The RoleWe're looking for a GRC Analyst to join our growing Security, IT, and Privacy function. You'll be the backbone of all the compliance work at the intersection of Engineering, Legal, and Product. This role will build and maintain the compliance programs as part of the security team. Our goal is simple: earn and keep the trust of our customers. The right person translates security and risk into terms that the business and product teams can act on.
Key Responsibilities- Own and manage compliance programs across frameworks including SOC 2, ISO 27001, GDPR, CCPA, HIPAA, and FedRAMP
- Coordinate audit activities end-to-end: evidence collection, documentation, auditor responses, and remediation tracking
- Leverage AI and other tools to deliver metrics that stakeholders can consume and understand
- Conduct vendor and third-party risk assessments; manage the due diligence lifecycle for new and existing partners
- Help manage security and risk reviews (e.g. DDQs, VSQs) as part of the procurement process in collaboration with the Legal, Finance, and Security team
- Assist with building and maintaining compliance policies, procedures, and supporting documentation for security and compliance
- Translate regulatory and contractual requirements into actionable controls and processes
- Monitor the evolving regulatory landscape (especially AI-specific regulations) and flag relevant obligations
- Support Privacy-by-Design reviews for new product features and data practices
- Track open compliance items and proactively drive them to closure across stakeholders
Requirements- 3-5 years of experience in GRC, Information Security compliance, or a related field
- Hands-on experience with SOC 2 or ISO 27001 audits, including evidence collection and gap assessments
- Familiarity with privacy regulations: GDPR, CCPA, and ideally emerging AI regulatory frameworks (EU AI Act, etc.)
- Experience managing vendor risk assessments and third-party due diligence processes
- Strong written and verbal communication skills. You can explain compliance requirements to engineers and legal concepts to product managers
- Highly organized, able to manage multiple workstreams and deadlines without dropping the ball
- Comfortable working independently in a fast-paced environment with limited process overhead
- Leverage AI to help build automation and data analysis workflows for reporting and tracking
Bonus points for:- Experience at an AI or search company
- Familiarity with data broker or data licensing compliance
- CISA, CISM, or CRISC
Our salary bands are structured based on a combination of geographic tiers and internal leveling. Compensation is determined by multiple factors assessed during the interview process, with the final offer reflecting these considerations.
Salary Band
$150,000-$180,000 USD
Company Perks:- Hubs in San Francisco and New York City offering regular in-person gatherings and co-working sessions
- Flexible PTO with U.S. holidays observed and a week shutdown in December to rest and recharge*
- A competitive health insurance plan covers 100% of the policyholder and 75% for dependents*
- 12 weeks of paid parental leave in the US*
- 401k program, 3% match - vested immediately!*
- $500 work-from-home stipend to be used up to a year of your start date*
- $600 technology stipend to support a portion of our hybrid/remote team's cell phone and internet expenses*
- $1,200 per year Health & Wellness Allowance to support your personal goals*
- The chance to collaborate with a team at the forefront of AI research
*Certain perks and benefits are limited to full-time employees only
