Applied Methods
~The MetaSecuritySecurity GRC & Compliance

Security GRC & Compliance

Professionals in this role design and scale compliance programs that enable AI companies to operate securely across multiple regulatory frameworks—SOC 2, ISO 27001, FedRAMP, and emerging AI governance standards. Day-to-day, they conduct risk assessments, build automation to embed compliance into engineering workflows, respond to customer security questionnaires, and manage audit readiness across cloud infrastructure and AI-specific controls. What distinguishes this work is the technical depth required: rather than purely policy-focused compliance, these roles demand hands-on experience implementing controls, scripting automation, and translating complex regulatory requirements into practical controls that don't slow product velocity. They typically sit within security organizations reporting to CISOs or governance leaders, partnering closely with engineering, product, and sales teams to balance compliance rigor with business growth in fast-moving AI environments.

$ titles --canonical
Compliance EngineerGRC ManagerSecurity Compliance, Lead
Open Jobs43
Companies Hiring26
$02

Skills

What companies are looking for in this role.

$ skills --core

Implementing and auditing against security compliance frameworks such as ISO 27001, SOC 2, FedRAMP, NIST, and HIPAA

95%

Identifying, assessing, and prioritizing organizational risks across cybersecurity, regulatory, and operational domains

92%

Developing and maintaining security policies, procedures, and documentation aligned with regulatory requirements

90%

Designing and implementing risk mitigation strategies including monitoring systems, contingency plans, and vulnerability management

88%

Conducting internal and external security audits and assessments

88%

Maintaining audit readiness through documentation, evidence management, and control demonstration

87%

Establishing and managing control mapping, evidence standards, and testing approaches

86%

Translating technical implementations into audit narratives and control documentation

85%

Managing authorization and accreditation processes with government agencies and third-party assessors

85%

Developing risk registers, risk assessment methodologies, and risk-based decision making frameworks

84%

Responding to customer security questionnaires and RFP requests with technical accuracy and credibility

83%

Managing vendor risk and third-party security assessments

82%

Managing Plans of Action and Milestones and tracking remediation efforts

81%

Designing control narratives that accurately represent technical implementation and compliance intent

80%

Executing user access reviews and maintaining access control systems

80%

Supporting System Security Plans, Risk Management Framework documentation, and authorization packages

78%

Evaluating technical implementations in cloud, containerization, and CI/CD environments against compliance requirements

76%

Designing and implementing classified information security programs and controls

75%

Managing security awareness training programs and compliance tracking across the organization

72%
$ skills --emerging

Building and scaling compliance automation and compliance-as-code infrastructure

78%

Automating evidence collection, monitoring, and continuous compliance using technical tools and scripting

72%

Implementing AI governance frameworks and responsible AI compliance measures

65%

Using AI-augmented tools and large language models to accelerate compliance documentation and analysis

60%
$ skills --soft

Collaborating across cross-functional teams including engineering, product, sales, and legal to integrate compliance requirements

90%

Communicating complex compliance and security concepts to technical and non-technical stakeholders

88%

Managing program execution, timelines, and accountability for large, complex compliance initiatives

82%

Leading and developing high-performing GRC teams with focus on quality and accountability

75%

Driving organizational change and building a culture of compliance and security awareness

72%

Building and maintaining customer trust through transparent security posture communication and assurance

70%

Coaching teams on translating customer and regulatory requirements into technical and operational capabilities

68%
$03

Technology

The tools and technologies that define this role.

$ tech --language
Pythonmoderate
Golow
$ tech --platform
AWShigh
Azuremoderate
GCPmoderate
GitHubmoderate
Kubernetesmoderate
$ tech --tool
Vantamoderate
Jira Service Desklow
SafeBaselow
$ tech --concept
ATOvery high
FedRAMPvery high
ISO 27001very high
NIST 800-53very high
SOC 2very high
3PAOhigh
CI/CDhigh
CMMChigh
HIPAAhigh
ISO 27701high
NIST 800-171high
NIST CSFhigh
Plan of Action and Milestoneshigh
Risk Management Frameworkhigh
System Security Planhigh
CCPAmoderate
CIS Controlsmoderate
DevOpsmoderate
DoD Cloud Computing SRGmoderate
EU AI Actmoderate
GDPRmoderate
ISO 42001moderate
ISSOmoderate
LLMmoderate
NISPOMmoderate
PCI DSSmoderate
STIGmoderate
BSI IT-Grundschutzlow
CJISlow
Cross Domain Solutionslow
GovRAMPlow
ICD-503low
JWICSlow
Observability toolslow
SIPRlow
SRElow
StateRAMPlow
$04

Open Jobs

43 open Security GRC & Compliance jobs across 26 companies.

Scale AI3d
Technical Assurance Lead
Washington, DC·Security
Fireworks AI5d
Senior GRC Specialist
San Mateo, CA·Security
Scale AI2w
EMEA Assurance Lead
Doha, Qatar; London, UK; Dubai, UAE·Security
Gong2w
Senior Security GRC Lead
Austin | Chicago | New York City | Salt Lake City | San Francisco·Security
Runway2w
Member of GRC Staff
Remote·Security
True Anomaly3w
Director of Government Security
Denver, CO·Security
CHAOS Industries3w
Information Systems Security Manager
El Segundo, California, United States·Security
CHAOS Industries3w
Information Systems Security Officer
El Segundo, California, United States·Security
Nebius3w
Security & GRC Analyst (Agentic Search)
Israel·Security
Cohere3w
Senior GRC Specialist
Toronto·Security
OpenAI4w
GRC Program Manager, Product and Customer Trust
San Francisco·Security
Shield AI4w
Senior Staff Cybersecurity Engineer, Platform Security (R5219)
San Diego, California·Security
Linear4w
Compliance & Trust Lead
North America·Security
LangChain1mo
Security Compliance Analyst, Privacy
San Francisco, CA·Security
Anthropic1mo
Staff+ Security Engineer, Risk Engineering
San Francisco, CA | New York City, NY | Seattle, WA·Security
Anthropic1mo
Security Controls Assurance Lead
San Francisco, CA | New York City, NY | Washington, DC·Security
Figma1mo
Governance Risk and Compliance
San Francisco, CA • New York, NY • United States·Security
Shield AI1mo
Staff COMSEC Officer (R4904)
Washington, DC·Security
Vanta1mo
Senior AI GRC Engineer
Remote U.S.·Security
Sierra1mo
Vendor Security Manager
San Francisco, CA·Security