Governance, Risk & Compliance; GRC Lead

Governance, Risk & Compliance (GRC) Lead

San Mateo, CA

Fireworks AI is seeking an experienced Governance, Risk & Compliance (GRC) Lead to build, scale, and mature our compliance and risk management program. In this role, you will partner closely with engineering, legal, security, and product teams to establish practical controls, manage risk, and support customer trust in our platform.

• Design and execute our Governance, Risk, and Compliance (GRC) strategy, successfully implementing and maintaining key industry frameworks (e.g., SOC 2 Type II, ISO 27001/27701, PCI, HIPAA), ensuring all certification requirements are met.
• Oversee all continuous monitoring activities across the compliance program, including formal access reviews, ongoing vendor due diligence, policy compliance reviews, and mandatory security training enforcement.
• Serve as the primary liaison for external audit bodies, directing the end-to-end audit lifecycle, from scoping and evidence gathering to artifact review and timely remediation of findings.
• Establish and maintain a robust global privacy compliance program for all data processing activities, ensuring adherence to regulations like GDPR, CCPA, and CPRA.
• Design and implement scalable GRC processes, documentation, and tooling to support hyper-growth and the efficient adoption of new compliance frameworks (e.g., ISO 42001 for AI).
• Develop and lead the company-wide risk assessment program, identifying, evaluating, and prioritizing data security and compliance risks, and driving the implementation of effective mitigation strategies.
• Own the Third-Party Risk Management (TPRM) program, conducting due diligence, and contract review.
• Author, update, and enforce all policies, specifically integrating security, data privacy, and the emerging field of AI safety and ethics into the policy lifecycle.
• Follow and help shape the AI regulatory and standards landscape to keep the company at the forefront of industry developments and best practices.
• 7+ years of experience in Governance, Risk, and Compliance (GRC) roles, with at least 3 years in a leadership capacity overseeing audit and certification efforts.
• Leading GRC/Security in a high-growth, cloud-native technology environment.
• Demonstrated expertise with GRC platforms (e.g., Vanta) to automate and scale compliance operations.
• Ability to translate complex regulatory and audit requirements (e.g., ISO, SOC
  2) into clear, documented, and actionable engineering work-streams.
• Strong commitment to cross-functional collaboration with IT, Security, GTM, and Engineering.
• Self-motivated, detailed and organized, with a diligent approach to project completion.
• Excellent written, verbal, and interpersonal communication skills.

• Solve Hard Problems:
  Tackle challenges at the forefront of AI infrastructure, from low-latency inference to scalable model serving.
• Build What’s Next:
  Work with bleeding-edge technology that impacts how businesses and developers harness AI globally.
• Ownership & Impact:
  Join a fast-growing, passionate team where your work directly shapes the future of AI—no bureaucracy, just results.
• Learn from the Best:
  Collaborate with world-class engineers and AI researchers who thrive on curiosity and innovation.

Fireworks AI is an equal-employment opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all innovators.

Voluntary self-identification information for government reporting purposes is collected separately and is not a condition of employment. This information is used solely for compliance with equal employment opportunity laws and related regulations.