Replit13.05.2026

GRC Engineer

Полная занятостьУдалёнка

Обязанности

  • 01Act as a technical subject matter expert for the GRC team, driving quality, technical depth, and operational efficiency in security controls
  • 02Own the technical vision for Replit’s GRC program, moving from manual workflows toward "Compliance-as-Code" and automated evidence collection
  • 03Champion a culture of security and privacy across the company, educating teams on controls and their importance
  • 04Partner with Architects and Engineering Leads to integrate compliance requirements early in the design phase
  • 05Translate complex technical implementations into narratives that satisfy frameworks without slowing down development
  • 06Work closely with Legal Counsel to interpret and implement requirements for Privacy (GDPR, CCPA) and emerging AI-specific regulations (e.g., EU AI Act)
  • 07Enable the Sales team by managing the Customer Trust Center and handling complex security questionnaires
  • 08Serve as a subject matter expert in customer calls to build confidence with enterprise prospects
  • 09Own and cultivate the primary relationship with external auditors, bridging communication between auditors and internal teams
  • 10Operate the Cybersecurity Risk Register, identifying, quantifying, and tracking risks
  • 11Manage and evolve compliance posture across SOC 2, ISO 27001, and prepare for future certifications (FedRAMP, ITAR, PCI, HIPAA)
  • 12Apply judgment to prioritize real security or business risks over "compliance theater"
  • 13Drive the shift from manual evidence collection to continuous monitoring and automation
  • 14Architect a scalable framework for assessing third-party vendors and AI model providers

Требования

  • 018+ years of experience in GRC or Information Security
  • 02Technical Fluency in engineering, cloud (GCP/AWS), and security architecture
  • 03Ability to speak the language of engineering and anticipate how architectural decisions impact risk and compliance
  • 04Deep experience with SOC 2, ISO 27001, PCI, HIPAA, and Privacy laws
  • 05Strong ability to explain risk and tradeoffs to technical, legal, and commercial stakeholders
  • 06Experience with GRC automation tools (e.g., Vanta, Drata) and bias toward reducing manual toil

Условия

  • 01Full-time role with in-office requirement (Monday, Wednesday, Friday) in Foster City, CA
  • 02Competitive Salary & Equity
  • 03401(k) Program with a 4% match
  • 04Health, Dental, Vision and Life Insurance
  • 05Short Term and Long Term Disability
  • 06Paid Parental, Medical, Caregiver Leave
  • 07Commuter Benefits
  • 08Monthly Wellness Stipend
  • 09Autonomous Work Environment
  • 10In Office Set-Up Reimbursement
  • 11Flexible Time Off (FTO) + Holidays
  • 12Quarterly Team Gatherings
  • 13In Office Amenities