GRC Engineer

What You'll Do

Technical Excellence & Architecture

• Act as a technical subject matter expert for the GRC team. Drive quality, technical depth, and operational efficiency in security controls.
• Own the technical vision for Replit’s GRC program, moving from manual workflows to "Compliance-as-Code" and automated evidence collection.
• Champion a culture of security and privacy across the company, educating teams on controls.

Cross-Functional Collaboration

• Partner with Architects and Engineering Leads to "bake in" compliance requirements early in design phase.
• Work with Legal Counsel on Privacy (GDPR, CCPA) and AI regulations (e.g., EU AI Act).
• Enable Sales team by managing Customer Trust Center and handling security questionnaires.
• Own relationships with external auditors.

Risk Management & Strategic Compliance

• Operate the Cybersecurity Risk Register: identify, quantify, and track risks.
• Manage compliance posture across SOC 2, ISO 27001; prepare for FedRAMP, ITAR, PCI, HIPAA.
• Apply pragmatic governance, prioritizing real risks over "compliance theater."

Automation & Efficiency

• Drive shift to continuous monitoring and automate audit work.
• Architect scalable framework for third-party vendor and AI model provider assessments.

Required Skills & Experience

• 8+ years in GRC or Information Security.
• Technical fluency in engineering, cloud (GCP, AWS), and security architecture.
• Deep experience with SOC 2, ISO 27001, PCI, HIPAA, and Privacy laws.
• Strong communication to explain risks to technical, legal, and commercial stakeholders.
• Experience with GRC automation tools (e.g., Vanta, Drata).

Bonus Qualifications

• Familiarity with FedRAMP, ITAR, or AI regulation.