GRC Automation & Assurance Lead

Responsibilities

AI Automation and Tooling

• Architect, build, and maintain agents on Rokt's internal Security Agent Suite for GRC workflows, including client security questionnaires, evidence collection, control testing, vendor assessments, DPIAs, and audit preparation
• Design new GRC automations end-to-end: scope the workflow, build the agent or tool, validate outputs, and roll it out with the rest of the GRC team
• Build internal tools and integrations using AI coding agents (Claude Code, Cursor, or equivalents) to extend in-house GRC systems and Jira-based workflows
• Continuously evaluate agent performance, refine prompts and tool definitions, and improve coverage and accuracy of automated controls

Audit, Assurance, and Compliance

• Lead the ISO 27001:2022 surveillance and recertification cycles, and SOC 1 and SOC 2 Type 2 audits, end-to-end
• Plan and execute Rokt's internal audit program (user access, exemptions, DPIAs, SCF controls, AI controls), ideally with agent-assisted execution
• Drive external auditor engagement, evidence collection, and remediation tracking
• Manage the processing of client security questionnaires using and continuously improving the questionnaire agent
• Maintain and evolve ISMS performance metrics, including new metrics covering AI control effectiveness and automation coverage
• Coordinate Rokt's security calendar including audit windows
• Produce and maintain quality procedure documentation co-authored with AI assistance

Requirements

Compliance and Audit Experience

• 4+ years of relevant experience in Governance, Risk & Compliance, ideally in a fast-moving tech environment
• Working knowledge of ISO 27000 family, SOC 1, SOC 2, NIST CSF, and privacy regulations (GDPR, CCPA, CPRA); bonus for PCI-DSS, CIS, SCF, ISO 42001, NIST AI RMF
• Hands-on internal auditing experience against ISO 27001 and SOC 2
• Track record managing external audits end-to-end, including evidence collection, auditor engagement, and findings remediation
• Solid grasp of controller/processor concepts and broader privacy fundamentals

AI and Technical Skills

• Demonstrated experience designing and shipping agentic AI systems — not just using a chatbot; built agents that take actions, call tools, integrate with APIs, and complete multi-step workflows
• Comfortable using AI coding agents (Claude Code, Cursor, Copilot, or similar) to build and maintain internal tools; able to read, modify, and ship code even if not a software engineer
• Familiarity with at least one agent framework (Google ADK, LangGraph, OpenAI Agents SDK, MCP, or similar) and the core patterns: tool use, memory, evaluation, guardrails
• Understanding of LLM risks and controls — prompt injection, model misuse, agent autonomy, data leakage — and how they map to frameworks like OWASP Agentic Top 10 or NIST AI RMF
• Working knowledge of basic IT, cloud (AWS preferred), APIs, and SQL
• Comfort with version control (Git/GitHub) and basic scripting (Python or TypeScript)

Ways of Working

• Strong written and verbal communication; able to translate technical detail into business language for leadership, clients, and auditors
• Demonstrated ability to break complex compliance requirements into scalable, automated processes that don't slow the business down
• Bias for shipping, comfort with ambiguity, and a builder mindset
• Strong attention to detail balanced with willingness to use AI to extend it
• Highly responsive, autonomous, and resilient

Compensation

Target total compensation ranges from $214,000 - $255,000, including a fixed annual salary of $174,000- $215,000, an employee equity plan grant, and world-class benefits.