About the opportunity:

Pallet is hiring its first dedicated GRC leader to own how we earn and keep trust: with customers, auditors, and regulators. You'll run our SOC 1 and SOC 2 programs, build our GDPR and CCPA privacy operations, and work shoulder-to-shoulder with engineering, product, sales, and legal to make compliance something Pallet is good at, not something it survives. This role reports directly to leadership and is the foundation of a function you will one end to end, and eventually grow.

Why this role is different:

• You're the first. No inherited process, no legacy bureaucracy: you design the compliance operating model from a blank page, with the GRC tooling and executive support to do it right.
• Revenue-facing, not back-office. Enterprise deals at Pallet increasingly hinge on security posture. You'll sit in on customer conversations, own the trust narrative, and directly unblock sales.
• Full-spectrum scope. Most GRC roles silo you into audit or privacy or vendor risk. Here you own all of it, with the engineering proximity to actually change how things get built.
• Surround yourself with top-tier talent and fast-track your career: this is a foundational seat with a clear path to building and leading a team.

How you will make an impact:

• Run SOC 1 and SOC 2 Type II audit cycles end to end: control design, evidence automation, auditor relationships, and clean reports delivered on schedule, every cycle.
• Build Pallet's privacy program for GDPR and CCPA/CPRA:data inventory and mapping, DSAR handling, DPAs, and privacy reviews baked into product development.
• Primary point of contact for external auditors and assessors in collecting evidence, audit responses, timelines. Translate audit findings into actionable plans.
• Implement continuous-compliance infrastructure so audit readiness is a byproduct of how we operate, not an annual fire drill.
• Embed security and privacy controls into engineering and product workflows, earning adoption through partnership rather than mandate.
• Stand up vendor risk management: security reviews, DPA negotiation support, and an ongoing third-party risk register.
• Own the customer-facing trust motion (security questionnaires, trust center, customer audits) and measurably shorten enterprise sales cycles.

Preferred experience:

• 7-12 years across GRC, security compliance, or audit, including full ownership of at least two SOC 2 Type II cycles.
• Built or significantly matured SOC, ISO, GDPR, and privacy compliance programs in-house - you've operationalized privacy, not just advised on it.
• Technically credible with engineers: comfortable discussing access controls, encryption, logging, and cloud infrastructure (AWS/GCP) without needing translation.
• Deep hands-on experience with compliance automation platforms and evidence workflows.
• Startup-calibrated judgment: you know which risks matter, build lightweight process, and have certifications (CISA, CISSP, ISO 27001 LA) as a bonus rather than a substitute for experience.

Interview Process:

• Chat with Christy - Business Recruiter - 30 mins
• Chat with Austin Zheng - 30-45 mins
• Proficiency Assessment
• Final Interview - 3-4 hours

We move fast, and we'll keep you informed at every stage of the process.

Location: This role is an in-office role in our San Francisco office (5 mins walk from Montgomery BART Station)

Compensation:

The estimated salary range for this role is $175,000-$225,000, depending on experience and skill set. In addition to base salary, we offer competitive equity, benefits, and opportunities for growth. Final compensation will be determined based on a combination of factors, including experience, qualifications, and location.

Our Benefits

We invest in our people the same way we invest in our product: seriously.

• Health, Vision, and Dental benefits
• Flexible PTO
• + Life Insurance and Accidental Insurance
• ♥ Short-Term Disability Coverage
• Generous salary and equity for all staff
• 401k option; helping you save for the future
• Yearly learning and development stipend
• Commuter benefits for Bay Area employees
• Uber ride stipend if you ever have to work late in the office
• Remote office home stipend to get you comfy in your space
• Daily catered lunches provided
• Onboarding trip to San Francisco HQ if you work remotely
• Monthly happy hours
• Annual Company Offsites; our last one was in Palm Springs CA

Workplace Policy

We are an in-person company. Our offices in San Francisco and New York City are where ideas get built, decisions get made, and the team gets stronger. We have invested in making them genuinely great places to spend your day, with catered lunches, monthly happy hours, and people who care about the work and each other.

Most of our team works in office five days a week. For select roles, we hire remotely across the U.S. Remote employees come to San Francisco for their first week to onboard and meet the team, and we cover the full trip. Most remote employees visit once a year after that, with all travel, lodging, and meals on us.

Every role is different. Travel expectations are always shared upfront in the job description and confirmed in your first call with us. No surprises.