Lead Replit's security GRC function by owning end-to-end SOC 2, ISO 27001, and future AI governance certifications, maintaining the master security risk register, and building continuous compliance monitoring in close partnership with Engineering.
210k – 270k
Hybrid8+ YOEOther
About the role
What You'll Do
Own the end-to-end certification roadmap (SOC 2 Type II, ISO 27001, and future frameworks like ISO 42001) including scoping, gap assessments, remediation, and audit execution.
Manage relationships with external auditors and drive the annual audit calendar so certifications renew without last-minute scrambles.
Own and maintain the company's master security risk register including risk identification, scoring methodology, treatment plans, and residual risk reporting.
Build and maintain continuous compliance monitoring so control status reflects real-time state rather than point-in-time snapshots.
Own the core audit artifacts that back every certification including ISMS documentation, Statements of Applicability, risk assessments, and potentially FedRAMP System Security Plans (SSPs).
Run regular audits and readiness assessments, and track remediation of findings and control gaps to closure.
Support GDPR and broader privacy compliance alongside the Legal/Privacy team, without owning the legal interpretation of requirements.
Partner with the GRC Engineer to define what evidence collection and control monitoring should be automated versus manually reviewed.
Track and report on compliance posture and audit findings to security leadership.
Required Skills & Experience
8+ years in security compliance, IT audit, or GRC roles, with direct ownership of at least one SOC 2 and/or ISO 27001 certification cycle.
Working knowledge of common frameworks (SOC 2, ISO 27001, NIST CSF) and how to map controls across them.
Hands-on experience authoring or substantially maintaining an ISMS, SSP, or equivalent audit-facing documentation set and not just filling out a template.
Experience owning a formal risk register including risk identification, scoring methodology, treatment plans, and residual risk reporting to leadership.
Experience with GRC/compliance automation platforms (e.g., Anecdotes, Vanta, Drata, etc.) and continuous control monitoring.
Experience working directly with external auditors and managing an audit end to end.
Comfortable reading technical control evidence and having detailed conversations with engineers about how systems actually work.
Working familiarity with GDPR/privacy fundamentals sufficient to partner effectively with a legal team.
Bonus Qualifications
Experience scoping or pursuing ISO 42001 or other AI governance frameworks.
Familiarity with FedRAMP or other government compliance regimes.
Background in a developer tools, platform, or AI/ML product company.
Relevant certifications (CISA, CISSP, ISO 27001 Lead Auditor/Implementer).
Experience standing up a compliance program from an early or pre-certification stage.
Localization Manager responsible for owning creative localization programs from brief to delivery across global markets. Requires 7+ years experience in multi-market marketing localization, transcreation, vendor management, workflow automation with APIs, and strong localization judgment for high-quality output at scale.
207k – 230k
Hybrid7+ YOEOther
Manager, Safety Clearance Program Management
ZooxFoster City, CA
Leads team of technical program managers overseeing end-to-end safety clearance processes for autonomous robotaxi systems. Requires 8+ years in technical program management of safety-critical systems, engineering degree, and tools like Jira.
205k – 284k
On-site8+ YOEOther
Sr. Training and Knowledge Management Manager
OktaBellevue, WA +3
Lead the development and execution of a strategic knowledge management and training program for Okta's Legal team, with a focus on optimizing content for AI systems. Requires 10+ years experience including 7+ in training/KM, in-house legal support, and expertise in content design and adult learning.
204k – 281k
Hybrid10+ YOEOther
Visual Storytelling & AI Innovation Lead, Office of the CFO
OpenAISan Francisco, CA
Hands-on IC partnering with the CFO's Chief of Staff to create executive presentations, board materials, and AI transformation stories that showcase Finance's AI adoption and support broader company messaging.
216k – 310k
HybridOther
Senior Manager, Internal Audit IT
CoinbaseUnited States
Lead Coinbase's global IT and security audit program, owning the multi-year roadmap and delivering complex audits across cloud, infrastructure, and cybersecurity. Manage a global team and partner with engineering and security leadership.