# Governance, Risk & Compliance Engineer

**Company:** [Fal](https://hotfix.jobs/companies/fal)
**Location:** San Francisco, CA
**Role:** Security Engineering
**Salary:** $150k – $250k/yr
**Experience:** 5+ years
**Skills:** SOC 2, ISO 27001, GDPR, Risk Assessment, Compliance Automation, Cloud Security, Identity And Access Management, Vulnerability Management, Incident Response, Ai Governance
**Posted:** 2026-06-19

> GRC Engineer responsible for designing and improving governance, risk management, and compliance programs at a generative AI platform company. Manage certifications (SOC 2, ISO 27001, GDPR), lead risk assessments, support customer security reviews, and develop automation for cloud and AI infrastructure controls.

## Job Description

## What You'll Do

### Governance & Compliance
- Manage and improve security compliance programs, including SOC 2, ISO 27001, GDPR, and emerging AI governance frameworks.
- Coordinate internal and external audits.
- Maintain security policies, standards, procedures, and control documentation.
- Develop compliance automation and continuous monitoring processes.
- Support security awareness and policy governance initiatives.

### Risk Management
- Lead enterprise risk assessments and risk register management.
- Perform vendor and third-party risk assessments.
- Conduct control gap analyses and remediation tracking.
- Facilitate risk reviews with stakeholders across engineering and business teams.
- Develop metrics and reporting for risk and compliance leadership.

### Customer Security & Trust
- Support enterprise security reviews and customer due diligence requests.
- Assist with security questionnaires, audits, and RFP responses.
- Help maintain trust center content and security documentation.
- Partner with Sales, Legal, and Customer Success to address customer security concerns.

### Security Engineering & Control Validation
- Collaborate with Security and Infrastructure teams to implement and validate security controls.
- Evaluate cloud and AI infrastructure against security requirements.
- Assess effectiveness of technical safeguards including identity and access management, logging and monitoring, vulnerability management, incident response, and data protection controls.
- Support evidence collection and control testing.

### Program Development
- Build scalable GRC processes that reduce manual effort.
- Identify opportunities for compliance automation.
- Develop governance frameworks for emerging AI and machine learning technologies.
- Support strategic security initiatives and certifications.

## Requirements
- Technical security knowledge combined with compliance expertise.
- Strong cross-functional collaboration skills.
- Understanding of cloud infrastructure, modern security practices, and compliance frameworks.
- Ability to translate technical controls into business and regulatory requirements.

## Similar roles

- [Software Engineer, Identity](https://hotfix.jobs/jobs/95795ec8-bfd1-44c8-a7a1-b16c9be3d31b) - Mercor - San Francisco, CA - $150k – $325k/yr
- [IT Security Operations Engineer](https://hotfix.jobs/jobs/ab8df8f3-05c1-4b41-a516-c95445575498) - AKASA - San Francisco, CA - $150k – $190k/yr
- [Security Engineer](https://hotfix.jobs/jobs/79d32979-efc0-42db-8089-267517d351aa) - Novig - New York, NY - $150k – $200k/yr
- [Manager, Security Incident Response Team (USA)](https://hotfix.jobs/jobs/1cfbd1e7-a701-4a35-b746-7380bcf6ffac) - GitLab - Remote - $150k – $235k/yr
- [Security Engineer (Purple Team)](https://hotfix.jobs/jobs/a555c8c6-de26-4174-8934-a2a145176469) - Applied Intuition - Sunnyvale, CA - $150k – $220k/yr

**Apply:** https://hotfix.jobs/jobs/5dc30200-7d11-41fc-9e8e-f0f18b5b8caf
**Canonical:** https://hotfix.jobs/jobs/5dc30200-7d11-41fc-9e8e-f0f18b5b8caf