Risk and Compliance Lead

Tech Stack

Responsibilities

• Own and mature the security GRC program, including policy lifecycle management, risk register maintenance, and control framework alignment.
• Conduct comprehensive enterprise and product-level risk assessments to identify, prioritize, and track risks, translating findings into actionable remediation plans.
• Lead, manage, and support compliance efforts such as SOC2, ISO 27001, ISO 9001, TISAX, and federal/defense requirements, owning audit readiness, evidence collection, and remediation tracking.
• Drive the Third Party Risk Management (TPRM) program, including vendor assessments, contract security reviews, and ongoing monitoring.
• Build and maintain the GRC program infrastructure, including risk tracking, compliance tooling, reporting cadences, and executive-level risk reporting.

Benefits

• 401k
• Equity
• Gym Membership
• Health Insurance
• Learning Budget
• Remote Work

Culture