City • California • 🇺🇸 United StatesSenior💰 $210,000 - $270,000 per yearWebsite

About the role

Key responsibilities & impact
  • Own the end-to-end certification roadmap (SOC 2 Type II, ISO 27001, and future frameworks like ISO 42001) including scoping, gap assessments, remediation, and audit execution
  • Manage relationships with external auditors and drive the annual audit calendar so certifications renew without last-minute scrambles
  • Own and maintain the company's master security risk register including risk identification, scoring methodology, treatment plans, and residual risk reporting
  • Build and maintain continuous compliance monitoring so control status reflects real-time state rather than point-in-time snapshots
  • Own the core audit artifacts that back every certification including ISMS documentation, Statements of Applicability, risk assessments, and potentially FedRAMP System Security Plans (SSPs)
  • Run regular audits and readiness assessments, and track remediation of findings and control gaps to closure
  • Support GDPR and broader privacy compliance alongside the Legal/Privacy team, without owning the legal interpretation of requirements
  • Partner with the GRC Engineer to define what evidence collection and control monitoring should be automated versus manually reviewed
  • Track and report on compliance posture and audit findings to security leadership

Requirements

What you’ll need
  • 8+ years in security compliance, IT audit, or GRC roles, with direct ownership of at least one SOC 2 and/or ISO 27001 certification cycle
  • Working knowledge of common frameworks (SOC 2, ISO 27001, NIST CSF) and how to map controls across them
  • Hands-on experience authoring or substantially maintaining an ISMS, SSP, or equivalent audit-facing documentation set and not just filling out a template
  • Experience owning a formal risk register including risk identification, scoring methodology, treatment plans, and residual risk reporting to leadership
  • Experience with GRC/compliance automation platforms (e.g., Anecdotes, Vanta, Drata, etc.) and continuous control monitoring
  • Experience working directly with external auditors and managing an audit end to end
  • Comfortable reading technical control evidence and having detailed conversations with engineers about how systems actually work
  • Working familiarity with GDPR/privacy fundamentals sufficient to partner effectively with a legal team

Benefits

Comp & perks
  • Competitive Salary & Equity
  • 401(k) Program with a 4% match (*US Only*)
  • Health, Dental, Vision and Life Insurance
  • Short Term and Long Term Disability
  • Paid Parental, Medical, Caregiver Leave
  • Flexible Time Off (FTO) + Holidays
  • Commuter Benefits (*In-Office Only*)
  • Monthly Wellness Stipend
  • Autonomous Work Environment
  • In Office Set-Up Reimbursement (*In-Office Only*)
  • Quarterly Team Gatherings
  • In Office Amenities (*In-Office Only*)

ATS Keywords

✓ Tailor your resume
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
Security ComplianceIT AuditRisk IdentificationControl MappingAudit ExecutionContinuous Compliance MonitoringControl Evidence AnalysisGDPR ComplianceNIST CSF FamiliarityRemediation Tracking
Soft Skills
Relationship ManagementCommunicationCollaboration