Replit
Risk and Compliance Lead
Foster City, CA
Role brief
What this role is asking for.
Replit is the agentic software creation platform that enables anyone to build applications using natural language. With millions of users worldwide, Replit is democratizing software development by removing traditional barriers to application creation. ABOUT THE ROLE: Replit is building the security GRC function that will scale with an AI-native product. As the Risk & Compliance lead, you'll own our certification and audit program end to end: SOC 2, ISO 27001, and eventually ISO 42001 (AI management systems), while also owning the company's master security risk register and continuous compliance monitoring. You'll report to the Head of Security GRC, who retains overall accountability for the risk program, and work closely with Engineering to make sure controls hold up in practice, not just on paper. WHAT YOU'LL DO - Own the end-to-end certification roadmap (SOC 2 Type II, ISO 27001, and future frameworks like ISO 42001) including scoping, gap assessments, remediation, and audit execution - Manage relationships with external auditors and drive the annual audit calendar so certifications renew without last-minute scrambles - Own and maintain the company's master security risk register including risk identification, scoring methodology, treatment plans, and residual risk reporting - Build and maintain continuous compliance monitoring so control status reflects real-time state rath...
Similar searches
Keep browsing verified remote roles.
These links connect this role to broader free job pages with official application sources and stricter location handling where we have enough proof.Company role signals