Jobs · Engineering

Senior GRC Engineer

Life360 · United States · 3 wk ago
RemoteRemoteEngineering$116k–$213k/yrFull-time

About the role

Life360 is a Remote-First company, which means a remote work environment will be the primary experience for all employees. This role is based in the United States.

Responsibilities

  • Own the governance framework for Life360's agentic systems.
  • Define policies, control sets, and compliance posture for agentic systems.
  • Automate evidence collection, draft control narratives, and triage vendor questionnaires using AI and internal tooling.
  • Build integrations and pipelines to automate compliance processes.
  • Write policies in Git, express requirements as enforceable rules, and automate checks.
  • Drive SOC 2 Type 2, ISO 27001, and SOX ITGC end-to-end as a management owner.
  • Build an operational risk function, including a data model, workflow layer, and closed-loop system for risk management.
  • Mature the TPRM program, including tiered reviews, automated evidence collection, and agent-based workflows.
  • Own the auditor's primary management contact, ensuring scoping, walkthroughs, and evidence delivery are handled effectively.
  • Build cross-functional relationships with Engineering, Legal, Privacy, Internal Audit, and Procurement to ensure compliance is a shared practice.
  • Maintain clear role boundaries between management's first- and second-line GRC operations and Internal Audit's third-line independent assurance.

Requirements

  • 5+ years in GRC, security engineering, or a hybrid role where you owned both the policy and control side and the technical implementation.
  • Experience designing or operating agentic workflows.
  • Coding ability that ships, including Python or equivalent for API calls, job scheduling, and pipeline deployment.
  • Experience implementing, integrating, or significantly extending a modern GRC platform.
  • SOC 2, ISO 27001, and NIST AI RMF at the control level.
  • Experience with SOX ITGC cycles, managing evidence, walkthroughs, and findings with external auditors.
  • Experience building or scaling a TPRM program, including tiering, vendor pushback, and automated assessment workflows.
  • Quantitative risk experience, owning a risk register and making it useful to engineers and executives.
  • Clear writing, evidenced in policies, control narratives, audit responses, and risk statements that are understandable to engineers and lawyers.
  • Bachelor's degree or equivalent.

Qualifications

  • Experience taking a company through SOC 2 Type 2 or ISO 27001 certification from scratch.
  • Privacy program crossover experience, including GDPR, CCPA, data mapping, and DPIAs.
  • Experience building governance frameworks for AI systems, such as model risk, ISO 42001, or controls around LLM and agent deployment.

Skills

  • Use of AI tools for real, substantive work, including drafting, code, automation, investigations, and evidence gathering.
  • Ability to make judgment calls about where AI creates leverage and where it introduces risk.
  • Experience with FAIR or equivalent methodologies for quantitative risk management.
  • Clear communication skills, evidenced in writing policies, control narratives, audit responses, and risk statements.

Benefits

  • Competitive pay and benefits, including medical, dental, vision, life and disability insurance plans, a 401(k) plan with company matching, a Mental Wellness Program & Employee Assistance Program (EAP), flexible PTO, and winter and summer week-long syncs.

Similar jobs

Senior GRC Engineer

Nexus Venture PartnersSan Francisco, CA· 4 days ago
Engineering$180k–$200k/yrapply on job-boards.greenhouse.io

Senior GRC Engineer

PostmanSan Francisco, CA· 5 days ago
Engineering$180k–$200k/yrapply on job-boards.greenhouse.io

Senior GRC Engineer

FlockUnited States· 5 days ago
RemoteEngineering$130k–$145k/yrapply on jobs.ashbyhq.com

Senior GRC Engineer

BiographNew York, NY· 1 mo ago
Engineering$150k–$200k/yrapply on jobs.ashbyhq.com