# GRC Engineer

**Company:** [Replit](https://hotfix.jobs/companies/replit)
**Location:** Foster City, CA
**Role:** Security Engineering
**Salary:** $210k – $320k/yr
**Experience:** 8+ years
**Skills:** SOC 2, ISO 27001, GCP, AWS, Vanta, Drata, PCI, HIPAA, FedRAMP, Itar
**Posted:** 2026-05-13

> Builds and automates GRC systems for compliance-as-code, manages risk registers, and collaborates with engineering, legal, sales, and auditors to enable secure enterprise growth. Requires 8+ years in GRC/security with cloud fluency and automation experience.

## Job Description

## What You'll Do

### Technical Excellence & Architecture
- Act as a technical subject matter expert for the GRC team. Drive quality, technical depth, and operational efficiency in security controls.
- Own the technical vision for Replit’s GRC program, moving from manual workflows to "Compliance-as-Code" and automated evidence collection.
- Champion a culture of security and privacy across the company, educating teams on controls.

### Cross-Functional Collaboration
- Partner with Architects and Engineering Leads to "bake in" compliance requirements early in design phase.
- Work with Legal Counsel on Privacy (GDPR, CCPA) and AI regulations (e.g., EU AI Act).
- Enable Sales team by managing Customer Trust Center and handling security questionnaires.
- Own relationships with external auditors.

### Risk Management & Strategic Compliance
- Operate the Cybersecurity Risk Register: identify, quantify, and track risks.
- Manage compliance posture across SOC 2, ISO 27001; prepare for FedRAMP, ITAR, PCI, HIPAA.
- Apply pragmatic governance, prioritizing real risks over "compliance theater."

### Automation & Efficiency
- Drive shift to continuous monitoring and automate audit work.
- Architect scalable framework for third-party vendor and AI model provider assessments.

## Required Skills & Experience
- 8+ years in GRC or Information Security.
- Technical fluency in engineering, cloud (**GCP**, **AWS**), and security architecture.
- Deep experience with **SOC 2**, **ISO 27001**, **PCI**, **HIPAA**, and Privacy laws.
- Strong communication to explain risks to technical, legal, and commercial stakeholders.
- Experience with **GRC automation tools** (e.g., **Vanta**, **Drata**).

## Bonus Qualifications
- Familiarity with **FedRAMP**, **ITAR**, or AI regulation.

## Similar roles

- [Third Party Risk Management and Customer Trust Lead](https://hotfix.jobs/jobs/a02101ec-ba56-4b5e-846a-a8202503f128) - Replit - Foster City, CA - $210k – $270k/yr
- [Lead Security Engineer](https://hotfix.jobs/jobs/e762b76c-17f9-47e7-a810-209649f33103) - Alembic - San Francisco, CA - $210k – $240k/yr
- [Sr. Engineering Manager, Application Security](https://hotfix.jobs/jobs/aafc2a7e-e3fc-48d4-8b51-63c09c589066) - Betterment - New York, NY - $210k – $250k/yr
- [Senior Software Engineer, Fraud](https://hotfix.jobs/jobs/b8f1b1fc-f154-404f-b6b9-43b54c2c57d9) - Replit - Foster City, CA - $210k – $265k/yr
- [Senior Software Engineer, Risk](https://hotfix.jobs/jobs/d80316cf-96fe-4f12-b18f-15c35c59537a) - Replit - Foster City, CA - $210k – $265k/yr

**Apply:** https://hotfix.jobs/jobs/a351d8cc-9815-4ca4-bc2d-6009e7fb573c
**Canonical:** https://hotfix.jobs/jobs/a351d8cc-9815-4ca4-bc2d-6009e7fb573c