Jobs · Management · California

Founding GRC Lead

Pallet · San Francisco, CA · 3 wk ago
On-siteManagement$175k–$225k/yrFull-time

About the role

Pallet is hiring its first dedicated GRC leader to own how we earn and keep trust: with customers, auditors, and regulators. You'll run our SOC 1 and SOC 2 programs, build our GDPR and CCPA privacy operations, and work shoulder-to-shoulder with engineering, product, sales, and legal to make compliance something Pallet is good at, not something it survives. This role reports directly to leadership and is the foundation of a function you will one end to end, and eventually grow.

Responsibilities

  • Run SOC 1 and SOC 2 Type II audit cycles end to end: control design, evidence automation, auditor relationships, and clean reports delivered on schedule, every cycle.
  • Build Pallet's privacy program for GDPR and CCPA/CPRA: data inventory and mapping, DSAR handling, DPAs, and privacy reviews baked into product development.
  • Primary point of contact for external auditors and assessors in collecting evidence, audit responses, timelines. Translate audit findings into actionable plans.
  • Implement continuous-compliance infrastructure so audit readiness is a byproduct of how we operate, not an annual fire drill.
  • Earn security and privacy controls into engineering and product workflows, earning adoption through partnership rather than mandate.
  • Stand up vendor risk management: security reviews, DPA negotiation support, and an ongoing third-party risk register.
  • Own the customer-facing trust motion (security questionnaires, trust center, customer audits) and measurably shorten enterprise sales cycles.

Requirements

  • 7–12 years across GRC, security compliance, or audit, including full ownership of at least two SOC 2 Type II cycles.
  • Built or significantly matured SOC, ISO, GDPR, and privacy compliance programs in-house - you've operationalized privacy, not just advised on it.
  • Tech credible with engineers: comfortable discussing access controls, encryption, logging, and cloud infrastructure (AWS/GCP) without needing translation.
  • Deep hands-on experience with compliance automation platforms and evidence workflows.
  • Startup-calibrated judgment: you know which risks matter, build lightweight process, and have certifications (CISA, CISSP, ISO 27001 LA) as a bonus rather than a substitute for experience.

Benefits

  • Health, Vision, and Dental benefits
  • Flexible PTO
  • Life Insurance and Accidental Insurance
  • Short-Term Disability Coverage
  • Generous salary and equity for all staff
  • 401k option; helping you save for the future
  • Paid parental leave to support growing families
  • Yearly learning and development stipend
  • Commuter benefits for Bay Area employees
  • Uber ride stipend if you ever have to work late in the office
  • Remote office home stipend to get you comfy in your space
  • Daily catered lunches provided
  • Onboarding trip to San Francisco HQ if you work remotely
  • Monthly happy hours
  • Annual Company Offsites; our last one was in Palm Springs CA 🌴

Similar jobs

GRC Lead

Brain Co.San Francisco Bay Area· 1 wk ago
Management$375/hrapply on jobs.ashbyhq.com

Security GRC Lead

SalesforceHerndon, VA· Today
$149k–$224k/yrapply on salesforce.wd12.myworkdayjobs.com

Founding GTM Lead

SlingshotNew York, NY· 5 days ago
Management$93/hrapply on radical.getro.com

Founding GTM Lead

Ash by Slingshot AINew York, NY· 1 wk ago
Management$93/hrapply on slingshotai.com

Founding GTM Lead

InfiniteSan Francisco, CA· 1 mo ago
Managementapply on jobs.ashbyhq.com