Sign up to access all features of our service.
  • Job search
  • Favorites
  • Create a CV
    New
  • Salaries
  • Subscriptions

GRC Lead: AI Compliance & Security Architect

BrainCo

About Brain Co. Brain Co. is an applied AI startup co-founded by Jared Kushner and Elad Gil, and backed by leading Silicon Valley builders including Patrick Collison and Andrej Karpathy. We are building AI applications for the world's most important institutions, delivering impact on real-world problems across governments, healthcare systems, and critical industries. Our progress so far: Automated construction permitting for a sovereign government 80% faster, unlocking $375M+ in value Optimized supply chains for a leading global energy company 30% lower cost, 99% reliability, preventing $100M+ in losses Streamlined hospital patient care across national health systems 40% better outcomes, 80% less admin work Company momentum: Raised a $55M Series A from leading investors Built a team of 70+ AI experts from Tesla, Google DeepMind, NVIDIA, and Databricks About the Role: At Brain Co., we focus on applying frontier AI to real institutional challenges, working alongside governments, healthcare systems, and critical industries to modernize how essential services operate. We are looking for leaders who want to help bring new technology into institutions that impact millions of people. As our GRC Lead, you’ll own the governance, risk, and compliance program end-to-end - and treat it as a strategic advantage, not a checklist. Brain Co. carries one of the most demanding regulatory loads of any company our size: SOC 2 Type II and HIPAA in place today, with ISO 27001, NIST 800-171, FedRAMP/GovRAMP, GLBA, and US/MENA data residency on the near-term roadmap. That’s what selling to governments, hospitals, and financial institutions costs - and done right, it’s how we win the next ones. This is a 01 builder role. You’ll define the principles, write the policies, run the audits, build the automation, and partner directly with engineering, legal, sales, and customer – not advising from the sidelines. This is a high-ownership role for someone who has built programs like this before and wants to build the next one from first principles. You’ll be an IC on day one with the scope and trust to grow the function as the company scales. What You'll Work On: Own the end-to-end GRC program: SOC 2 Type II and HIPAA today, and the path through ISO 27001, NIST 800-171, FedRAMP/GovRAMP, GLBA, and MENA-specific regimes that don’t map cleanly to a US playbook. Build the data handling backbone: how customer data is classified, where it lives, who can touch it, and how we prove it - across Azure, on-prem MENA deployments, and the bespoke deployments we run for governments and hospitals. Run audits as a builder, not a project manager: Own evidence, controls, gap remediation, and audit response, and automate the evidence pipeline so we’re not rebuilding workpapers every cycle. Stand up third-party risk as a real program: vendor reviews, data flow inventory, contractual security obligations, and a reassessment cadence that keeps pace with our SaaS footprint. Be the function that unblocks enterprise deals: Build the customer-trust surface — security questionnaires, trust portal, DPAs, BAAs, customer-facing docs — so customers understand how we handle their data before they have to ask. Partner with engineering: Bake compliance into the product: control inheritance from Azure, policy-as-code, automated access reviews, audit-ready logging, and evidence collection that runs without a human in the loop. Run a single risk operating cadence across HR, Finance, Legal, IT, and Engineering: so data handling, vendor approvals, and audit requests always have a clear owner. Be the translator between technical reality and regulatory expectations: the person engineers trust to interpret a control, and the person customers and auditors trust to explain the system behind it. You Might Be a Great Fit If You... Have 8+ years building and running GRC programs in regulated environments including healthcare, financial services, government, or enterprise SaaS where the stakes were real and the audits weren’t theatre. Have taken a company through SOC 2 Type II from a cold start, and lived HIPAA, GLBA, FedRAMP, or equivalent work hands-on, not just signed off on policies someone else wrote. View compliance as a competitive advantage and a forcing function for good engineering, not a checklist and not a bureaucracy to defend. Are a deep executor: you write the policies, draft the white papers, and ship the automation yourself, and can zoom out to design the program around them. Are a high-trust cross-functional partner - you can sit with an engineer reasoning about IAM controls in the morning, walk GTM through a DPA at noon, and brief a customer’s CISO in the afternoon. Translate technical risk for the boardroom and regulatory risk for the engineers fluently in both directions. Are at home in ambiguity and energized by a 01 program. We have a SOC 2 Type II baseline; the rest is yours to define. Have a strong opinion about data: how it’s classified, where it lives, who can see it, and how you prove it. You think in data flows, not policy templates. Bias toward pragmatism over bureaucracy. You know which controls matter, which ones are noise, and which ones you can automate out of existence. Bonus Points For: Direct experience operating across US and MENA (or other multi-jurisdictional) regulatory environments, including on-prem and data residency requirements. FedRAMP/GovRAMP, IL4/IL5, or equivalent government-customer compliance experience. Standing up GRC programs at AI or ML-heavy companies, including the novel evidence and disclosure questions that come with model training data, agent actions, and customer data flowing through AI systems. Hands-on with compliance automation tooling (Vanta, Drata, Secureframe, etc.) and a willingness to replace it when it’s the wrong tool. Comfort reading the technical controls themselves (Terraform, IAM policies, audit logs) well enough to verify what an auditor is being told. Why Join Us: Build the GRC function for an AI platform deployed in governments, hospitals, and critical industries worldwide — where the regulatory bar is real and the work matters. Own the program 01. Define the principles, design the system, and grow the function under you as the company scales. Work alongside senior engineers from Tesla, DeepMind, Databricks, and other top engineering orgs who treat compliance as a partner, not a tax. Shape how compliance is done for AI-native companies, where the frameworks haven’t caught up yet and the right answer is still being written. Earn competitive compensation and meaningful equity in a high-growth company. Benefits Competitive salary plus equity Daily lunches Commuter benefits 401(k) Medical, Dental, and Vision Unlimited PTO #J-18808-Ljbffr BrainCo

