GRC Lead: AI Compliance & Security Architect
BrainCo
About Brain Co. Brain Co. is an applied AI startup co-founded by Jared Kushner and Elad Gil, and backed by leading Silicon Valley builders including Patrick Collison and Andrej Karpathy. We are building AI applications for the world's most important institutions, delivering impact on real-world problems across governments, healthcare systems, and critical industries. Our progress so far: Automated construction permitting for a sovereign government 80% faster, unlocking $375M+ in value Optimized supply chains for a leading global energy company 30% lower cost, 99% reliability, preventing $100M+ in losses Streamlined hospital patient care across national health systems 40% better outcomes, 80% less admin work Company momentum: Raised a $55M Series A from leading investors Built a team of 70+ AI experts from Tesla, Google DeepMind, NVIDIA, and Databricks About the Role: At Brain Co., we focus on applying frontier AI to real institutional challenges, working alongside governments, healthcare systems, and critical industries to modernize how essential services operate. We are looking for leaders who want to help bring new technology into institutions that impact millions of people. As our GRC Lead, you’ll own the governance, risk, and compliance program end-to-end - and treat it as a strategic advantage, not a checklist. Brain Co. carries one of the most demanding regulatory loads of any company our size: SOC 2 Type II and HIPAA in place today, with ISO 27001, NIST 800-171, FedRAMP/GovRAMP, GLBA, and US/MENA data residency on the near-term roadmap. That’s what selling to governments, hospitals, and financial institutions costs - and done right, it’s how we win the next ones. This is a 01 builder role. You’ll define the principles, write the policies, run the audits, build the automation, and partner directly with engineering, legal, sales, and customer – not advising from the sidelines. This is a high-ownership role for someone who has built programs like this before and wants to build the next one from first principles. You’ll be an IC on day one with the scope and trust to grow the function as the company scales. What You'll Work On: Own the end-to-end GRC program: SOC 2 Type II and HIPAA today, and the path through ISO 27001, NIST 800-171, FedRAMP/GovRAMP, GLBA, and MENA-specific regimes that don’t map cleanly to a US playbook. Build the data handling backbone: how customer data is classified, where it lives, who can touch it, and how we prove it - across Azure, on-prem MENA deployments, and the bespoke deployments we run for governments and hospitals. Run audits as a builder, not a project manager: Own evidence, controls, gap remediation, and audit response, and automate the evidence pipeline so we’re not rebuilding workpapers every cycle. Stand up third-party risk as a real program: vendor reviews, data flow inventory, contractual security obligations, and a reassessment cadence that keeps pace with our SaaS footprint. Be the function that unblocks enterprise deals: Build the customer-trust surface — security questionnaires, trust portal, DPAs, BAAs, customer-facing docs — so customers understand how we handle their data before they have to ask. Partner with engineering: Bake compliance into the product: control inheritance from Azure, policy-as-code, automated access reviews, audit-ready logging, and evidence collection that runs without a human in the loop. Run a single risk operating cadence across HR, Finance, Legal, IT, and Engineering: so data handling, vendor approvals, and audit requests always have a clear owner. Be the translator between technical reality and regulatory expectations: the person engineers trust to interpret a control, and the person customers and auditors trust to explain the system behind it. You Might Be a Great Fit If You... Have 8+ years building and running GRC programs in regulated environments including healthcare, financial services, government, or enterprise SaaS where the stakes were real and the audits weren’t theatre. Have taken a company through SOC 2 Type II from a cold start, and lived HIPAA, GLBA, FedRAMP, or equivalent work hands-on, not just signed off on policies someone else wrote. View compliance as a competitive advantage and a forcing function for good engineering, not a checklist and not a bureaucracy to defend. Are a deep executor: you write the policies, draft the white papers, and ship the automation yourself, and can zoom out to design the program around them. Are a high-trust cross-functional partner - you can sit with an engineer reasoning about IAM controls in the morning, walk GTM through a DPA at noon, and brief a customer’s CISO in the afternoon. Translate technical risk for the boardroom and regulatory risk for the engineers fluently in both directions. Are at home in ambiguity and energized by a 01 program. We have a SOC 2 Type II baseline; the rest is yours to define. Have a strong opinion about data: how it’s classified, where it lives, who can see it, and how you prove it. You think in data flows, not policy templates. Bias toward pragmatism over bureaucracy. You know which controls matter, which ones are noise, and which ones you can automate out of existence. Bonus Points For: Direct experience operating across US and MENA (or other multi-jurisdictional) regulatory environments, including on-prem and data residency requirements. FedRAMP/GovRAMP, IL4/IL5, or equivalent government-customer