# Senior GRC Specialist

**Company:** [Fireworks AI](https://hotfix.jobs/companies/fireworks-ai)
**Location:** San Mateo, CA
**Role:** Other
**Experience:** 5+ years
**Skills:** GRC, SOC 2, ISO 27001, Nist Csf, GDPR, HIPAA, Vanta, Drata, Servicenow Grc, RBAC, Jml, Knowbe4, AWS, GCP, Azure
**Posted:** 2026-07-06

> Senior GRC Specialist responsible for day-to-day governance, risk, and compliance operations including risk assessments, third-party risk management, internal audits, control monitoring, and policy maintenance at an AI infrastructure company. Requires 5-7 years GRC/IT audit experience, knowledge of security frameworks, and GRC platform proficiency.

## Job Description

## What you'll do
- Own day-to-day GRC operations including user access reviews and certifications, security awareness and phishing/deepfake simulation facilitation, JML tracking, and triage and enforcement of policy and control exceptions.
- Run the risk management program: perform annual and ad-hoc risk assessments, maintain the risk register, partner with risk owners on remediation, and track issues through to closure.
- Manage third-party risk: run vendor and subprocessor risk assessments, conduct ongoing monitoring, and track remediation across critical vendors.
- Design and execute targeted internal audits to test control effectiveness, and facilitate or support external audit cycles by coordinating evidence, control owners, and remediation.
- Own continuous control monitoring and evidence automation: administer our GRC platform, keep automated control tests and evidence healthy, and maintain audit readiness year-round.
- Build and foster relationships with cross-functional partners across engineering, IT, operations, legal, and sales.
- Partner with control owners to educate them on their control responsibilities, prepare them for audits, and help operationalize controls.
- Keep the policy library current by reviewing and updating security policies, standards, and procedures.
- Turn program data into action: translate access review, awareness, and risk findings into insights and metrics that drive interventions.

## How the role will grow
- End-to-end audit leadership: move from supporting to owning audits including scoping and coordination.
- Program and control maturity: lead control improvement and automation initiatives.
- Leadership and influence: mentor team members, represent GRC in projects, and shape program direction.

## What we're looking for
- 5-7 years of experience in GRC, IT audit, information security, or a closely related field.
- Working knowledge of major security and privacy frameworks such as SOC 2, ISO 27001/27701/42001, NIST CSF, HIPAA, GDPR, or CCPA.
- Experience with GRC platforms (Anecdotes, Vanta, Drata, Secureframe, OneTrust, ServiceNow GRC).
- Experience running user access reviews and understanding of identity and access management concepts (RBAC, least privilege, segregation of duties, JML processes).
- Hands-on experience administering a security awareness or phishing simulation platform (Adaptive Security, KnowBe4, Hoxhunt, Proofpoint, or similar).
- Comfort with cloud environments (AWS, GCP, or Azure) and how SaaS products are built and operated.
- Strong written communication skills to translate control requirements and security concepts for technical and non-technical audiences.
- Detail-oriented and organized with ability to manage multiple audits, campaigns, and deadlines.
- Collaborative mindset focused on partnership across teams.

## Similar roles

- [Executive Business Partner](https://hotfix.jobs/jobs/ab7c538e-5fd8-4477-a45b-af6470d98e4c) - Dropbox - Remote - $121k – $185k/yr
- [Lead](https://hotfix.jobs/jobs/7a446830-5d27-49ca-9125-d0b37407c875) - Cohere - Washington, DC
- [Manager, Claims](https://hotfix.jobs/jobs/3a985163-bd42-4950-b636-3764bcb2b857) - Coalition Security - Remote - $115k – $155k/yr
- [Compensation Lead](https://hotfix.jobs/jobs/c0cc43d8-0df0-4784-a2c6-34f0528638e6) - Plaid - San Francisco, CA - $123k – $192k/yr
- [Event Lead](https://hotfix.jobs/jobs/0199acc9-c1fc-48ab-a26d-4b109e6d157f) - Mercor - San Francisco, CA - $160k – $200k/yr

**Apply:** https://hotfix.jobs/jobs/113aa59a-57d5-4213-8ce7-5797dff60147
**Canonical:** https://hotfix.jobs/jobs/113aa59a-57d5-4213-8ce7-5797dff60147