# GRC Automation & Assurance Lead

**Company:** [Rokt](https://hotfix.jobs/companies/rokt)
**Location:** New York, NY
**Role:** Security Engineering
**Salary:** $174k – $215k/yr
**Experience:** 4+ years
**Skills:** ISO 27001, SOC 2, Soc 1, Nist Csf, GDPR, CCPA, Cpra, AWS, SQL, Python, TypeScript, Git, LangGraph, Openai Agents Sdk, Ai Agent Development
**Posted:** 2026-06-24

> Lead GRC audit, assurance, and compliance programs while architecting and shipping AI agents to automate evidence collection, control testing, questionnaires, and audit prep for ISO 27001 and SOC 2.

## Job Description

## Responsibilities

### AI Automation and Tooling
- Architect, build, and maintain agents on Rokt's internal Security Agent Suite for GRC workflows, including client security questionnaires, evidence collection, control testing, vendor assessments, DPIAs, and audit preparation
- Design new GRC automations end-to-end: scope the workflow, build the agent or tool, validate outputs, and roll it out with the rest of the GRC team
- Build internal tools and integrations using AI coding agents (Claude Code, Cursor, or equivalents) to extend in-house GRC systems and Jira-based workflows
- Continuously evaluate agent performance, refine prompts and tool definitions, and improve coverage and accuracy of automated controls

### Audit, Assurance, and Compliance
- Lead the ISO 27001:2022 surveillance and recertification cycles, and SOC 1 and SOC 2 Type 2 audits, end-to-end
- Plan and execute Rokt's internal audit program (user access, exemptions, DPIAs, SCF controls, AI controls), ideally with agent-assisted execution
- Drive external auditor engagement, evidence collection, and remediation tracking
- Manage the processing of client security questionnaires using and continuously improving the questionnaire agent
- Maintain and evolve ISMS performance metrics, including new metrics covering AI control effectiveness and automation coverage
- Coordinate Rokt's security calendar including audit windows
- Produce and maintain quality procedure documentation co-authored with AI assistance

## Requirements

### Compliance and Audit Experience
- 4+ years of relevant experience in Governance, Risk & Compliance, ideally in a fast-moving tech environment
- Working knowledge of ISO 27000 family, SOC 1, SOC 2, NIST CSF, and privacy regulations (GDPR, CCPA, CPRA); bonus for PCI-DSS, CIS, SCF, ISO 42001, NIST AI RMF
- Hands-on internal auditing experience against ISO 27001 and SOC 2
- Track record managing external audits end-to-end, including evidence collection, auditor engagement, and findings remediation
- Solid grasp of controller/processor concepts and broader privacy fundamentals

### AI and Technical Skills
- Demonstrated experience designing and shipping agentic AI systems — not just using a chatbot; built agents that take actions, call tools, integrate with APIs, and complete multi-step workflows
- Comfortable using AI coding agents (Claude Code, Cursor, Copilot, or similar) to build and maintain internal tools; able to read, modify, and ship code even if not a software engineer
- Familiarity with at least one agent framework (Google ADK, LangGraph, OpenAI Agents SDK, MCP, or similar) and the core patterns: tool use, memory, evaluation, guardrails
- Understanding of LLM risks and controls — prompt injection, model misuse, agent autonomy, data leakage — and how they map to frameworks like OWASP Agentic Top 10 or NIST AI RMF
- Working knowledge of basic IT, cloud (AWS preferred), APIs, and SQL
- Comfort with version control (Git/GitHub) and basic scripting (Python or TypeScript)

### Ways of Working
- Strong written and verbal communication; able to translate technical detail into business language for leadership, clients, and auditors
- Demonstrated ability to break complex compliance requirements into scalable, automated processes that don't slow the business down
- Bias for shipping, comfort with ambiguity, and a builder mindset
- Strong attention to detail balanced with willingness to use AI to extend it
- Highly responsive, autonomous, and resilient

## Compensation
Target total compensation ranges from $214,000 - $255,000, including a fixed annual salary of $174,000- $215,000, an employee equity plan grant, and world-class benefits.

## Similar roles

- [Senior Platform Engineer, Security](https://hotfix.jobs/jobs/66279d2d-a2ec-42c9-8617-3e15e999ebac) - Doxel - San Francisco, CA - $175k – $220k/yr
- [Senior Software Engineer, Security](https://hotfix.jobs/jobs/5ceaaeac-36b0-4169-9a44-fb4df6a5ceb6) - Crusoe - San Francisco, CA - $175k – $210k/yr
- [Senior Security Engineer](https://hotfix.jobs/jobs/597fe572-d370-4678-b5bb-e0e085fe5586) - Sigma - San Francisco, CA - $175k – $220k/yr
- [Senior Security Engineer - Data Security](https://hotfix.jobs/jobs/4ecc0e54-09f4-4a68-a2b7-2892ff1da3e7) - Sigma - San Francisco, CA - $175k – $220k/yr
- [Senior Software Engineer, IAM](https://hotfix.jobs/jobs/75964512-28fe-4e24-81d1-6aade7263cde) - Crusoe - San Francisco, CA - $175k – $220k/yr

**Apply:** https://hotfix.jobs/jobs/8413b7c3-5dc3-4909-81d6-821934e12890
**Canonical:** https://hotfix.jobs/jobs/8413b7c3-5dc3-4909-81d6-821934e12890