GRC Lead: AI Compliance & Security Architect
BrainCo
About Brain Co. Brain Co. is an applied AI startup co-founded by Jared Kushner and Elad Gil, and backed by leading Silicon Valley builders including Patrick Collison and Andrej Karpathy. We are building AI applications for the world's most important institutions, delivering impact on real-world problems across governments, healthcare systems, and critical industries. Our progress so far: Automated construction permitting for a sovereign government 80% faster, unlocking $375M+ in value Optimized supply chains for a leading global energy company 30% lower cost, 99% reliability, preventing $100M+ in losses Streamlined hospital patient care across national health systems 40% better outcomes, 80% less admin work Company momentum: Raised a $55M Series A from leading investors Built a team of 70+ AI experts from Tesla, Google DeepMind, NVIDIA, and Databricks About the Role: At Brain Co., we focus on applying frontier AI to real institutional challenges, working alongside governments, healthcare systems, and critical industries to modernize how essential services operate. We are looking for leaders who want to help bring new technology into institutions that impact millions of people. As our GRC Lead, you’ll own the governance, risk, and compliance program end-to-end - and treat it as a strategic advantage, not a checklist. Brain Co. carries one of the most demanding regulatory loads of any company our size: SOC 2 Type II and HIPAA in place today, with ISO 27001, NIST 800-171, FedRAMP/GovRAMP, GLBA, and US/MENA data residency on the near-term roadmap. That’s what selling to governments, hospitals, and financial institutions costs - and done right, it’s how we win the next ones. This is a 01 builder role. You’ll define the principles, write the policies, run the audits, build the automation, and partner directly with engineering, legal, sales, and customer – not advising from the sidelines. This is a high-ownership role for someone who has built programs like this before and wants to build the next one from first principles. You’ll be an IC on day one with the scope and trust to grow the function as the company scales. What You'll Work On: Own the end-to-end GRC program: SOC 2 Type II and HIPAA today, and the path through ISO 27001, NIST 800-171, FedRAMP/GovRAMP, GLBA, and MENA-specific regimes that don’t map cleanly to a US playbook. Build the data handling backbone: how customer data is classified, where it lives, who can touch it, and how we prove it - across Azure, on-prem MENA deployments, and the bespoke deployments we run for governments and hospitals. Run audits as a builder, not a project manager: Own evidence, controls, gap remediation, and audit response, and automate the evidence pipeline so we’re not rebuilding workpapers every cycle. Stand up third-party risk as a real program: vendor reviews, data flow inventory, contractual security obligations, and a reassessment cadence that keeps pace with our SaaS footprint. Be the function that unblocks enterprise deals: Build the customer-trust surface — security questionnaires, trust portal, DPAs, BAAs, customer-facing docs — so customers understand how we handle their data before they have to ask. Partner with engineering: Bake compliance into the product: control inheritance from Azure, policy-as-code, automated access reviews, audit-ready logging, and evidence collection that runs without a human in the loop. Run a single risk operating cadence across HR, Finance, Legal, IT, and Engineering: so data handling, vendor approvals, and audit requests always have a clear owner. Be the translator between technical reality and regulatory expectations: the person engineers trust to interpret a control, and the person customers and auditors trust to explain the system behind it. You Might Be a Great Fit If You... Have 8+ years building and running GRC programs in regulated environments including healthcare, financial services, government, or enterprise SaaS where the stakes were real and the audits weren’t theatre. Have taken a company through SOC 2 Type II from a cold start, and lived HIPAA, GLBA, FedRAMP, or equivalent work hands-on, not just signed off on policies someone else wrote. View compliance as a competitive advantage and a forcing function for good engineering, not a checklist and not a bureaucracy to defend. Are a deep executor: you write the policies, draft the white papers, and ship the automation yourself, and can zoom out to design the program around them. Are a high-trust cross-functional partner - you can sit with an engineer reasoning about IAM controls in the morning, walk GTM through a DPA at noon, and brief a customer’s CISO in the afternoon. Translate technical risk for the boardroom and regulatory risk for the engineers fluently in both directions. Are at home in ambiguity and energized by a 01 program. We have a SOC 2 Type II baseline; the rest is yours to define. Have a strong opinion about data: how it’s classified, where it lives, who can see it, and how you prove it. You think in data flows, not policy templates. Bias toward pragmatism over bureaucracy. You know which controls matter, which ones are noise, and which ones you can automate out of existence. Bonus Points For: Direct experience operating across US and MENA (or other multi-jurisdictional) regulatory environments, including on-prem and data residency