Risk and Compliance Lead

About The Position

Requirements

• 6+ years of experience in security GRC, risk management, or compliance program ownership - with a track record of building or maturing programs, not just executing within them
• Hands on experience in running Enterprise Risk Assessments aligned with industry standard frameworks, risk register ownership, and translating technical risk into business-level impact
• Past experience of running Security Maturity Assessments against NIST 800-53, CCF, and more
• Deep hands-on experience managing SOC 2, ISO 27001, and TISAX audits - including scoping, control mapping, evidence coordination, and auditor management
• Experience running Third Party Risk Management programs including vendor tiering, security assessments, and ongoing monitoring
• Ability to interpret compliance frameworks in practical terms and drive cross-functional remediation without direct authority
• Strong communication skills - comfortable presenting risk posture and program status to executive leadership and board-level stakeholders
• Experience with GRC tooling such as Vanta, Drata, OneTrust, or similar platforms

Nice To Haves

• Experience with Automotive security and safety compliance frameworks such as ISO 21434, ISO 26262
• Certifications such as CISSP

Responsibilities

• Own and mature the security GRC program, including policy lifecycle management, risk register maintenance, and control framework alignment across the organization
• Conduct comprehensive enterprise and product-level risk assessments to identify, prioritize, and track risks against the company's risk appetite - translating findings into actionable remediation plans for stakeholders
• Lead, manage and support compliance efforts such as, but not limited to, SOC2, ISO 27001, ISO 9001, TISAX, and federal/defense requirements - owning audit readiness, evidence collection, and remediation tracking end to end
• Drive Third Party Risk Management (TPRM) program, including vendor assessments, contract security reviews, and ongoing monitoring of critical third parties
• Build and maintain the GRC program infrastructure - including risk tracking, compliance tooling, reporting cadences, and executive-level risk reporting
• Partner with Legal, Engineering, IT, and Operations to embed compliance and risk requirements into business processes, product development, and infrastructure decisions
• Develop and maintain security policies, standards, and procedures that are practical, enforceable, and aligned to regulatory and contractual obligations
• Support customer-facing security assurance activities including questionnaires, audits, and contractual security reviews

Benefits

• equity in the form of options and/or restricted stock units
• comprehensive health, dental, vision, life and disability insurance coverage
• 401k retirement benefits with employer match
• learning and wellness stipends
• paid time off