Security GRC & Compliance
Professionals in this role design and scale compliance programs that enable AI companies to operate securely across multiple regulatory frameworks—SOC 2, ISO 27001, FedRAMP, and emerging AI governance standards. Day-to-day, they conduct risk assessments, build automation to embed compliance into engineering workflows, respond to customer security questionnaires, and manage audit readiness across cloud infrastructure and AI-specific controls. What distinguishes this work is the technical depth required: rather than purely policy-focused compliance, these roles demand hands-on experience implementing controls, scripting automation, and translating complex regulatory requirements into practical controls that don't slow product velocity. They typically sit within security organizations reporting to CISOs or governance leaders, partnering closely with engineering, product, and sales teams to balance compliance rigor with business growth in fast-moving AI environments.
Skills
What companies are looking for in this role.
Managing compliance audits and certification processes for security frameworks
Conducting risk assessments and developing risk management strategies
Responding to customer security questionnaires and vendor assessments
Developing and maintaining security policies, procedures and documentation
Collecting and managing evidence for compliance audits
Translating regulatory requirements into actionable business controls
Managing control mappings across multiple compliance frameworks
Maintaining trust centers and customer-facing security documentation
Leading vulnerability management programs and remediation efforts
Supporting sales teams with security-related deal enablement
Managing third-party risk assessments and vendor security evaluations
Building automation workflows for compliance monitoring and reporting
Implementing continuous control monitoring systems
Designing governance frameworks for AI and emerging technology systems
Integrating compliance tools into development and deployment pipelines
Using AI agents and machine learning for compliance automation
Collaborating with cross-functional teams including engineering, legal, and sales
Communicating complex technical concepts to executive leadership
Technology
The tools and technologies that define this role.
Open Jobs
38 open Security GRC & Compliance jobs across 23 companies.
Other Security roles
Identifies and mitigates security vulnerabilities in applications and products.
Secures cloud infrastructure, networks, and systems.
Generalist security engineering role spanning multiple security domains. For security engineers who work across application, infrastructure, and cloud security without a single dominant specialization. The default home for "Security Engineer" titles when the function is clearly Security.
Builds detection systems, investigates security incidents, and leads incident response efforts.
Conducts offensive security assessments including red teaming, penetration testing, and adversarial simulation.