Vacancy posted 1 day ago
Similar jobs that could be interesting for youBased on the GRC Lead: AI Compliance & Security Architect in San Francisco, CA vacancy
  •  ...is seeking a highly experienced Governance, Risk & Compliance Analyst to join our world-class team. You will shape...  ...CCPA/CPRA compliance, design scalable audit processes and a robust GRC platform, and help lead regulatory strategy for AI safety. #J-18808-Ljbffr Perplexity
    Suggested

    Perplexity

    San Francisco, CA
    19 hours ago
  • $153.6k - $192k

     ...effortlessly. the company’s AI-native automation and...  ...span Software, Data, Security, and IT, and operate...  ...Governance, Risk, and Compliance function is at an exciting...  ...execution. As a Senior GRC Engineer, you will drive...  ...documentation and leading training sessions Evangelize... 
    Suggested
    Work at office
    Immediate start
    Remote work
    Work from home

    United States Digital Space LLC

    San Francisco, CA
    3 days ago
  •  ...is seeking a governance, risk, and compliance analyst to shape and lead our program. You will drive frameworks...  ...focused on trustworthy search and AI‑assisted experiences. The role emphasizes...  ...functional collaboration across IT, Security, GTM, and Engineering in a data‑... 
    Suggested

    Perplexity

    San Francisco, CA
    2 days ago
  •  ...seeking an IT Manager to own the entire IT and security function from scratch. This critical role...  ...device management, security hygiene, compliance programs, and vendor management. The...  ...infrastructure for years to come. Join a fast-growing AI platform impacting Fortune 500 clients.... 
    Suggested

    Aionia Group

    San Francisco, CA
    4 days ago
  • A leading AI security firm in San Francisco seeks a foundational security leader to manage their end-to-end security and compliance posture. You will protect sensitive user data and lead the charge toward HIPAA and SOC 2 compliance. The ideal candidate will possess deep... 
    Suggested

    Mental & Mentla

    San Francisco, CA
    1 day ago
  • Alvarez & Marsal in San Francisco is seeking a professional to lead AI security assessments and tackle compliance challenges. In this role, you'll focus on implementing secure AI/ML pipelines and developing risk assessment methodologies. The ideal candidate has a strong... 
    Flexible hours

    Alvarez & Marsal

    San Francisco, CA
    1 day ago
  • $232k - $290k

    Ripple is seeking a Senior Staff Security Engineer in San Francisco, focusing on AI Security and contributing to the company’s security posture. The role involves driving AI security strategy, implementing controls, and engaging in regulatory discussions. With a competitive... 

