Senior GRC Engineer
Life360 · United States · 3 wk ago
RemoteRemoteEngineering$116k–$213k/yrFull-time
About the role
Life360 is a Remote-First company, which means a remote work environment will be the primary experience for all employees. This role is based in the United States.
Responsibilities
- Own the governance framework for Life360's agentic systems.
- Define policies, control sets, and compliance posture for agentic systems.
- Automate evidence collection, draft control narratives, and triage vendor questionnaires using AI and internal tooling.
- Build integrations and pipelines to automate compliance processes.
- Write policies in Git, express requirements as enforceable rules, and automate checks.
- Drive SOC 2 Type 2, ISO 27001, and SOX ITGC end-to-end as a management owner.
- Build an operational risk function, including a data model, workflow layer, and closed-loop system for risk management.
- Mature the TPRM program, including tiered reviews, automated evidence collection, and agent-based workflows.
- Own the auditor's primary management contact, ensuring scoping, walkthroughs, and evidence delivery are handled effectively.
- Build cross-functional relationships with Engineering, Legal, Privacy, Internal Audit, and Procurement to ensure compliance is a shared practice.
- Maintain clear role boundaries between management's first- and second-line GRC operations and Internal Audit's third-line independent assurance.
Requirements
- 5+ years in GRC, security engineering, or a hybrid role where you owned both the policy and control side and the technical implementation.
- Experience designing or operating agentic workflows.
- Coding ability that ships, including Python or equivalent for API calls, job scheduling, and pipeline deployment.
- Experience implementing, integrating, or significantly extending a modern GRC platform.
- SOC 2, ISO 27001, and NIST AI RMF at the control level.
- Experience with SOX ITGC cycles, managing evidence, walkthroughs, and findings with external auditors.
- Experience building or scaling a TPRM program, including tiering, vendor pushback, and automated assessment workflows.
- Quantitative risk experience, owning a risk register and making it useful to engineers and executives.
- Clear writing, evidenced in policies, control narratives, audit responses, and risk statements that are understandable to engineers and lawyers.
- Bachelor's degree or equivalent.
Qualifications
- Experience taking a company through SOC 2 Type 2 or ISO 27001 certification from scratch.
- Privacy program crossover experience, including GDPR, CCPA, data mapping, and DPIAs.
- Experience building governance frameworks for AI systems, such as model risk, ISO 42001, or controls around LLM and agent deployment.
Skills
- Use of AI tools for real, substantive work, including drafting, code, automation, investigations, and evidence gathering.
- Ability to make judgment calls about where AI creates leverage and where it introduces risk.
- Experience with FAIR or equivalent methodologies for quantitative risk management.
- Clear communication skills, evidenced in writing policies, control narratives, audit responses, and risk statements.
Benefits
- Competitive pay and benefits, including medical, dental, vision, life and disability insurance plans, a 401(k) plan with company matching, a Mental Wellness Program & Employee Assistance Program (EAP), flexible PTO, and winter and summer week-long syncs.