Life360

Senior GRC Engineer

Life360$115K — $213K *
US-AnywhereRemote in United States
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • 5+ years in GRC, security engineering, or a hybrid role with policy and technical implementation experience.
  • Proficient with AI tools for substantive work, including code automation and investigations.
  • Strong coding skills in Python or equivalent to create integrations and deploy pipelines.
  • Ability to extract evidence directly from cloud environments without relying on manual screenshots.
  • Deep understanding of SOC 2, ISO 27001, and NIST AI RMF frameworks at the control level.
  • Experience managing SOX ITGC cycles and collaborating with external auditors.
  • Proven capability in building or scaling a TPRM program with a focus on automation.
  • Quantitative risk management experience, familiar with FAIR methodology.

Responsibilities

  • Own the governance framework for Life360's agentic systems, ensuring readiness before regulations emerge.
  • Automate evidence collection and control narratives using AI, enhancing efficiency and accuracy.
  • Develop policies in Git, transforming traditional documents into enforceable code.
  • Manage end-to-end SOC 2, ISO 27001, and SOX ITGC processes, focusing on continuous audit readiness.
  • Establish an operational risk function grounded in live data sources for actionable insights.
  • Enhance the TPRM program to streamline vendor reviews and reduce friction.
  • Act as the primary auditor contact, ensuring completion of walkthroughs and timely evidence delivery.
  • Foster cross-functional relationships across Engineering, Legal, Privacy, and Internal Audit to harmonize GRC efforts.

Benefits

  • Competitive pay and comprehensive benefits package.
  • 100% employee coverage for medical, dental, vision, life, and disability insurance.
  • 401(k) plan with matching contributions.
  • Mental Wellness Program and Employee Assistance Program (EAP) for well-being support.
  • Flexible PTO along with 13 company-wide days off each year.
  • Synchronized company-wide shutdowns during winter and summer.
  • Access to learning and development programs.
  • Remote work support through equipment and reimbursement tools.
  • Free Life360 Platinum Membership for personal circles and free Tile products.
Full Job Description
Life360 is a Remote-First company, which means a remote work environment will be the primary experience for all employees. All positions, unless otherwise specified, can be performed remotely (within the US) regardless of any specified location above.
We are AI Native

We are building an AI native company where AI is an integral part of how we build and operate. AI tool usage during interviews varies by role. You may be asked to demonstrate proficiency with AI tools, discuss how you leverage AI, or complete interview exercises without AI assistance. Your Recruiter will provide clear guidance as you move through the interview process.

Undisclosed use of AI not previously discussed with or approved by your Recruiter may impact your candidacy.
About The Team

The Information Security and Technology team is responsible for keeping Life360 safe - our systems, our employees, and the tens of millions of families who trust us with their location data. That obligation is the starting point. How we meet it is what makes this team different.

We are builders. Security controls that don't get used aren't controls. Compliance programs that create friction without reducing risk aren't programs. We build things that work in production, earn adoption from engineering teams, and get better over time - and we use AI to do it at a scale a traditional team couldn't.

We're also at an inflection point. Life360 is deploying agentic systems into how we build and operate, and the security and governance implications of that are still being worked out - by us, and by the industry. The threat surface is expanding. The compliance frameworks are catching up. The people on this team aren't waiting for either.
About the Job

Governance, Risk, and Compliance (GRC) has been on a slow progression from audit binders and manual evidence collection toward policy as code, continuous control testing, and compliance infrastructure that generates its own proof. We're hiring someone already living at that frontier - and ready to push past it.

Life360 is mid-transformation into an AI-native company, which means this role has two jobs running in parallel. The first is building the technical foundation of a modern GRC program: policies version-controlled in Git, controls that self-test, evidence generated by integrations rather than collected by humans, and a TPRM program that reflects how we actually use third parties. SOC 2, ISO 27001, and SOX anchor this work.

