Member of Technical Staff, GRC; Senior​/Lead

About Basis

Basis builds real agents that do real work in the real economy. Our agents operate for hours at a time, performing end-to-end work for some of the largest accounting firms in the world. We recently raised $100M at a valuation greater than $1B and are racing to deploy the most advanced applied ML at production scale. Our investors include:
Khosla Ventures, Accel, Google Ventures, Nat Friedman & Daniel Gross, Adam D'Angelo, Jeff Dean, Jack Altman, Noam Brown, Kyle Vogt, Amjad Masad, Clem Delangue and many other operators/technical leaders.

"Basis is on the frontier of building production‑grade, long‑horizon agents. They’ve pushed the limits of what we thought our models could do on real‑world, economically valuable, complex accounting tasks. They’ve been a great collaborator in helping us shape what the future of agents looks like." — Prashant Mital, Applied AI Lead, OpenAI

Your job is to build the GRC systems that let Basis earn customer trust, pass audits cleanly, and scale without operational drag. You’ll start as the hands‑on owner of GRC and may build the function as the company scales.

We’re an AI‑first company. We want someone who uses AI to automate repetitive GRC work—evidence collection, questionnaires, control mapping, reporting, and policy upkeep—instead of building manual spreadsheet bureaucracy.

• Own SOC 1, SOC 2 Type II, ISO 27001, and ISO 42001 end-to-end, including scope, audits, controls, and remediation
• Translate compliance requirements into practical operating processes across IT, Engineering, Security, Legal, Finance, and People
• Ensure controls have clear owners, evidence expectations, and remediation paths as Basis scales

• Build the source of truth for controls, evidence, ownership, audit readiness, and remediation tracking
• Automate evidence collection, control monitoring, access reviews, risk tracking, and reporting wherever possible
• Use AI to improve speed and quality across control mapping, policies, questionnaires, audit prep, and internal documentation

• Run third‑party risk reviews and track remediation through completion
• Own customer security questionnaires, trust materials, and related diligence
• Maintain a clear risk register with real follow‑through, not just documentation

• Turn audit, customer, and regulatory requirements into clear control owners, operating processes, and follow‑through
• Work with IT and Engineering to make identity, device, endpoint, infrastructure, and SDLC controls real and auditable
• Help teams move quickly by making risk decisions explicit, practical, and easy to act on

• GRC helps Basis ship, sell, and scale faster — without lowering the bar on trust or security
• SOC 1, SOC 2 Type II, ISO 27001, and ISO 42001 run cleanly with clear owners, evidence, and remediation paths
• AI-enabled workflows make evidence collection, control monitoring, and audit prep increasingly automated
• Customer security reviews, vendor reviews, and risk decisions move quickly without becoming bottlenecks
• The company has a clear, current view of its highest‑priority risks and who owns them

• You own outcomes. You’ve owned audits, controls, evidence, remediation, vendor risk, and customer trust workflows end-to-end.
• You know the work firsthand. You’ve personally run SOC 1, SOC 2, ISO 27001, or similar programs — not just managed them from a distance.
• You build from first principles. You turn messy, manual compliance work into simple systems that scale.
• You are technically fluent. You can translate frameworks into controls that IT, engineering, and security teams can actually operate.
• You move fast without lowering the bar. You make pragmatic risk decisions, drive follow‑through, and avoid process for process’s sake.
• You are AI‑first. You use AI to improve speed and quality across evidence collection, control mapping, policies, questionnaires, reporting, and documentation.
• You communicate clearly. You write in plain English, explain tradeoffs, and work well across Legal, Finance, People, IT, Engineering, Security,…