Risk and Compliance Lead

Posted 6 Days Ago
Be an Early Applicant
Foster City, CA, USA
Hybrid
210K-270K Annually
Senior level
Artificial Intelligence • Cloud • Machine Learning • Software • Database • App development • Generative AI
Introducing Replit Agent 4 - built to unlock your creativity. Plan. Design. Build. All at once.
The Role
Own and run the end-to-end certification and audit program (SOC 2, ISO 27001, future ISO 42001), maintain the master security risk register, build continuous compliance monitoring, manage external auditors, author ISMS/SSP artifacts, drive remediation of findings, and partner with engineering and legal on privacy and evidence automation.
Summary Generated by Built In

Replit is the agentic software creation platform that enables anyone to build applications using natural language. With millions of users worldwide, Replit is democratizing software development by removing traditional barriers to application creation.


About the role:

Replit is building the security GRC function that will scale with an AI-native product. As the Risk & Compliance lead, you'll own our certification and audit program end to end: SOC 2, ISO 27001, and eventually ISO 42001 (AI management systems), while also owning the company's master security risk register and continuous compliance monitoring. You'll report to the Head of Security GRC, who retains overall accountability for the risk program, and work closely with Engineering to make sure controls hold up in practice, not just on paper.


What You'll Do
  • Own the end-to-end certification roadmap (SOC 2 Type II, ISO 27001, and future frameworks like ISO 42001) including scoping, gap assessments, remediation, and audit execution

  • Manage relationships with external auditors and drive the annual audit calendar so certifications renew without last-minute scrambles

  • Own and maintain the company's master security risk register including risk identification, scoring methodology, treatment plans, and residual risk reporting

  • Build and maintain continuous compliance monitoring so control status reflects real-time state rather than point-in-time snapshots

  • Own the core audit artifacts that back every certification including ISMS documentation, Statements of Applicability, risk assessments, and potentially FedRAMP System Security Plans (SSPs)

  • Run regular audits and readiness assessments, and track remediation of findings and control gaps to closure

  • Support GDPR and broader privacy compliance alongside the Legal/Privacy team, without owning the legal interpretation of requirements

  • Partner with the GRC Engineer to define what evidence collection and control monitoring should be automated versus manually reviewed

  • Track and report on compliance posture and audit findings to security leadership


Required Skills & Experience
  • 8+ years in security compliance, IT audit, or GRC roles, with direct ownership of at least one SOC 2 and/or ISO 27001 certification cycle

  • Working knowledge of common frameworks (SOC 2, ISO 27001, NIST CSF) and how to map controls across them

  • Hands-on experience authoring or substantially maintaining an ISMS, SSP, or equivalent audit-facing documentation set and not just filling out a template

  • Experience owning a formal risk register including risk identification, scoring methodology, treatment plans, and residual risk reporting to leadership

  • Experience with GRC/compliance automation platforms (e.g., Anecdotes, Vanta, Drata, etc.) and continuous control monitoring

  • Experience working directly with external auditors and managing an audit end to end

  • Comfortable reading technical control evidence and having detailed conversations with engineers about how systems actually work

  • Working familiarity with GDPR/privacy fundamentals sufficient to partner effectively with a legal team


Bonus Qualifications
  • Experience scoping or pursuing ISO 42001 or other AI governance frameworks

  • Familiarity with FedRAMP or other government compliance regimes

  • Background in a developer tools, platform, or AI/ML product company

  • Relevant certifications (CISA, CISSP, ISO 27001 Lead Auditor/Implementer)

  • Experience standing up a compliance program from an early or pre-certification stage

This is a full-time role that can be held from our Foster City, CA office. The role has an in-office requirement of Monday, Wednesday, and Friday.

Full-Time Employee Benefits Include:

💰 Competitive Salary & Equity

💹 401(k) Program with a 4% match (US Only)

⚕️ Health, Dental, Vision and Life Insurance

🩼 Short Term and Long Term Disability

🚼 Paid Parental, Medical, Caregiver Leave

🏝 Flexible Time Off (FTO) + Holidays

🚗 Commuter Benefits (In-Office Only)

📱 Monthly Wellness Stipend

🧑‍💻 Autonomous Work Environment

🖥 In Office Set-Up Reimbursement (In-Office Only)

🚀 Quarterly Team Gatherings

☕ In Office Amenities (In-Office Only)

Want to learn more about what we are up to?