The second job is harder and less charted. As Life360 deploys agentic systems into how we build and operate, the policy and control landscape is shifting in real time. Major frameworks are actively working out how to account for autonomous agents, and new control sets are emerging faster than the regulations that require them. You'll anticipate new policy requirements, adapt existing controls, and ensure our governance architecture is ready before the auditors ask.

We use AI tools as a professional standard on this team. Here's what that means in practice.

Ai-Native Daily use: You use AI tools for real, substantive work - analysis, drafting, automation, code, investigations, evidence gathering.

Judgment and ownership: AI-generated work gets the same scrutiny you'd give any human-produced artifact. You're accountable for everything you ship.

Domain-specific judgment: You know where AI is the wrong tool. Sensitive data handling, attacker-controlled inputs, agents with production access, and privileged identity changes all need careful guardrails - and you can articulate where AI helps, where it hurts, and where it needs a human in the loop.

Leverage: When AI is working well, you take on problems that would otherwise require a larger team. We hire people who use that leverage to ship better outcomes, not just faster ones.

Continuous learning: The tooling moves fast. You stay current, share what works with the team, and speak up when something would meaningfully change how we operate.

The US-based salary range for this position is $115,500 to $213,000. We take into consideration an individual's background and experience in determining final salary - therefore, base pay offered may vary considerably depending on geographic location, job-related knowledge, skills, and experience. The compensation package includes a wide range of medical, dental, vision, financial, and other benefits, as well as equity.
What You'll Do
  • Own the governance framework for Life360's agentic systems. The major compliance frameworks are still figuring out how to account for autonomous agents. Define the policies, control sets, and compliance posture that govern how agents are built and deployed at Life360 - and build ahead of the regulation.
  • Take an agentic approach to GRC itself. Automate evidence collection, draft control narratives, triage vendor questionnaires - use AI and internal tooling to do the work humans shouldn't be doing manually. Write the integrations and pipelines that make it real. Know where AI creates leverage, where it introduces risk, and where a human needs to stay in the loop.
  • Build the policy program as code. Policies in Git, peer-reviewed via pull request. Requirements expressed as enforceable rules and automated checks, not static PDFs. A common controls framework that satisfies SOC 2, ISO 27001, NIST CSF, and future frameworks from a single control reference - no rework.
  • Drive SOC 2 Type 2, ISO 27001, and SOX ITGC end-to-end as management owner - managing evidence, coordinating with external assessors, and closing gaps before auditors find them. Build the automation once; satisfy three frameworks. Financial reporting controls beyond ITGC live with Internal Audit; you'll partner closely with them on shared control libraries, evidence pipelines, and walkthroughs. Internal Audit retains independent SOX program ownership, third-line testing, and Audit Committee reporting . The goal is audit readiness as a continuous state, not a quarterly sprint.
  • Build an operational risk function, not a register. Quantitative-leaning, FAIR-informed, and connected to live data sources across cloud security posture, endpoint detection, vulnerability management, and asset inventory. Risk scoring that reflects current reality and is actionable at every altitude - service owner to board executive leadership, with Audit Committee reporting on enterprise risk coordinated with Internal Audit. Build the data model, workflow layer, and closed loop that turns risk from a prioritization exercise into a lifecycle with owners and treatment decisions
  • Mature the TPRM program. Tiered reviews by risk and data sensitivity. Automated evidence collection and agent-based workflows that reduce friction for vendors and internal teams alike - making it easier to do this right than to skip it.
  • Be the auditor's primary management contact. Own scoping, walkthroughs, evidence delivery, and management responses for SOC 2, ISO 27001, and SOX ITGC. Auditors leave knowing more about how Life360 actually works than they did when they walked in - and findings get closed before they become repeat findings.
  • Build the cross-functional relationships that make GRC work in practice. Engineering, Legal, Privacy, Internal Audit and Procurement are all load-bearing parts of this program - own those partnerships and build the workflows that make compliance a shared practice, not a security team deliverable.
  • Maintain clear role boundaries between management's first- and second-line GRC operations and Internal Audit's third-line independent assurance.
What We're Looking For
  • 5+ years in GRC, security engineering, or a hybrid role where you owned both the policy and control side and the technical implementation - not one or the other.
  • You build with AI tools, not just use them. You've used LLMs and agents in real work - drafting, code, automation, investigation - and can make judgment calls about where AI creates leverage and where it introduces risk. Experience designing or operating agentic workflows is a strong signal.
  • Coding ability that ships. Python or equivalent - you can call APIs, build integrations, schedule jobs, and deploy a working pipeline without help. Show us something you built.
  • You can evidence controls directly in cloud environments - identity, audit logs, configuration posture, secrets management - without relying on screenshots or system owners. You pull evidence from APIs.
  • You've implemented, integrated, or significantly extended a modern GRC platform. You know what these platforms actually solve, where they fall short, and when to write your own code instead.
  • SOC 2, ISO 27001, and NIST AI RMF at the control level, not just the headers. You understand how these frameworks are evolving to account for AI and agentic systems.
  • You've worked through SOX ITGC cycles at a public company - managing evidence, walkthroughs, and findings with external auditors.
  • Built or scaled a TPRM program - you've designed tiering, pushed back on bad vendors, and automated parts of the assessment workflow.
  • Quantitative risk experience - you've owned a risk register and made it useful to engineers and executives. FAIR or equivalent methodology in real use is a strong signal.
  • Clear writing - policies, control narratives, audit responses, and risk statements that engineers and lawyers both understand.
  • Bachelor's degree or equivalent.
Nice to have
  • Experience taking a company through SOC 2 Type 2 or ISO 27001 certification from scratch.
  • Privacy program crossover - GDPR, CCPA, data mapping, DPIAs.
  • You've worked on the implementation side of security - engineering, operations, or incident response. You don't just audit other teams' work; you understand it because you've done it.
  • Experience building governance frameworks for AI systems - model risk, ISO 42001, or controls around LLM and agent deployment.

