Skip to content
Applied IntuitionApplied IntuitionSunnyvale, CA

Risk and Compliance Lead

Leads security GRC program, conducts enterprise risk assessments, manages compliance audits like SOC2/ISO 27001/TISAX, drives TPRM, and builds GRC infrastructure. Requires 6+ years in security compliance with hands-on audit and tooling experience.

160k – 190k/yr
On-site6+ YOESecurity Engineering

About the role

Responsibilities

  • Own and mature the security GRC program, including policy lifecycle management, risk register maintenance, and control framework alignment across the organization
  • Conduct comprehensive enterprise and product-level risk assessments to identify, prioritize, and track risks against the company's risk appetite - translating findings into actionable remediation plans for stakeholders
  • Lead, manage and support compliance efforts such as, but not limited to, SOC2, ISO 27001, ISO 9001, TISAX, and federal/defense requirements - owning audit readiness, evidence collection, and remediation tracking end to end
  • Drive Third Party Risk Management (TPRM) program, including vendor assessments, contract security reviews, and ongoing monitoring of critical third parties
  • Build and maintain the GRC program infrastructure - including risk tracking, compliance tooling, reporting cadences, and executive-level risk reporting
  • Partner with Legal, Engineering, IT, and Operations to embed compliance and risk requirements into business processes, product development, and infrastructure decisions
  • Develop and maintain security policies, standards, and procedures that are practical, enforceable, and aligned to regulatory and contractual obligations
  • Support customer-facing security assurance activities including questionnaires, audits, and contractual security reviews

Requirements

  • 6+ years of experience in security GRC, risk management, or compliance program ownership - with a track record of building or maturing programs, not just executing within them
  • Hands on experience in running Enterprise Risk Assessments aligned with industry standard frameworks, risk register ownership, and translating technical risk into business-level impact
  • Past experience of running Security Maturity Assessments against NIST 800-53, CCF, and more
  • Deep hands-on experience managing SOC 2, ISO 27001, and TISAX audits - including scoping, control mapping, evidence coordination, and auditor management
  • Experience running Third Party Risk Management programs including vendor tiering, security assessments, and ongoing monitoring
  • Ability to interpret compliance frameworks in practical terms and drive cross-functional remediation without direct authority
  • Strong communication skills - comfortable presenting risk posture and program status to executive leadership and board-level stakeholders
  • Experience with GRC tooling such as Vanta, Drata, OneTrust, or similar platforms

Nice to Have

  • Experience with Automotive security and safety compliance frameworks such as ISO 21434, ISO 26262
  • Certifications such as CISSP

Compensation

  • Base salary range: $160,000 - $190,000 USD annually
  • Equity, comprehensive health/dental/vision/life/disability insurance, 401k with employer match, learning/wellness stipends, paid time off

Skills

GRCSOC 2ISO 27001TisaxNist 800-53Third Party Risk ManagementVantaDrataOnetrustRisk AssessmentsIso 9001
Metropolis

Senior Security Engineer, Infrastructure & Network Security

MetropolisLos Angeles, CA

Lead AWS and network security infrastructure, zero-trust initiatives, and cloud automation for enterprise environments. Requires strong AWS, networking, IAM, and scripting experience.

160k – 215k/yr
On-site5+ YOESecurity Engineering
Commure

Senior Software Engineer, Information Security

CommureMountain View, CA

Senior Software Engineer architects scalable detection frameworks, integrates threat intelligence into automated security pipelines, and builds AI-driven security operations using Python, Java, and tools like Splunk and AWS. Requires 6+ years experience, bachelor's in CS/cybersecurity, and expertise in SIEMs, cloud security, and compliance.

160k – 190k/yr
Hybrid6+ YOESecurity Engineering
Northwood Space

Senior Detection and Response Engineer

Northwood SpaceLos Angeles, CA +1

Leads security operations center for space infrastructure, building detection rules, hunting threats across satellite ground stations and cloud environments, and managing incident response for mission-critical systems. Requires 5+ years SOC experience, SIEM proficiency, and scripting skills.

160k – 220k/yr
On-site5+ YOESecurity Engineering
Northwood Space

Senior Security Engineer (Space Communications)

Northwood SpaceLos Angeles, CA +2

Designs and implements security architectures for global phased array ground stations and space communication protocols. Owns full-stack security, compliance (FedRAMP, NIST 800-171), incident response for mission-critical satellite infrastructure requiring 5+ years IaC experience and TS/SCI eligibility.

160k – 220k/yr
Hybrid5+ YOESecurity Engineering
Ramp

Senior Detection Engineer, Federal

RampNew York, NY

Senior Detection Engineer responds to security incidents, triages alerts, tunes runbooks, and builds automation for threat detection in federal environments. Requires 3-4 years IT experience, SOC background, and log analysis tools like ELK/Datadog.

160k – 221k/yr
Hybrid3+ YOESecurity Engineering