requirements. FedRAMP/GovRAMP, IL4/IL5, or equivalent government-customer compliance experience. Standing up GRC programs at AI or ML-heavy companies, including the novel evidence and disclosure questions that come with model training data, agent actions, and customer data flowing through AI systems. Hands-on with compliance automation tooling (Vanta, Drata, Secureframe, etc.) and a willingness to replace it when it’s the wrong tool. Comfort reading the technical controls themselves (Terraform, IAM policies, audit logs) well enough to verify what an auditor is being told. Why Join Us: Build the GRC function for an AI platform deployed in governments, hospitals, and critical industries worldwide — where the regulatory bar is real and the work matters. Own the program 01. Define the principles, design the system, and grow the function under you as the company scales. Work alongside senior engineers from Tesla, DeepMind, Databricks, and other top engineering orgs who treat compliance as a partner, not a tax. Shape how compliance is done for AI-native companies, where the frameworks haven’t caught up yet and the right answer is still being written. Earn competitive compensation and meaningful equity in a high-growth company. Benefits Competitive salary plus equity Daily lunches Commuter benefits 401(k) Medical, Dental, and Vision Unlimited PTO #J-18808-Ljbffr BrainCo
- ...is seeking a governance, risk, and compliance analyst to shape and lead our program. You will drive frameworks... ...focused on trustworthy search and AI‑assisted experiences. The role emphasizes... ...functional collaboration across IT, Security, GTM, and Engineering in a data‑...Suggested
- ...seeking an IT Manager to own the entire IT and security function from scratch. This critical role... ...device management, security hygiene, compliance programs, and vendor management. The... ...infrastructure for years to come. Join a fast-growing AI platform impacting Fortune 500 clients....Suggested
- Alvarez & Marsal in San Francisco is seeking a professional to lead AI security assessments and tackle compliance challenges. In this role, you'll focus on implementing secure AI/ML pipelines and developing risk assessment methodologies. The ideal candidate has a strong...SuggestedFlexible hours
$232k - $290k
Ripple is seeking a Senior Staff Security Engineer in San Francisco, focusing on AI Security and contributing to the company’s security posture. The role involves driving AI security strategy, implementing controls, and engaging in regulatory discussions. With a competitive...Suggested- Alembic Technologies seeks a lead-level Security Engineer and Architect to own end-to-end security for our rapidly growing on-prem, Kubernetes-based AI factory. This hands-on role reports to the CTO/CISO and partners with Technical Operations, Corp IT, Platform Engineering...Suggested
- Alembic is seeking a lead-level Security Engineer and Architect in San Francisco to oversee security for our AI factory. In this hands-on role, you'll design security controls, manage incident responses, and ensure the protection of high-value client data while respecting...
- Perplexity is seeking a Governance, Risk & Compliance Analyst to shape and run our... ...risk management program. You will lead the implementation of frameworks, oversee... ...audit/compliance, automation using AI, and collaboration across IT, Security, GTM, and Engineering. You will...
- Pallet is seeking a dedicated GRC leader to manage compliance with regulations like SOC 1, SOC 2, GDPR, and CCPA. This role involves building the compliance operating model from the ground up while collaborating closely with engineering, product, sales, and legal teams....Flexible hours
$193.8k - $228k
A leading technology company in San Francisco seeks a Senior GRC Analyst II. In this role, you will manage the Governance, Risk, and Compliance program, ensuring it aligns with security strategies. Candidates should have a strong knowledge of information security frameworks...- Anthropic is seeking a candidate for a Security GRC role in San Francisco where you'll define control frameworks and ensure compliance for AI systems. You will collaborate across teams to create an integrated risk ecosystem, challenge control implementations, and validate...
- Figma Job is looking for compliance and risk management professionals to join their GRC team. The ideal candidate will lead compliance programs across security frameworks like SOC2 and manage audits. The position offers the opportunity to improve processes and enhance...Remote jobFull time
- Gong is seeking a Senior GRC Security Lead to architect foundational security programs as part of their compliance and trust initiatives. This role involves designing and implementing Gong's Common Controls Framework and working closely with engineering, legal, and audit...
- Salesforce is seeking a Manager of Governance, Risk, and Compliance Security Automation to lead compliance automation capabilities. This role requires 8+ years of experience in GRC, Cybersecurity, or Software Engineering. You will design automated solutions, lead a team...
- ...Manufacturing Co is seeking a Sr Manager for InfoSec Governance Risk and Compliance (GRC) in San Francisco, California. The role involves managing a... ...efforts, while serving as a subject matter expert on security frameworks. The ideal candidate will have over 7 years...