Ai-Native Daily use: You use AI tools for real, substantive work - analysis, drafting, automation, code, investigations, evidence gathering.

Judgment and ownership: AI-generated work gets the same scrutiny you'd give any human-produced artifact. You're accountable for everything you ship.

Domain-specific judgment: You know where AI is the wrong tool. Sensitive data handling, attacker-controlled inputs, agents with production access, and privileged identity changes all need careful guardrails - and you can articulate where AI helps, where it hurts, and where it needs a human in the loop.

Leverage: When AI is working well, you take on problems that would otherwise require a larger team. We hire people who use that leverage to ship better outcomes, not just faster ones.

Continuous learning: The tooling moves fast. You stay current, share what works with the team, and speak up when something would meaningfully change how we operate.
Our Benefits
  • Competitive pay and benefits
  • Medical, dental, vision, life and disability insurance plans (100% paid for employees)
  • 401(k) plan with company matching program
  • Mental Wellness Program & Employee Assistance Program (EAP) for mental well-being
  • Flexible PTO, 13 company-wide days off throughout the year
  • Winter and Summer Weeklong Synchronized Company Shutdowns
  • Learning & Development programs
  • Equipment, tools, and reimbursement support for a productive remote environment
  • Free Life360 Platinum Membership for your preferred circle
  • Free Tile Products

About Life360

Life360 is a family safety app that provides location sharing and driving safety features. Life360?s app allows families to stay connected and informed about each other?s location and safety. Life360?s app also provides driving safety features such as crash detection and emergency response. Life360 was founded in 2008 and is headquartered in San Francisco, California.
Learn more about Life360
Size
103 employees
Industry
Founded
2008
NASDAQ

Similar Jobs

More Jobs at Life360

More Information Technology Jobs

Find similar Senior GRC Engineer jobs: