×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Data Security

GRC Lead; Governance, Risk, and Compliance

Job in Foster City, San Mateo County, California, 94420, USA
Listing for: King River Capital Group
Full Time position
Listed on 2026-02-16
Job specializations:
  • IT/Tech
    Cybersecurity, Data Security
Salary/Wage Range or Industry Benchmark: 208000 - 300000 USD Yearly USD 208000.00 300000.00 YEAR
Job Description & How to Apply Below
Position: GRC Lead (Governance, Risk, and Compliance)

Location

Foster City, CA (Hybrid) In office M,W,F

Employment Type

Full time

Location Type

Hybrid

Department

Engineering IT

Compensation
  • Compensation is determined based on career level, with the base salary for this role ranging from $208K–$300K
    • Offers Equity

Replit is the agentic software creation platform that enables anyone to build applications using natural language. With millions of users worldwide and over 500,000 business users, Replit is democratizing software development by removing traditional barriers to application creation.

About the role

We are looking for a GRC Lead to serve as the Technical Lead for our compliance and risk management ecosystem. You will architect the systems and processes that automate trust, guiding a team of GRC specialists while partnering deeply across the organization. We need a pragmatic operator who understands that GRC exists to enable the business—balancing rigorous standards with the velocity of a high-growth startup.

What

You'll Do

Technical Leadership & Mentorship

  • Team Leadership: Act as the technical anchor for the GRC team. You will mentor GRC analysts and engineers, setting the standard for quality, technical depth, and operational efficiency.

  • Program Architecture: Own the technical vision for Replit’s GRC program, moving the team from manual workflows toward "Compliance-as-Code" and automated evidence collection.

  • Thought Leadership: Champion a culture of security and privacy across the company, educating teams on why controls exist rather than just enforcing them.

Cross-Functional Collaboration

  • Engineering & Architecture: Partner with Architects and Engineering Leads to "bake in" compliance requirements early in the design phase. You will translate complex technical implementations into narratives that satisfy frameworks without slowing down development.

  • Legal & Privacy: Work closely with Legal Counsel to interpret and implement requirements for Privacy (GDPR, CCPA) and emerging AI-specific regulations (e.g., EU AI Act).

  • Sales & GTM: Enable the Sales team by managing the Customer Trust Center and handling complex security questionnaires. You will serve as a subject matter expert in customer calls to build confidence with enterprise prospects.

  • Auditor Relationships: Own and cultivate the primary relationship with external auditors. You will serve as the bridge between auditors and internal teams, ensuring requests are reasonable, clear, and relevant to our tech stack.

Risk Management & Strategic Compliance

  • Risk Register Owner: You will own the Cybersecurity Risk Register
    . You will be responsible for identifying, quantifying, and tracking risks, distinguishing between theoretical compliance gaps and meaningful business risks.

  • Framework Evolution: Manage and evolve our compliance posture across SOC 2, ISO 27001
    , and prepare the organization for future certifications in regulated markets (e.g.,
    FedRAMP, ITAR, PCI, HIPAA
    ).

  • Pragmatic Governance: Apply judgment to operate in "gray areas" when appropriate. You will prioritize issues that represent real security or business risk over "compliance theater."

Automation & Efficiency

  • Control Automation: Drive the shift from manual evidence collection to continuous monitoring. You will identify opportunities to automate audit work, ensuring GRC scales with the business.

  • Third-Party Risk: Architect a scalable framework for assessing third-party vendors and AI model providers, ensuring our supply chain remains secure without creating administrative bottlenecks.

Required Skills & Experience

  • 8+ years of experience in GRC or Information Security

  • Leadership

    Experience:

     Proven experience mentoring other GRC professionals or leading complex cross-functional projects.

  • Technical Fluency: Ability to speak the language of engineering, cloud (GCP/AWS), and security architecture. You can anticipate how architectural decisions impact risk and compliance.

  • Regulatory Breadth: Deep experience with SOC 2, ISO 27001, PCI, HIPPA, and Privacy laws.

  • Collaborative Communication: Strong ability to explain risk and tradeoffs to technical (Engineers), legal, and commercial (Sales/Execs) stakeholders.

  • Automation Mindset: Experience with GRC automation tools (e.g.,…

To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search