Skip to content
RoktRoktNew York, NY

GRC Automation & Assurance Lead

Lead GRC audit, assurance, and compliance programs while architecting and shipping AI agents to automate evidence collection, control testing, questionnaires, and audit prep for ISO 27001 and SOC 2.

174k – 215k
On-site4+ YOESecurity Engineering

About the role

Responsibilities

AI Automation and Tooling

  • Architect, build, and maintain agents on Rokt's internal Security Agent Suite for GRC workflows, including client security questionnaires, evidence collection, control testing, vendor assessments, DPIAs, and audit preparation
  • Design new GRC automations end-to-end: scope the workflow, build the agent or tool, validate outputs, and roll it out with the rest of the GRC team
  • Build internal tools and integrations using AI coding agents (Claude Code, Cursor, or equivalents) to extend in-house GRC systems and Jira-based workflows
  • Continuously evaluate agent performance, refine prompts and tool definitions, and improve coverage and accuracy of automated controls

Audit, Assurance, and Compliance

  • Lead the ISO 27001:2022 surveillance and recertification cycles, and SOC 1 and SOC 2 Type 2 audits, end-to-end
  • Plan and execute Rokt's internal audit program (user access, exemptions, DPIAs, SCF controls, AI controls), ideally with agent-assisted execution
  • Drive external auditor engagement, evidence collection, and remediation tracking
  • Manage the processing of client security questionnaires using and continuously improving the questionnaire agent
  • Maintain and evolve ISMS performance metrics, including new metrics covering AI control effectiveness and automation coverage
  • Coordinate Rokt's security calendar including audit windows
  • Produce and maintain quality procedure documentation co-authored with AI assistance

Requirements

Compliance and Audit Experience

  • 4+ years of relevant experience in Governance, Risk & Compliance, ideally in a fast-moving tech environment
  • Working knowledge of ISO 27000 family, SOC 1, SOC 2, NIST CSF, and privacy regulations (GDPR, CCPA, CPRA); bonus for PCI-DSS, CIS, SCF, ISO 42001, NIST AI RMF
  • Hands-on internal auditing experience against ISO 27001 and SOC 2
  • Track record managing external audits end-to-end, including evidence collection, auditor engagement, and findings remediation
  • Solid grasp of controller/processor concepts and broader privacy fundamentals

AI and Technical Skills

  • Demonstrated experience designing and shipping agentic AI systems — not just using a chatbot; built agents that take actions, call tools, integrate with APIs, and complete multi-step workflows
  • Comfortable using AI coding agents (Claude Code, Cursor, Copilot, or similar) to build and maintain internal tools; able to read, modify, and ship code even if not a software engineer
  • Familiarity with at least one agent framework (Google ADK, LangGraph, OpenAI Agents SDK, MCP, or similar) and the core patterns: tool use, memory, evaluation, guardrails
  • Understanding of LLM risks and controls — prompt injection, model misuse, agent autonomy, data leakage — and how they map to frameworks like OWASP Agentic Top 10 or NIST AI RMF
  • Working knowledge of basic IT, cloud (AWS preferred), APIs, and SQL
  • Comfort with version control (Git/GitHub) and basic scripting (Python or TypeScript)

Ways of Working

  • Strong written and verbal communication; able to translate technical detail into business language for leadership, clients, and auditors
  • Demonstrated ability to break complex compliance requirements into scalable, automated processes that don't slow the business down
  • Bias for shipping, comfort with ambiguity, and a builder mindset
  • Strong attention to detail balanced with willingness to use AI to extend it
  • Highly responsive, autonomous, and resilient

Compensation

Target total compensation ranges from $214,000 - $255,000, including a fixed annual salary of $174,000- $215,000, an employee equity plan grant, and world-class benefits.

Skills

ISO 27001SOC 2Soc 1Nist CsfGDPRCCPACpraAWSSQLPythonTypeScriptGitLangGraphOpenai Agents SdkAi Agent Development
Doxel

Senior Platform Engineer, Security

DoxelSan Francisco, CA

Build and secure Doxel's internal developer platform on GCP. Own cloud security posture, embed security into CI/CD pipelines, and drive adoption of secure golden paths across engineering teams.

175k – 220k
Hybrid6+ YOESecurity Engineering
Crusoe

Senior Software Engineer, Security

CrusoeSan Francisco, CA

Design, build, and deploy scalable security services, PKI, and secrets management platforms. Implement automation to eliminate manual security risk remediation across enterprise infrastructure.

175k – 210k
On-site5+ YOESecurity Engineering
Sigma

Senior Security Engineer

SigmaSan Francisco, CA

Senior Security Engineer building and scaling security platforms, AI/LLM security controls, detections-as-code, and automation across cloud and SaaS environments. Requires 5+ years hands-on security engineering experience and strong Python/cloud skills.

175k – 220k
On-site5+ YOESecurity Engineering
Sigma

Senior Security Engineer - Data Security

SigmaSan Francisco, CA

Senior Security Engineer building and scaling data protection platforms, DLP, DSPM, and AI-driven automation across SaaS, cloud, and data warehouse environments. Requires 5+ years in security engineering and strong software engineering skills.

175k – 220k
On-site5+ YOESecurity Engineering
Crusoe

Senior Software Engineer, IAM

CrusoeSan Francisco, CA

Senior Software Engineer building and scaling Crusoe Cloud's identity and access management platform, focusing on authentication, authorization, and secure distributed services. Requires 5+ years experience with compiled languages and cloud infrastructure.

175k – 220k
On-site5+ YOESecurity Engineering