Skip to content
Fireworks AIFireworks AISan Mateo, CA

Senior GRC Specialist

Senior GRC Specialist responsible for day-to-day governance, risk, and compliance operations including risk assessments, third-party risk management, internal audits, control monitoring, and policy maintenance at an AI infrastructure company. Requires 5-7 years GRC/IT audit experience, knowledge of security frameworks, and GRC platform proficiency.

Salary not listed
On-site5+ YOEOther

About the role

What you'll do

  • Own day-to-day GRC operations including user access reviews and certifications, security awareness and phishing/deepfake simulation facilitation, JML tracking, and triage and enforcement of policy and control exceptions.
  • Run the risk management program: perform annual and ad-hoc risk assessments, maintain the risk register, partner with risk owners on remediation, and track issues through to closure.
  • Manage third-party risk: run vendor and subprocessor risk assessments, conduct ongoing monitoring, and track remediation across critical vendors.
  • Design and execute targeted internal audits to test control effectiveness, and facilitate or support external audit cycles by coordinating evidence, control owners, and remediation.
  • Own continuous control monitoring and evidence automation: administer our GRC platform, keep automated control tests and evidence healthy, and maintain audit readiness year-round.
  • Build and foster relationships with cross-functional partners across engineering, IT, operations, legal, and sales.
  • Partner with control owners to educate them on their control responsibilities, prepare them for audits, and help operationalize controls.
  • Keep the policy library current by reviewing and updating security policies, standards, and procedures.
  • Turn program data into action: translate access review, awareness, and risk findings into insights and metrics that drive interventions.

How the role will grow

  • End-to-end audit leadership: move from supporting to owning audits including scoping and coordination.
  • Program and control maturity: lead control improvement and automation initiatives.
  • Leadership and influence: mentor team members, represent GRC in projects, and shape program direction.

What we're looking for

  • 5-7 years of experience in GRC, IT audit, information security, or a closely related field.
  • Working knowledge of major security and privacy frameworks such as SOC 2, ISO 27001/27701/42001, NIST CSF, HIPAA, GDPR, or CCPA.
  • Experience with GRC platforms (Anecdotes, Vanta, Drata, Secureframe, OneTrust, ServiceNow GRC).
  • Experience running user access reviews and understanding of identity and access management concepts (RBAC, least privilege, segregation of duties, JML processes).
  • Hands-on experience administering a security awareness or phishing simulation platform (Adaptive Security, KnowBe4, Hoxhunt, Proofpoint, or similar).
  • Comfort with cloud environments (AWS, GCP, or Azure) and how SaaS products are built and operated.
  • Strong written communication skills to translate control requirements and security concepts for technical and non-technical audiences.
  • Detail-oriented and organized with ability to manage multiple audits, campaigns, and deadlines.
  • Collaborative mindset focused on partnership across teams.

Skills

GRCSOC 2ISO 27001Nist CsfGDPRHIPAAVantaDrataServicenow GrcRBACJmlKnowbe4AWSGCPAzure

Similar roles

Dropbox

Executive Business Partner

DropboxUnited States

Executive Business Partner supporting a C-Level executive with complex calendaring, travel, event planning, and special projects. Requires 6+ years administrative experience, strong organizational skills, and ability to travel up to 50%.

121k – 185k/yr
Remote6+ YOEOther
Cohere

Lead

CohereWashington, DC

Lead Cohere's US federal and state government affairs strategy focused on AI policy, regulatory advocacy, and relationship-building with lawmakers and agencies. Requires 10+ years blending tech corporate affairs with direct political/government experience, deep AI policy expertise, and a bachelor's degree.

Salary not listed
Hybrid10+ YOEOther
Coalition Security

Manager, Claims

Coalition SecurityUnited States

Lead a team handling complex first and third-party global cyber, technology, and media claims. Requires 6+ years claims experience (including product development), 2+ years people management, bachelor's degree, strong analytical and communication skills.

115k – 155k/yr
Remote6+ YOEOther
Plaid

Compensation Lead

PlaidSan Francisco, CA

Lead compensation support for client groups, own annual/mid-year cycles in Workday, manage benchmarking and comp systems (Compa, Pave), and build models for program design. Requires 5+ years in compensation, cycle ownership, equity knowledge, and strong analytics.

123k – 192k/yr
Hybrid5+ YOEOther
Mercor

Event Lead

MercorSan Francisco, CA

Own Mercor's events end-to-end: set strategy for GTM, recruiting, and internal events; plan and execute high-signal conferences, dinners, and programs; drive measurable outcomes in relationships, pipeline, and talent. Requires 6-8 years events experience with strong execution, stakeholder management, and polished presence for executive/AI audiences.

160k – 200k/yr
On-site6+ YOEOther