We are looking for a Governance, Risk & Compliance (GRC) Engineer to help scale our security and compliance programs as we continue to grow. This role will partner closely with Security, Engineering, Infrastructure, Legal, and Go-to-Market teams to strengthen our risk management capabilities, maintain compliance certifications, support enterprise customer requirements, and build scalable governance processes. **Role Overview** As a GRC Engineer, you will be responsible for designing, implementing, and continuously improving Fal's governance, risk management, and compliance programs. You will help ensure that our security controls meet regulatory, contractual, and customer requirements while enabling the business to move quickly. This role combines technical security knowledge with compliance expertise and requires strong cross-functional collaboration skills. The ideal candidate understands cloud infrastructure, modern security practices, and compliance frameworks and can translate technical controls into business and regulatory requirements. **What You'll Do** **Governance & Compliance** - Manage and improve Fal's security compliance programs, including: - SOC 2 - ISO 27001 - GDPR - Emerging AI governance frameworks - Coordinate internal and external audits. - Maintain security policies, standards, procedures, and control documentation. - Develop compliance automation and continuous monitoring processes. - Support security awareness and policy governance initiatives. **Risk Management** - Lead enterprise risk assessments and risk register management. - Perform vendor and third-party risk assessments. - Conduct control gap analyses and remediation tracking. - Facilitate risk reviews with stakeholders across engineering and business teams. - Develop metrics and reporting for risk and compliance leadership. **Customer Security & Trust** - Support enterprise security reviews and customer due diligence requests. - Assist with security questionnaires, audits, and RFP responses. - Help maintain trust center content and security documentation. - Partner with Sales, Legal, and Customer Success to address customer security concerns. **Security Engineering & Control Validation** - Collaborate with Security and Infrastructure teams to implement and validate security controls. - Evaluate cloud and AI infrastructure against security requirements. - Assess effectiveness of technical safeguards including: - Identity and access management - Logging and monitoring - Vulnerability management - Incident response - Data protection controls - Support evidence collection and control testing. **Program Development** - Build scalable GRC processes that reduce manual effort. - Identify opportunities for compliance automation. - Develop governance frameworks for emerging AI and machine learning technologies. - Support strategic security initiatives and certifications.