×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Data Security

GRC Lead: AI Compliance & Security Architect

Job in San Francisco, San Francisco County, California, 94199, USA
Listing for: BrainCo
Full Time position
Listed on 2026-05-28
Job specializations:
  • IT/Tech
    Cybersecurity, Data Security
Salary/Wage Range or Industry Benchmark: 60000 - 80000 USD Yearly USD 60000.00 80000.00 YEAR
Job Description & How to Apply Below

About Brain Co.

Brain Co. is an applied AI startup co-founded by Jared Kushner and Elad Gil, and backed by leading Silicon Valley builders including Patrick Collison and Andrej Karpathy. We are building AI applications for the world's most important institutions, delivering impact on real-world problems across governments, healthcare systems, and critical industries. Our progress so far:

  • Automated construction permitting for a sovereign government 80% faster, unlocking $375M+ in value

  • Optimized supply chains for a leading global energy company 30% lower cost, 99% reliability, preventing $100M+ in losses

  • Streamlined hospital patient care across national health systems 40% better outcomes, 80% less admin work

Company momentum:

  • Raised a $55M Series A from leading investors

  • Built a team of 70+ AI experts from Tesla, Google Deep Mind, NVIDIA, and Databricks

About the Role:

At Brain Co., we focus on applying frontier AI to real institutional challenges, working alongside governments, healthcare systems, and critical industries to modernize how essential services operate. We are looking for leaders who want to help bring new technology into institutions that impact millions of people.

As our GRC Lead, you’ll own the governance, risk, and compliance program end-to-end - and treat it as a strategic advantage, not a checklist. Brain Co. carries one of the most demanding regulatory loads of any company our size: SOC 2 Type II and HIPAA in place today, with ISO 27001, NIST 800-171, FedRAMP/GovRAMP, GLBA, and US/MENA data residency on the near-term roadmap.

That’s what selling to governments, hospitals, and financial institutions costs - and done right, it’s how we win the next ones.

This is a 01 builder role. You’ll define the principles, write the policies, run the audits, build the automation, and partner directly with engineering, legal, sales, and customer – not advising from the sidelines. This is a high-ownership role for someone who has built programs like this before and wants to build the next one from first principles. You’ll be an IC on day one with the scope and trust to grow the function as the company scales.

What

You'll Work On:

  • Own the end-to-end GRC program: SOC 2 Type II and HIPAA today, and the path through ISO 27001, NIST 800-171, FedRAMP/GovRAMP, GLBA, and MENA-specific regimes that don’t map cleanly to a US playbook.

  • Build the data handling backbone: how customer data is classified, where it lives, who can touch it, and how we prove it - across Azure, on-prem MENA deployments, and the bespoke deployments we run for governments and hospitals.

  • Run audits as a builder, not a project manager: Own evidence, controls, gap remediation, and audit response, and automate the evidence pipeline so we’re not rebuilding work papers every cycle.

  • Stand up third-party risk as a real program: vendor reviews, data flow inventory, contractual security obligations, and a reassessment cadence that keeps pace with our SaaS footprint.

  • Be the function that unblocks enterprise deals: Build the customer-trust surface — security questionnaires, trust portal, DPAs, BAAs, customer-facing docs — so customers understand how we handle their data before they have to ask.

  • Partner with engineering: Bake compliance into the product: control inheritance from Azure, policy-as-code, automated access reviews, audit-ready logging, and evidence collection that runs without a human in the loop.

  • Run a single risk operating cadence across HR, Finance, Legal, IT, and Engineering: so data handling, vendor approvals, and audit requests always have a clear owner.

  • Be the translator between technical reality and regulatory expectations: the person engineers trust to interpret a control, and the person customers and auditors trust to explain the system behind it.

You Might Be a Great Fit If You...

  • Have 8+ years building and running GRC programs in regulated environments including healthcare, financial services, government, or enterprise SaaS where the stakes were real and the audits weren’t theatre.

  • Have taken a company through SOC 2 Type II from a cold start, and lived HIPAA, GLBA, FedRAMP, or equivalent work hands-on, not just signed off on policies…

To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search