Member of Technical Staff, GRC (Senior/Lead)

What You’ll Do

Build and own compliance programs

• Own SOC 1, SOC 2 Type II, ISO 27001, and ISO 42001 end-to-end, including scope, audits, controls, and remediation
• Translate compliance requirements into practical operating processes across IT, Engineering, Security, Legal, Finance, and People
• Ensure controls have clear owners, evidence expectations, and remediation paths as Basis scales

Build GRC systems and automation

• Build the source of truth for controls, evidence, ownership, audit readiness, and remediation tracking
• Automate evidence collection, control monitoring, access reviews, risk tracking, and reporting wherever possible
• Use AI to improve speed and quality across control mapping, policies, questionnaires, audit prep, and internal documentation

Own vendor risk and customer trust workflows

• Run third-party risk reviews and track remediation through completion
• Own customer security questionnaires, trust materials, and related diligence
• Maintain a clear risk register with real follow-through, not just documentation

Partner across the company

• Turn audit, customer, and regulatory requirements into clear control owners, operating processes, and follow-through
• Work with IT and Engineering to make identity, device, endpoint, infrastructure, and SDLC controls real and auditable
• Help teams move quickly by making risk decisions explicit, practical, and easy to act on

Who You Are

• You own outcomes. You’ve owned audits, controls, evidence, remediation, vendor risk, and customer trust workflows end-to-end.
• You know the work firsthand. You’ve personally run SOC 1, SOC 2, ISO 27001, or similar programs — not just managed them from a distance.
• You build from first principles. You turn messy, manual compliance work into simple systems that scale.
• You are technically fluent. You can translate frameworks into controls that IT, engineering, and security teams can actually operate.
• You move fast without lowering the bar. You make pragmatic risk decisions, drive follow-through, and avoid process for process’s sake.
• You are AI-first. You use AI to improve speed and quality across evidence collection, control mapping, policies, questionnaires, reporting, and documentation.
• You communicate clearly. You write in plain English, explain tradeoffs, and work well across Legal, Finance, People, IT, Engineering, Security, and GTM.
• You’ve worked in high-trust environments. Ideally, you’ve helped build or mature GRC in a fast-growing SaaS, fintech, security, or AI company, and have exposure to ISO 42001, NIST AI RMF, Drata, or customer trust workflows.

Benefits at Basis

• Health & Wellness: Premium Medical, Dental, and Vision coverage; Life Insurance; and 6 coaching & 6 therapy sessions through Spring Health.
• Time off: Unlimited PTO + 12 paid company holidays.
• In-Office Perks: Daily meal stipends, a fully stocked kitchen, and $300 toward your custom desk setup.
• Financial Benefits: Pre-tax commuter benefits and 401(k) retirement plan.
• Team Culture: Monthly office activities and frequent optional team happy hours.
• Parental Leave