compliance experience. Standing up GRC programs at AI or ML-heavy companies, including the novel evidence and disclosure questions that come with model training data, agent actions, and customer data flowing through AI systems. Hands-on with compliance automation tooling (Vanta, Drata, Secureframe, etc.) and a willingness to replace it when it’s the wrong tool. Comfort reading the technical controls themselves (Terraform, IAM policies, audit logs) well enough to verify what an auditor is being told. Why Join Us: Build the GRC function for an AI platform deployed in governments, hospitals, and critical industries worldwide — where the regulatory bar is real and the work matters. Own the program 01. Define the principles, design the system, and grow the function under you as the company scales. Work alongside senior engineers from Tesla, DeepMind, Databricks, and other top engineering orgs who treat compliance as a partner, not a tax. Shape how compliance is done for AI-native companies, where the frameworks haven’t caught up yet and the right answer is still being written. Earn competitive compensation and meaningful equity in a high-growth company. Benefits Competitive salary plus equity Daily lunches Commuter benefits 401(k) Medical, Dental, and Vision Unlimited PTO #J-18808-Ljbffr BrainCo
- ...is seeking a highly experienced Governance, Risk & Compliance Analyst to join our world-class team. You will shape... ...CCPA/CPRA compliance, design scalable audit processes and a robust GRC platform, and help lead regulatory strategy for AI safety. #J-18808-Ljbffr PerplexitySuggested
$153.6k - $192k
...effortlessly. the company’s AI-native automation and... ...span Software, Data, Security, and IT, and operate... ...Governance, Risk, and Compliance function is at an exciting... ...execution. As a Senior GRC Engineer, you will drive... ...documentation and leading training sessions Evangelize...SuggestedWork at officeImmediate startRemote workWork from home- ...is seeking a governance, risk, and compliance analyst to shape and lead our program. You will drive frameworks... ...focused on trustworthy search and AI‑assisted experiences. The role emphasizes... ...functional collaboration across IT, Security, GTM, and Engineering in a data‑...Suggested
- ...seeking an IT Manager to own the entire IT and security function from scratch. This critical role... ...device management, security hygiene, compliance programs, and vendor management. The... ...infrastructure for years to come. Join a fast-growing AI platform impacting Fortune 500 clients....Suggested
- A leading AI security firm in San Francisco seeks a foundational security leader to manage their end-to-end security and compliance posture. You will protect sensitive user data and lead the charge toward HIPAA and SOC 2 compliance. The ideal candidate will possess deep...Suggested
- Alvarez & Marsal in San Francisco is seeking a professional to lead AI security assessments and tackle compliance challenges. In this role, you'll focus on implementing secure AI/ML pipelines and developing risk assessment methodologies. The ideal candidate has a strong...Flexible hours
- A remote-first AI governance company is seeking a Principal AI Security & Risk Researcher to lead security research and build frameworks for assessing AI risks. In this part-time role, you will design adaptive security systems, collaborate on automated testing tools, and...Part timeRemote workFlexible hours
- Alembic is seeking a lead-level Security Engineer and Architect in San Francisco to oversee security for our AI factory. In this hands-on role, you'll design security controls, manage incident responses, and ensure the protection of high-value client data while respecting...
- Alembic Technologies seeks a lead-level Security Engineer and Architect to own end-to-end security for our rapidly growing on-prem, Kubernetes-based AI factory. This hands-on role reports to the CTO/CISO and partners with Technical Operations, Corp IT, Platform Engineering...
$232k - $290k
Ripple is seeking a Senior Staff Security Engineer in San Francisco, focusing on AI Security and contributing to the company’s security posture. The role involves driving AI security strategy, implementing controls, and engaging in regulatory discussions. With a competitive...- Perplexity is seeking a Governance, Risk & Compliance Analyst to shape and run our... ...risk management program. You will lead the implementation of frameworks, oversee... ...audit/compliance, automation using AI, and collaboration across IT, Security, GTM, and Engineering. You will...
$153k - $296k
...into code, or iterating with AI. From idea to product, Figma empowers... ...we hire for on this team Compliance Management Lead compliance and certification programs across security and regulatory frameworks,... ...requirements and business objectives. GRC Platforms & Enablement select,...Remote jobFull timeWork from home- Gong is seeking a Senior GRC Security Lead to architect foundational security programs as part of their compliance and trust initiatives. This role involves designing and implementing Gong's Common Controls Framework and working closely with engineering, legal, and audit...
- Salesforce is seeking a Manager of Governance, Risk, and Compliance Security Automation to lead compliance automation capabilities. This role requires 8+ years of experience in GRC, Cybersecurity, or Software Engineering. You will design automated solutions, lead a team...
