Security Compliance Lead

fal.ai is building the world’s best generative image, video and audio models. We're looking for a Security Compliance Lead to join our team and build scalable, efficient, and practical security and compliance foundations that align with our fast pace. In this role, you'll have a unique opportunity to design, operationalize, and scale our compliance and security programs in a cloud-native, AI-first environment. You’ll work across teams — legal, product, engineering, IT, and sales — to ensure we not only meet frameworks like SOC 2, HIPAA, GDPR, and ISO 27001, but do so in a way that supports business agility and long-term sustainability.

This role is both strategic and hands-on: you’ll set the vision and roll up your sleeves to get it done.

• Own and scale our security governance, risk, and compliance programs, ensuring alignment with SOC 2 Type II, HIPAA, GDPR, and ISO 27001.
• Lead and coordinate audits, readiness efforts, gap assessments, remediation tracking, and evidence collection across multiple frameworks.
• Operationalize core security programs (e.g. access reviews, vendor security, policy lifecycle, incident response, risk assessments).
• Drive vendor security reviews and streamline intake processes in partnership with Legal, Procurement, and Engineering.
• Collaborate cross-functionally with product, engineering, and operations to embed compliance-by-design practices into our SDLC and AI infrastructure.
• Develop and maintain security policies and ensure effective enablement across the company.
• Establish lightweight, repeatable processes for risk and controls management that scale with our growth.
• Help build and manage our internal compliance tooling ecosystem (e.g. Drata or Vanta).
• Provide regular compliance and risk updates to leadership and stakeholders.

• 5+ years in GRC, security, or privacy roles, ideally in a high-growth SaaS startup or regulated tech environment.
• Strong experience with SOC 2 Type II, HIPAA, ISO 27001, GDPR, and vendor risk management.
• Proven ability to operationalize compliance (not just advise on it).
• Experienced in managing and running audits across different frameworks.
• Comfortable navigating ambiguity and building programs from scratch in fast-moving environments.
• Excellent communication and stakeholder management skills — you know how to build alignment and keep momentum.
• Not required to be hands-on technical, but you’re comfortable with technical terminology and working closely with engineers and product teams.
• Highly organized and outcome-driven.

• Familiarity with security tooling (e.g. Drata, Vanta, GRC platforms, Jira, Confluence).
• Experience working with cloud infrastructure (AWS, GCP, Azure).
• Prior work in AI/ML environments or data-heavy SaaS platforms.
• Industry certifications (e.g. CISM, CISA, CIPM, CISSP).

• $150,000 - $210,000 + equity + comprehensive benefits package

• San Francisco, CA - No remote options at this time

• Interesting and challenging work
• Employee-friendly equity terms (early exercise, extended exercise)
• A lot of learning and growth opportunities
• We offer visa sponsorship and will help you relocate to San Francisco.
• Health, dental, and vision insurance (US)
• Regular team events and offsites