{"version":"0.1","company":{"name":"YubHub","url":"https://yubhub.co","jobsUrl":"https://yubhub.co/jobs/title/grc-lead-governance-risk-and-compliance"},"x-facet":{"type":"title","slug":"grc-lead-governance-risk-and-compliance","display":"GRC Lead (Governance, Risk, and Compliance)","count":1},"x-feed-size-limit":100,"x-feed-sort":"enriched_at desc","x-feed-notice":"This feed contains at most 100 jobs (the most recently enriched). For the full corpus, use the paginated /stats/by-facet endpoint or /search.","x-generator":"yubhub-xml-generator","x-rights":"Free to redistribute with attribution: \"Data by YubHub (https://yubhub.co)\"","x-schema":"Each entry in `jobs` follows https://schema.org/JobPosting. YubHub-native raw fields carry `x-` prefix.","jobs":[{"@context":"https://schema.org","@type":"JobPosting","identifier":{"@type":"PropertyValue","name":"YubHub","value":"job_e2099e08-e30"},"title":"GRC Lead (Governance, Risk, and Compliance)","description":"<p>We are looking for a GRC Lead to serve as the Technical Lead for our compliance and risk management ecosystem. You will architect the systems and processes that automate trust, guiding a team of GRC specialists while partnering deeply across the organization.</p>\n<p>The role requires a pragmatic operator who understands that GRC exists to enable the business,balancing rigorous standards with the velocity of a high-growth startup.</p>\n<p>Key responsibilities include:</p>\n<ul>\n<li>Technical Leadership &amp; Mentorship:</li>\n<li>Act as the technical anchor for the GRC team.</li>\n<li>Mentor GRC analysts and engineers, setting the standard for quality, technical depth, and operational efficiency.</li>\n<li>Own the technical vision for Replit&#39;s GRC program, moving the team from manual workflows toward &#39;Compliance-as-Code&#39; and automated evidence collection.</li>\n<li>Cross-Functional Collaboration:</li>\n<li>Partner with Architects and Engineering Leads to &#39;bake in&#39; compliance requirements early in the design phase.</li>\n<li>Work closely with Legal Counsel to interpret and implement requirements for Privacy (GDPR, CCPA) and emerging AI-specific regulations (e.g., EU AI Act).</li>\n<li>Enable the Sales team by managing the Customer Trust Center and handling complex security questionnaires.</li>\n<li>Risk Management &amp; Strategic Compliance:</li>\n<li>Own the Cybersecurity Risk Register.</li>\n<li>Identify, quantify, and track risks, distinguishing between theoretical compliance gaps and meaningful business risks.</li>\n<li>Manage and evolve our compliance posture across SOC 2, ISO 27001, and prepare the organization for future certifications in regulated markets (e.g., FedRAMP, ITAR, PCI, HIPAA).</li>\n<li>Automation &amp; Efficiency:</li>\n<li>Drive the shift from manual evidence collection to continuous monitoring.</li>\n<li>Identify opportunities to automate audit work, ensuring GRC scales with the business.</li>\n<li>Architect a scalable framework for assessing third-party vendors and AI model providers, ensuring our supply chain remains secure without creating administrative bottlenecks.</li>\n</ul>\n<p>The ideal candidate will have:</p>\n<ul>\n<li>8+ years of experience in GRC or Information Security.</li>\n<li>Leadership experience, proven by mentoring other GRC professionals or leading complex cross-functional projects.</li>\n<li>Technical fluency, speaking the language of engineering, cloud (GCP/AWS), and security architecture.</li>\n<li>Regulatory breadth, with deep experience with SOC 2, ISO 27001, PCI, HIPAA, and Privacy laws.</li>\n<li>Collaborative communication skills, explaining risk and tradeoffs to technical, legal, and commercial stakeholders.</li>\n<li>An automation mindset, with experience with GRC automation tools (e.g., Vanta, Drata) and a bias toward reducing manual toil.</li>\n</ul>\n<p>Bonus qualifications include familiarity with FedRAMP, ITAR, or AI regulation.</p>\n<p>We value pragmatism, business enablement, solutions-oriented leadership, and clarity. This is a full-time role that can be held from our Foster City, CA office, with an in-office requirement of Monday, Wednesday, and Friday.</p>\n<p>Full-time employee benefits include competitive salary and equity, 401(k) program with a 4% match, health, dental, vision, and life insurance, short-term and long-term disability, paid parental, medical, caregiver leave, commuter benefits, monthly wellness stipend, autonomous work environment, in-office set-up reimbursement, flexible time off (FTO) + holidays, quarterly team gatherings, and in-office amenities.</p>\n<p style=\"margin-top:24px;font-size:13px;color:#666;\">XML job scraping automation by <a href=\"https://yubhub.co\">YubHub</a></p>","url":"https://yubhub.co/jobs/job_e2099e08-e30","directApply":true,"hiringOrganization":{"@type":"Organization","name":"Replit","sameAs":"https://replit.com/","logo":"https://logos.yubhub.co/replit.com.png"},"x-apply-url":"https://jobs.ashbyhq.com/replit/3475841f-c994-4443-b83d-4b8a5b1dd8f2?utm_source=yubhub.co&utm_medium=jobs_feed&utm_campaign=apply","x-work-arrangement":"hybrid","x-experience-level":"senior","x-job-type":"Full time","x-salary-range":"$208K - $300K","x-skills-required":["GRC","Information Security","Engineering","Cloud (GCP/AWS)","Security Architecture","SOC 2","ISO 27001","PCI","HIPAA","Privacy Laws","GRC Automation Tools (e.g., Vanta, Drata)"],"x-skills-preferred":[],"datePosted":"2026-04-24T11:22:43.701Z","jobLocation":{"@type":"Place","address":{"@type":"PostalAddress","addressLocality":"Foster City, CA (Hybrid) In office M,W,F"}},"employmentType":"FULL_TIME","occupationalCategory":"Engineering","industry":"Technology","skills":"GRC, Information Security, Engineering, Cloud (GCP/AWS), Security Architecture, SOC 2, ISO 27001, PCI, HIPAA, Privacy Laws, GRC Automation Tools (e.g., Vanta, Drata)","baseSalary":{"@type":"MonetaryAmount","currency":"USD","value":{"@type":"QuantitativeValue","minValue":208000,"maxValue":300000,"unitText":"YEAR"}}}]}