$200k - $300k
Dexterity, Inc. in Emeryville, California is seeking a Security Architect to lead software security measures for their robotics product lines.... ...reviewing code, maintaining security guidelines, and ensuring compliance with standards like ISO27001 and SOC2. The ideal candidate...- GRC Security compliance leader Job Description: Job Title: GRC Security Compliance Leader Location: Remote Duration: 12+ Months (Contract) Responsibilities: Support implementing and managing Information -Security Management Systems by ISO27001 standards. 3rd party...Contract workWork at officeRemote workEarly shift
- Plaid is seeking a Security Contracts Manager to oversee contract reviews and ensure compliance with security standards. You will lead reviews for customer MSAs and security addenda while developing... ...pay, and opportunities for AI implementation in security processes....Contract work
- HEN Technologies in San Francisco is searching for a security and compliance leader to oversee the organization's security framework across multiple... ...compliance. You'll work closely with engineering teams, leading SOC 2 audits and developing robust security strategies. The...
- Instabase is looking for a Security & Compliance Manager to lead their security and GRC programs in San Francisco. This role involves collaborating across teams to manage security compliance initiatives and improving audit standards. The ideal candidate will have extensive...Flexible hours
- A leading digital security firm is seeking a GRC Security Compliance Leader for a remote position. Candidates should have 8-10 years of experience in Information Security and Compliance, with expertise in ISO 27001 and other relevant standards. Responsibilities include...Remote job
$185k - $220k
Notion in San Francisco is seeking a Lead, Internal Audit and SOX Compliance to join their Finance team. This strategic role goes beyond traditional compliance... ...controls program, leading SOX lifecycle and embedding AI into control processes. The ideal candidate will work...$112k
Sr Manager, InfoSec Governance Risk and Compliance (GRC) Sr Manager, InfoSec Governance Risk... ...Compliance (GRC) Founded in 2000, Ivalua is a leading global provider of cloud-based... ...continuously improving Ivalua’s Information Security program globally. We provide peace of...Permanent employmentContract workFor contractorsFor subcontractorWork at officeWorldwide3 days per week$315k - $380k
Global Applied AI Architecture Lead, Beneficial Deployments About Anthropic Anthropic’s mission... ...role As the Global Leader of Applied AI Architects for Beneficial Deployments, you will... ...Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at How do...Contract workFor contractorsFor subcontractorWork at officeVisa sponsorship$153k - $296k
Figma is looking for a security, risk, and compliance professional, ideally with over 4 years of experience, to join their team. The role involves leading compliance initiatives across major frameworks and managing audits. The successful candidate will improve processes...Remote jobFull time- Coinbase is seeking a Group Product Manager for Compliance Automation to own the vision and multi-year roadmap for AI/ML-powered sanctions screening, transaction monitoring, and risk-based workflows. You will lead PMs, partner with Compliance, Legal, Trust & Risk, Engineering...
$185k - $220k
Apply is seeking a Lead, Internal Audit and SOX Compliance based in San Francisco. This strategic role involves designing internal control programs and leading the SOX lifecycle, aiming for innovative and effective compliance solutions. The ideal candidate will have extensive...- Notion is seeking a strategic Lead, Internal Audit and SOX Compliance to elevate its internal controls program and embed AI-driven testing in a fast-growing SaaS environment. You will partner across Finance, IT, Engineering, Legal, and business units to scale controls while...Work at office
- Anchorage Lending CA, LLC in New York seeks a highly motivated individual for their Compliance team. The role involves supporting the design, implementation, and optimization of compliance programs across all legal entities. You will focus on enhancing efficiency and effectiveness...
- PMs for Hire is looking for a Senior Legal Program Manager to lead regulatory compliance initiatives in San Francisco. This role involves managing... ...compliance with evolving global regulations, particularly in AI. The ideal candidate will have over 8 years of experience in...Relocation package
- A leading healthcare company is seeking a Manager of Regulatory Affairs based in remote locations. You will develop and execute regulatory strategies, manage FDA submissions, and ensure compliance for innovative medical devices. The ideal candidate has over 8 years of...Remote jobFull time
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to GRC Lead: AI Compliance & Security Architect. Be the first to apply!
- cyber security architect San Francisco, CA
- security architect San Francisco, CA
- compliance technician San Francisco, CA
- regulatory compliance specialist San Francisco, CA
- compliance examiner San Francisco, CA
- regulatory affairs consultant San Francisco, CA
- compliance team leader San Francisco, CA
- legal compliance San Francisco, CA
- regulatory compliance engineer San Francisco, CA
- export compliance San Francisco, CA