  • Meet the Replit Agent

  • Replit: Make an app for that

  • Replit Blog

  • Amjad TED Talk

Interviewing + Culture at Replit

  • Operating Principles

  • Reasons not to work at Replit

To achieve our mission of making programming more accessible around the world, we need our team to be representative of the world. We welcome your unique perspective and experiences in shaping this product. We encourage people from all kinds of backgrounds to apply, including and especially candidates from underrepresented and non-traditional backgrounds.

Skills Required

  • 8+ years in security compliance, IT audit, or GRC roles with direct ownership of at least one SOC 2 and/or ISO 27001 certification cycle
  • Working knowledge of SOC 2, ISO 27001, and NIST CSF and ability to map controls across frameworks
  • Hands-on experience authoring or substantially maintaining an ISMS, SSP, or equivalent audit-facing documentation
  • Experience owning a formal risk register including risk identification, scoring methodology, treatment plans, and residual risk reporting
  • Experience with GRC/compliance automation platforms (e.g., Vanta, Drata, Anecdotes) and continuous control monitoring
  • Experience working directly with external auditors and managing audits end-to-end
  • Ability to read technical control evidence and discuss controls in detail with engineers
  • Working familiarity with GDPR and privacy fundamentals to partner with Legal/Privacy teams
  • Experience scoping or pursuing ISO 42001 or other AI governance frameworks
  • Familiarity with FedRAMP or other government compliance regimes
  • Background in developer tools, platform, or AI/ML product companies
  • Relevant certifications (CISA, CISSP, ISO 27001 Lead Auditor/Implementer)
  • Experience standing up a compliance program from early or pre-certification stage

Replit Compensation & Benefits Highlights

The following summarizes recurring compensation and benefits themes identified from responses generated by popular LLMs to common candidate questions about Replit and has not been reviewed or approved by Replit.

  • Parental & Family Support Parental leave spans up to 24 weeks for birth parents with additional paid medical, bonding, and family‑care leave. These policies are characterized as generous compared to common U.S. tech norms.
  • Healthcare Strength Medical, dental, and vision coverage are paired with an employer‑funded HSA plus life and disability insurance. Options like FSA/DFSA and mental‑health support further reinforce the health offering.
  • Wellbeing & Lifestyle Benefits Monthly wellness stipends, learning and development funds, and recognition programs add ongoing value beyond cash compensation. Office meals, commuter benefits, and onsite amenities enhance day‑to‑day experience for those near the HQ.

Replit Insights

Am I A Good Fit?
beta
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.

The Company
HQ: San Francisco, CA
300 Employees
Year Founded: 2016

What We Do

Replit is the agentic software creation platform that enables anyone to build applications using natural language. With millions of users worldwide and over 500,000 business users, Replit is democratizing software development by removing traditional barriers to application creation.

Similar Jobs

In-Office
Sunnyvale, CA, USA
3411 Employees
160K-190K Annually
In-Office
Sunnyvale, CA, USA
472 Employees
160K-190K Annually

Zscaler Logo Zscaler

Program Manager

Cloud • Information Technology • Security • Software • Cybersecurity
Easy Apply
Remote or Hybrid
USA
8697 Employees
127K-182K Annually

CoreWeave Logo CoreWeave

Staff Applied Research Engineer

Cloud • Information Technology • Machine Learning
In-Office
2 Locations
1450 Employees
207K-275K Annually

Similar Companies Hiring

Hanover Park Thumbnail
Artificial Intelligence • Fintech • Software • Financial Services
New York, New York
42 Employees
Kepler  Thumbnail
Fintech • Software
New York, New York
6 Employees
LTX Thumbnail
Conversational AI • Generative AI
Jerusalem, Israel
360 Employees

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account