# GRC Engineer
**Company:** [Replit](https://hotfix.jobs/companies/replit)
**Location:** Foster City, CA
**Salary:** $210K-$320K
**Experience:** 8+ years
**Skills:** SOC 2, ISO 27001, GCP, AWS, Vanta, Drata, PCI, HIPAA, FedRAMP, Itar
**Posted:** 2026-05-13
> Builds and automates GRC systems for compliance-as-code, manages risk registers, and collaborates with engineering, legal, sales, and auditors to enable secure enterprise growth. Requires 8+ years in GRC/security with cloud fluency and automation experience.
## Job Description
## What You'll Do

### Technical Excellence & Architecture
- Act as a technical subject matter expert for the GRC team. Drive quality, technical depth, and operational efficiency in security controls.
- Own the technical vision for Replit’s GRC program, moving from manual workflows to "Compliance-as-Code" and automated evidence collection.
- Champion a culture of security and privacy across the company, educating teams on controls.

### Cross-Functional Collaboration
- Partner with Architects and Engineering Leads to "bake in" compliance requirements early in design phase.
- Work with Legal Counsel on Privacy (GDPR, CCPA) and AI regulations (e.g., EU AI Act).
- Enable Sales team by managing Customer Trust Center and handling security questionnaires.
- Own relationships with external auditors.

### Risk Management & Strategic Compliance
- Operate the Cybersecurity Risk Register: identify, quantify, and track risks.
- Manage compliance posture across SOC 2, ISO 27001; prepare for FedRAMP, ITAR, PCI, HIPAA.
- Apply pragmatic governance, prioritizing real risks over "compliance theater."

### Automation & Efficiency
- Drive shift to continuous monitoring and automate audit work.
- Architect scalable framework for third-party vendor and AI model provider assessments.

## Required Skills & Experience
- 8+ years in GRC or Information Security.
- Technical fluency in engineering, cloud (**GCP**, **AWS**), and security architecture.
- Deep experience with **SOC 2**, **ISO 27001**, **PCI**, **HIPAA**, and Privacy laws.
- Strong communication to explain risks to technical, legal, and commercial stakeholders.
- Experience with **GRC automation tools** (e.g., **Vanta**, **Drata**).

## Bonus Qualifications
- Familiarity with **FedRAMP**, **ITAR**, or AI regulation.
**Apply:** https://hotfix.jobs/jobs/grc-engineer-at-replit-a351d8cc-9815-4ca4-bc2d-6009e7fb573c
**Canonical:** https://hotfix.jobs/jobs/grc-engineer-at-replit-a351d8cc-9815-4ca4-bc2d-6009e7fb573c