$193.8k - $228k
A leading technology company in San Francisco seeks a Senior GRC Analyst II. In this role, you will manage the Governance, Risk, and Compliance program, ensuring it aligns with security strategies. Candidates should have a strong knowledge of information security frameworks...- Pallet is seeking a dedicated GRC leader to manage compliance with regulations like SOC 1, SOC 2, GDPR, and CCPA. This role involves building the compliance operating model from the ground up while collaborating closely with engineering, product, sales, and legal teams....Flexible hours
$270k - $345k
...interpretable, and steerable AI systems. We want AI to be safe... ...role Anthropic’s Integrity & Compliance (I&C) function is building the... ...mission and position as one of the leading AI labs operating on the... ..., controls testing, training, GRC tooling, and reporting that hold...Interim roleWork at officeVisa sponsorship3 days per week- Figma Job is looking for compliance and risk management professionals to join their GRC team. The ideal candidate will lead compliance programs across security frameworks like SOC2 and manage audits. The position offers the opportunity to improve processes and enhance...Remote jobFull time
- Anthropic is seeking a candidate for a Security GRC role in San Francisco where you'll define control frameworks and ensure compliance for AI systems. You will collaborate across teams to create an integrated risk ecosystem, challenge control implementations, and validate...
- ...is hiring its first dedicated GRC leader to own how we earn and... ..., sales, and legal to make compliance something Pallet is good at,... ...Pallet increasingly hinge on security posture. You’ll sit in on customer... ...a clear path to building and leading a team Run SOC 1 and SOC 2...Temporary workLive inWork at officeRemote workFlexible hours
- OpenAI is looking for a GRC Program Manager to enhance customer trust through regulatory... ...candidate will partner with teams to ensure compliance while managing product launches... ...shaping the future of technology and making AI a beneficial force for humanity. #J-18808...
- ...Manufacturing Co is seeking a Sr Manager for InfoSec Governance Risk and Compliance (GRC) in San Francisco, California. The role involves managing a... ...efforts, while serving as a subject matter expert on security frameworks. The ideal candidate will have over 7 years...
$200k - $300k
Dexterity, Inc. in Emeryville, California is seeking a Security Architect to lead software security measures for their robotics product lines.... ...reviewing code, maintaining security guidelines, and ensuring compliance with standards like ISO27001 and SOC2. The ideal candidate...- SteerBridge is seeking an experienced Security Architect to support our Payments and Aviation FinTech initiatives. This role involves designing... ...architectures for regulated financial systems, ensuring compliance with federal cybersecurity frameworks. The ideal candidate will...
- ...business leaders across Engineering, Security, IT, Finance, Legal, and... ...& Engineering Technology to lead complex technology sourcing work... ...at the forefront of enabling AI within sourcing workflows, helping... ...unrelated to job posting compliance. We are committed to providing...Work at officeRelocation packageFlexible hours
$150k - $250k
Flex is building the AI-native private bank for business owners. We’re re-architecting the entire financial system for entrepreneurs... ...Role We’re hiring a Recruiting Lead to own hiring across our core... ...problems — AI, underwriting, compliance, and global finance from first...Immediate startRemote workFlexible hours- ...hiring a Competitive Intelligence Lead. This is a contract role in... ...experience, ecosystem, security, pricing, customer value, and... ...understanding of enterprise software, AI platforms, SaaS, cloud... ...inquiries unrelated to job posting compliance.We are committed to providing...Contract work
- ...Global Senior Equity Program Manager to lead the equity compensation strategy across all... ...with our mission to develop safe AI systems. With 8+ years of experience required... ...will oversee equity plan operations, ensure compliance, and provide support to employees on equity...
- Match Group is seeking a Senior Regulatory Compliance Specialist for a 6-month temporary role in San Francisco. This position involves leading high-impact regulatory projects and... ...analytical thinking and proficiency with AI tools. Benefits include competitive compensation...Temporary work
- ...San Francisco is seeking a Staff Regulatory Affairs Engineer. The role involves leading regulatory submissions for AI/ML software, developing regulatory strategies, and ensuring compliance with FDA regulations. The ideal candidate has over 7 years in Regulatory Affairs...
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to GRC Lead: AI Compliance & Security Architect. Be the first to apply!
- cyber security architect San Francisco, CA
- security architect San Francisco, CA
- compliance technician San Francisco, CA
- regulatory compliance specialist San Francisco, CA
- compliance examiner San Francisco, CA
- regulatory affairs consultant San Francisco, CA
- compliance team leader San Francisco, CA
- legal compliance San Francisco, CA
- regulatory compliance engineer San Francisco, CA
- export compliance San Francisco, CA