    Not Human Search

    San Francisco, CA
    1 day ago
  • Alembic Technologies seeks a lead-level Security Engineer and Architect to own end-to-end security for our rapidly growing on-prem, Kubernetes-based AI factory. This hands-on role reports to the CTO/CISO and partners with Technical Operations, Corp IT, Platform Engineering... 

    Alembic Technologies

    San Francisco, CA
    1 day ago
  • A remote-first AI governance company is seeking a Principal AI Security & Risk Researcher to lead security research and build frameworks for assessing AI risks. In this part-time role, you will design adaptive security systems, collaborate on automated testing tools, and... 
    Part time
    Remote work
    Flexible hours

    Ciph Lab

    San Francisco, CA
    1 day ago
  • Alembic is seeking a lead-level Security Engineer and Architect in San Francisco to oversee security for our AI factory. In this hands-on role, you'll design security controls, manage incident responses, and ensure the protection of high-value client data while respecting... 

    Alembic

    San Francisco, CA
    1 day ago
  • Perplexity is seeking a Governance, Risk & Compliance Analyst to shape and run our...  ...risk management program. You will lead the implementation of frameworks, oversee...  ...audit/compliance, automation using AI, and collaboration across IT, Security, GTM, and Engineering. You will... 

    Apply

    San Francisco, CA
    3 days ago
  •  ...is hiring its first dedicated GRC leader to own how we earn and...  ..., sales, and legal to make compliance something Pallet is good at,...  ...Pallet increasingly hinge on security posture. You’ll sit in on customer...  ...a clear path to building and leading a team Run SOC 1 and SOC 2... 
    Temporary work
    Live in
    Work at office
    Remote work
    Flexible hours

    Pallet

    San Francisco, CA
    4 days ago
  • Anthropic is seeking a candidate for a Security GRC role in San Francisco where you'll define control frameworks and ensure compliance for AI systems. You will collaborate across teams to create an integrated risk ecosystem, challenge control implementations, and validate... 

    Anthropic

    San Francisco, CA
    1 day ago
  • $153k - $296k

     ...into code, or iterating with AI. From idea to product, Figma empowers...  ...we hire for on this team Compliance Management Lead compliance and certification programs across security and regulatory frameworks,...  ...requirements and business objectives. GRC Platforms & Enablement select,... 
    Remote job
    Full time
    Work from home

    Doist

    San Francisco, CA
    2 days ago
  • Gong is seeking a Senior GRC Security Lead to architect foundational security programs as part of their compliance and trust initiatives. This role involves designing and implementing Gong's Common Controls Framework and working closely with engineering, legal, and audit... 

    Gong

    San Francisco, CA
    1 day ago
  • Salesforce is seeking a Manager of Governance, Risk, and Compliance Security Automation to lead compliance automation capabilities. This role requires 8+ years of experience in GRC, Cybersecurity, or Software Engineering. You will design automated solutions, lead a team... 

    Salesforce

    San Francisco, CA
    1 day ago
  • $193.8k - $228k

    A leading technology company in San Francisco seeks a Senior GRC Analyst II. In this role, you will manage the Governance, Risk, and Compliance program, ensuring it aligns with security strategies. Candidates should have a strong knowledge of information security frameworks... 

