# Risk and Compliance Lead

**Company:** [Applied Intuition](https://hotfix.jobs/companies/applied-intuition)
**Location:** Sunnyvale, CA
**Role:** Security Engineering
**Salary:** $160k – $190k/yr
**Experience:** 6+ years
**Skills:** GRC, SOC 2, ISO 27001, Tisax, Nist 800-53, Third Party Risk Management, Vanta, Drata, Onetrust, Risk Assessments, Iso 9001
**Posted:** 2026-04-21

> Leads security GRC program, conducts enterprise risk assessments, manages compliance audits like SOC2/ISO 27001/TISAX, drives TPRM, and builds GRC infrastructure. Requires 6+ years in security compliance with hands-on audit and tooling experience.

## Job Description

## Responsibilities

- Own and mature the security GRC program, including policy lifecycle management, risk register maintenance, and control framework alignment across the organization
- Conduct comprehensive enterprise and product-level risk assessments to identify, prioritize, and track risks against the company's risk appetite - translating findings into actionable remediation plans for stakeholders
- Lead, manage and support compliance efforts such as, but not limited to, **SOC2**, **ISO 27001**, **ISO 9001**, **TISAX**, and federal/defense requirements - owning audit readiness, evidence collection, and remediation tracking end to end
- Drive Third Party Risk Management (TPRM) program, including vendor assessments, contract security reviews, and ongoing monitoring of critical third parties
- Build and maintain the GRC program infrastructure - including risk tracking, compliance tooling, reporting cadences, and executive-level risk reporting
- Partner with Legal, Engineering, IT, and Operations to embed compliance and risk requirements into business processes, product development, and infrastructure decisions
- Develop and maintain security policies, standards, and procedures that are practical, enforceable, and aligned to regulatory and contractual obligations
- Support customer-facing security assurance activities including questionnaires, audits, and contractual security reviews

## Requirements

- 6+ years of experience in security GRC, risk management, or compliance program ownership - with a track record of building or maturing programs, not just executing within them
- Hands on experience in running Enterprise Risk Assessments aligned with industry standard frameworks, risk register ownership, and translating technical risk into business-level impact
- Past experience of running Security Maturity Assessments against **NIST 800-53**, **CCF**, and more
- Deep hands-on experience managing **SOC 2**, **ISO 27001**, and **TISAX** audits - including scoping, control mapping, evidence coordination, and auditor management
- Experience running Third Party Risk Management programs including vendor tiering, security assessments, and ongoing monitoring
- Ability to interpret compliance frameworks in practical terms and drive cross-functional remediation without direct authority
- Strong communication skills - comfortable presenting risk posture and program status to executive leadership and board-level stakeholders
- Experience with GRC tooling such as **Vanta**, **Drata**, **OneTrust**, or similar platforms

## Nice to Have

- Experience with Automotive security and safety compliance frameworks such as **ISO 21434**, **ISO 26262**
- Certifications such as **CISSP**

## Compensation

- Base salary range: **$160,000 - $190,000 USD** annually
- Equity, comprehensive health/dental/vision/life/disability insurance, 401k with employer match, learning/wellness stipends, paid time off

## Similar roles

- [Senior Security Engineer, Infrastructure & Network Security](https://hotfix.jobs/jobs/4bc3d67a-e623-4dfb-8bfa-fe2c37c466de) - Metropolis - Los Angeles, CA - $160k – $215k/yr
- [Senior Software Engineer, Information Security](https://hotfix.jobs/jobs/cfb1c219-740b-4c2e-a88a-ee445503e8cf) - Commure - Mountain View, CA - $160k – $190k/yr
- [Senior Detection and Response Engineer](https://hotfix.jobs/jobs/6629046c-0300-405d-98d6-7714b915f80e) - Northwood Space - Los Angeles, CA - $160k – $220k/yr
- [Senior Security Engineer (Space Communications)](https://hotfix.jobs/jobs/977d0296-471c-447a-a001-2823a3a0e081) - Northwood Space - Los Angeles, CA - $160k – $220k/yr
- [Senior Detection Engineer, Federal](https://hotfix.jobs/jobs/2ef1fb4e-1d9d-44e5-b676-738678d498c5) - Ramp - New York, NY - $160k – $221k/yr

**Apply:** https://hotfix.jobs/jobs/ff22e575-8f69-42e8-b7e9-fa241fc5a176
**Canonical:** https://hotfix.jobs/jobs/ff22e575-8f69-42e8-b7e9-fa241fc5a176