Replit
Risk and Compliance Lead
Rol remoto de SRE con fit claro de ubicación del candidato.
Publicado10 jul 2026
Países elegibles1 país aceptado
Señal de seniorityLead
Modelo de trabajoRemoto
Ubicaciones aceptadas para candidatos
Estados Unidos
Resumen del rol
Risk and Compliance Lead
Requisitos y responsabilidades
Contenido del rol extraído en secciones para revisar más rápido.
What You'll Do
- Own the end-to-end certification roadmap (SOC 2 Type II, ISO 27001, and future frameworks like ISO 42001) including scoping, gap assessments, remediation, and audit execution
- Manage relationships with external auditors and drive the annual audit calendar so certifications renew without last-minute scrambles
- Own and maintain the company's master security risk register including risk identification, scoring methodology, treatment plans, and residual risk reporting
- Build and maintain continuous compliance monitoring so control status reflects real-time state rather than point-in-time snapshots
- Own the core audit artifacts that back every certification including ISMS documentation, Statements of Applicability, risk assessments, and potentially FedRAMP System Security Plans (SSPs)
- Run regular audits and readiness assessments, and track remediation of findings and control gaps to closure
- Support GDPR and broader privacy compliance alongside the Legal/Privacy team, without owning the legal interpretation of requirements
- Partner with the GRC Engineer to define what evidence collection and control monitoring should be automated versus manually reviewed
- Track and report on compliance posture and audit findings to security leadership
Required Skills & Experience
- 8+ years in security compliance, IT audit, or GRC roles, with direct ownership of at least one SOC 2 and/or ISO 27001 certification cycle
- Working knowledge of common frameworks (SOC 2, ISO 27001, NIST CSF) and how to map controls across them
- Hands-on experience authoring or substantially maintaining an ISMS, SSP, or equivalent audit-facing documentation set and not just filling out a template
- Experience owning a formal risk register including risk identification, scoring methodology, treatment plans, and residual risk reporting to leadership
- Experience with GRC/compliance automation platforms (e.g., Anecdotes, Vanta, Drata, etc.) and continuous control monitoring
- Experience working directly with external auditors and managing an audit end to end
- Comfortable reading technical control evidence and having detailed conversations with engineers about how systems actually work
- Working familiarity with GDPR/privacy fundamentals sufficient to partner effectively with a legal team
Bonus Qualifications
- Experience scoping or pursuing ISO 42001 or other AI governance frameworks
- Familiarity with FedRAMP or other government compliance regimes
- Background in a developer tools, platform, or AI/ML product company
- Relevant certifications (CISA, CISSP, ISO 27001 Lead Auditor/Implementer)
- Experience standing up a compliance program from an early or pre-certification stage
Bonus Qualifications
- Meet the Replit Agent
- Replit: Make an app for that
- Replit Blog
- Amjad TED Talk
Bonus Qualifications
- Operating Principles
- Reasons not to work at Replit
Roles similares
Mantén una lista de respaldo.
Stack
Usa estas tags para comparar roles remotos similares.
Elegibilidad de ubicación
Candidatos deberían aplicar solo cuando el país del perfil aparece aquí.
Tu perfilPaís no definidoInicia sesión para comparar tu país con este rol.
Flujo de contratación
WithMira muestra el rol y luego envía candidatos a la aplicación de la empresa.
1Revisa fit del rol, stack y elegibilidad de ubicación en WithMira.
2Abre la página de aplicación de la empresa desde el link rastreado.
3Guarda el rol o suscríbete a oportunidades similares antes de salir.