    Itlearn360

    San Francisco, CA
    19 hours ago
  • Pallet is seeking a dedicated GRC leader to manage compliance with regulations like SOC 1, SOC 2, GDPR, and CCPA. This role involves building the compliance operating model from the ground up while collaborating closely with engineering, product, sales, and legal teams.... 
    Flexible hours

    Pallet

    San Francisco, CA
    4 days ago
  • $270k - $345k

     ...interpretable, and steerable AI systems. We want AI to be safe...  ...role Anthropic’s Integrity & Compliance (I&C) function is building the...  ...mission and position as one of the leading AI labs operating on the...  ..., controls testing, training, GRC tooling, and reporting that hold... 
    Interim role
    Work at office
    Visa sponsorship
    3 days per week

    Menlo Ventures

    San Francisco, CA
    3 days ago
  • Figma Job is looking for compliance and risk management professionals to join their GRC team. The ideal candidate will lead compliance programs across security frameworks like SOC2 and manage audits. The position offers the opportunity to improve processes and enhance... 
    Remote job
    Full time

    Figma Job

    San Francisco, CA
    2 days ago
  • OpenAI is looking for a GRC Program Manager to enhance customer trust through regulatory...  ...candidate will partner with teams to ensure compliance while managing product launches...  ...shaping the future of technology and making AI a beneficial force for humanity. #J-18808... 

    OpenAI

    San Francisco, CA
    1 day ago
  •  ...Manufacturing Co is seeking a Sr Manager for InfoSec Governance Risk and Compliance (GRC) in San Francisco, California. The role involves managing a...  ...efforts, while serving as a subject matter expert on security frameworks. The ideal candidate will have over 7 years... 

    Dormont Manufacturing Co

    San Francisco, CA
    2 days ago
  • $200k - $300k

    Dexterity, Inc. in Emeryville, California is seeking a Security Architect to lead software security measures for their robotics product lines....  ...reviewing code, maintaining security guidelines, and ensuring compliance with standards like ISO27001 and SOC2. The ideal candidate... 

    Dexterity, Inc.

    Emeryville, CA
    1 day ago
  • SteerBridge is seeking an experienced Security Architect to support our Payments and Aviation FinTech initiatives. This role involves designing...  ...architectures for regulated financial systems, ensuring compliance with federal cybersecurity frameworks. The ideal candidate will... 

    SteerBridge

    Emeryville, CA
    1 day ago
  •  ...business leaders across Engineering, Security, IT, Finance, Legal, and...  ...& Engineering Technology to lead complex technology sourcing work...  ...at the forefront of enabling AI within sourcing workflows, helping...  ...unrelated to job posting compliance. We are committed to providing... 
    Work at office
    Relocation package
    Flexible hours

    OpenAI

    San Francisco, CA
    4 days ago
  •  ...broader community impacted by AI. Accordingly, our Global...  ...individual contributor policy role leading OpenAI's engagement with...  ...major metropolitan homeland security, emergency management, cybersecurity...  ...unrelated to job posting compliance. We are committed to providing... 
    Local area

    Slope

    San Francisco, CA
    4 days ago
  •  ...Francisco, California. You will support AI tools aimed at enhancing financial clearance...  ...care and self-pay collections. You will lead counseling efforts, evaluate AI-generated...  ...for assistance programs, and ensure compliance with relevant regulations. This role provides... 

    Obsidian

    San Francisco, CA
    4 days ago
  • $153k - $296k

    Figma is looking for a security, risk, and compliance professional, ideally with over 4 years of experience, to join their team. The role involves leading compliance initiatives across major frameworks and managing audits. The successful candidate will improve processes... 
    Remote job
    Full time

    Figma

    San Francisco, CA
    1 day ago
  •  ...understand, adopt, and scale AI responsibly. We partner closely...  ...Role The Enterprise 3P Events Lead will help us decide which external...  .... Background Checks and Compliance Background checks for applicants...  ...employment duties require access to secure and protected information... 
    Work at office
    Relocation package

    The Consulting Solutions

    San Francisco, CA
    3 days ago
  • $112k

    Sr Manager, InfoSec Governance Risk and Compliance (GRC) Sr Manager, InfoSec Governance Risk...  ...Compliance (GRC) Founded in 2000, Ivalua is a leading global provider of cloud-based...  ...continuously improving Ivalua’s Information Security program globally. We provide peace of... 
    Permanent employment
    Contract work
    For contractors
    For subcontractor
    Work at office
    Worldwide
    3 days per week

    Ivalua

    San Francisco, CA
    19 hours ago

Do you want to receive more vacancies?

Subscribe and receive similar vacancies to GRC Lead: AI Compliance & Security Architect. Be the first to apply!