Founding GRC Lead
Pallet · San Francisco, CA · 3 wk ago
On-siteManagement$175k–$225k/yrFull-time
About the role
Pallet is hiring its first dedicated GRC leader to own how we earn and keep trust: with customers, auditors, and regulators. You'll run our SOC 1 and SOC 2 programs, build our GDPR and CCPA privacy operations, and work shoulder-to-shoulder with engineering, product, sales, and legal to make compliance something Pallet is good at, not something it survives. This role reports directly to leadership and is the foundation of a function you will one end to end, and eventually grow.
Responsibilities
- Run SOC 1 and SOC 2 Type II audit cycles end to end: control design, evidence automation, auditor relationships, and clean reports delivered on schedule, every cycle.
- Build Pallet's privacy program for GDPR and CCPA/CPRA: data inventory and mapping, DSAR handling, DPAs, and privacy reviews baked into product development.
- Primary point of contact for external auditors and assessors in collecting evidence, audit responses, timelines. Translate audit findings into actionable plans.
- Implement continuous-compliance infrastructure so audit readiness is a byproduct of how we operate, not an annual fire drill.
- Earn security and privacy controls into engineering and product workflows, earning adoption through partnership rather than mandate.
- Stand up vendor risk management: security reviews, DPA negotiation support, and an ongoing third-party risk register.
- Own the customer-facing trust motion (security questionnaires, trust center, customer audits) and measurably shorten enterprise sales cycles.
Requirements
- 7–12 years across GRC, security compliance, or audit, including full ownership of at least two SOC 2 Type II cycles.
- Built or significantly matured SOC, ISO, GDPR, and privacy compliance programs in-house - you've operationalized privacy, not just advised on it.
- Tech credible with engineers: comfortable discussing access controls, encryption, logging, and cloud infrastructure (AWS/GCP) without needing translation.
- Deep hands-on experience with compliance automation platforms and evidence workflows.
- Startup-calibrated judgment: you know which risks matter, build lightweight process, and have certifications (CISA, CISSP, ISO 27001 LA) as a bonus rather than a substitute for experience.
Benefits
- Health, Vision, and Dental benefits
- Flexible PTO
- Life Insurance and Accidental Insurance
- Short-Term Disability Coverage
- Generous salary and equity for all staff
- 401k option; helping you save for the future
- Paid parental leave to support growing families
- Yearly learning and development stipend
- Commuter benefits for Bay Area employees
- Uber ride stipend if you ever have to work late in the office
- Remote office home stipend to get you comfy in your space
- Daily catered lunches provided
- Onboarding trip to San Francisco HQ if you work remotely
- Monthly happy hours
- Annual Company Offsites; our last one was in Palm Springs CA 🌴