Responsibilities
AI Automation and Tooling
- Architect, build, and maintain agents on Rokt's internal Security Agent Suite for GRC workflows, including client security questionnaires, evidence collection, control testing, vendor assessments, DPIAs, and audit preparation
- Design new GRC automations end-to-end: scope the workflow, build the agent or tool, validate outputs, and roll it out with the rest of the GRC team
- Build internal tools and integrations using AI coding agents (Claude Code, Cursor, or equivalents) to extend in-house GRC systems and Jira-based workflows
- Continuously evaluate agent performance, refine prompts and tool definitions, and improve coverage and accuracy of automated controls
Audit, Assurance, and Compliance
- Lead the ISO 27001:2022 surveillance and recertification cycles, and SOC 1 and SOC 2 Type 2 audits, end-to-end
- Plan and execute Rokt's internal audit program (user access, exemptions, DPIAs, SCF controls, AI controls), ideally with agent-assisted execution
- Drive external auditor engagement, evidence collection, and remediation tracking
- Manage the processing of client security questionnaires using and continuously improving the questionnaire agent
- Maintain and evolve ISMS performance metrics, including new metrics covering AI control effectiveness and automation coverage
- Coordinate Rokt's security calendar including audit windows
- Produce and maintain quality procedure documentation co-authored with AI assistance
Requirements
Compliance and Audit Experience
- 4+ years of relevant experience in Governance, Risk & Compliance, ideally in a fast-moving tech environment
- Working knowledge of ISO 27000 family, SOC 1, SOC 2, NIST CSF, and privacy regulations (GDPR, CCPA, CPRA); bonus for PCI-DSS, CIS, SCF, ISO 42001, NIST AI RMF
- Hands-on internal auditing experience against ISO 27001 and SOC 2
- Track record managing external audits end-to-end, including evidence collection, auditor engagement, and findings remediation
- Solid grasp of controller/processor concepts and broader privacy fundamentals
AI and Technical Skills
- Demonstrated experience designing and shipping agentic AI systems — not just using a chatbot; built agents that take actions, call tools, integrate with APIs, and complete multi-step workflows
- Comfortable using AI coding agents (Claude Code, Cursor, Copilot, or similar) to build and maintain internal tools; able to read, modify, and ship code even if not a software engineer
- Familiarity with at least one agent framework (Google ADK, LangGraph, OpenAI Agents SDK, MCP, or similar) and the core patterns: tool use, memory, evaluation, guardrails
- Understanding of LLM risks and controls — prompt injection, model misuse, agent autonomy, data leakage — and how they map to frameworks like OWASP Agentic Top 10 or NIST AI RMF
- Working knowledge of basic IT, cloud (AWS preferred), APIs, and SQL
- Comfort with version control (Git/GitHub) and basic scripting (Python or TypeScript)
Ways of Working
- Strong written and verbal communication; able to translate technical detail into business language for leadership, clients, and auditors
- Demonstrated ability to break complex compliance requirements into scalable, automated processes that don't slow the business down
- Bias for shipping, comfort with ambiguity, and a builder mindset
- Strong attention to detail balanced with willingness to use AI to extend it
- Highly responsive, autonomous, and resilient
Compensation
Target total compensation ranges from $214,000 - $255,000, including a fixed annual salary of $174,000- $215,000, an employee equity plan grant, and world-class benefits.