The Risk and Compliance Lead will lead security compliance initiatives across Applied Intuition, ensuring robust risk management and compliance with industry standards. This role involves owning the GRC program, conducting risk assessments, managing compliance audits, and collaborating with cross-functional teams to embed security into business and product decisions.
What You'll Do
- Own and mature the security GRC program, including policy lifecycle management, risk register maintenance, and control framework alignment across the organization
- Conduct comprehensive enterprise and product-level risk assessments to identify, prioritize, and track risks against the company's risk appetite - translating findings into actionable remediation plans for stakeholders
- Lead, manage and support compliance efforts such as, but not limited to, SOC2, ISO 27001, ISO 9001, TISAX, and federal/defense requirements - owning audit readiness, evidence collection, and remediation tracking end to end
- Drive Third Party Risk Management (TPRM) program, including vendor assessments, contract security reviews, and ongoing monitoring of critical third parties
- Build and maintain the GRC program infrastructure - including risk tracking, compliance tooling, reporting cadences, and executive-level risk reporting
- Partner with Legal, Engineering, IT, and Operations to embed compliance and risk requirements into business processes, product development, and infrastructure decisions
- Develop and maintain security policies, standards, and procedures that are practical, enforceable, and aligned to regulatory and contractual obligations
- Support customer-facing security assurance activities including questionnaires, audits, and contractual security reviews
What We're Looking For
- 6+ years of experience in security GRC, risk management, or compliance program ownership - with a track record of building or maturing programs, not just executing within them
- Hands on experience in running Enterprise Risk Assessments aligned with industry standard frameworks, risk register ownership, and translating technical risk into business-level impact
- Past experience of running Security Maturity Assessments against NIST 800-53, CCF, and more
- Deep hands-on experience managing SOC 2, ISO 27001, and TISAX audits - including scoping, control mapping, evidence coordination, and auditor management
- Experience running Third Party Risk Management programs including vendor tiering, security assessments, and ongoing monitoring
- Ability to interpret compliance frameworks in practical terms and drive cross-functional remediation without direct authority
- Strong communication skills - comfortable presenting risk posture and program status to executive leadership and board-level stakeholders
- Experience with GRC tooling such as Vanta, Drata, OneTrust, or similar platforms
Nice to Have
- Experience with Automotive security and safety compliance frameworks such as ISO 21434, ISO 26262
- Certifications such as CISSP
Technical Stack
- Vanta
- Drata
- OneTrust
- NIST 800-53
- CCF
- SOC2
- ISO 27001
- ISO 9001
- TISAX
- ISO 21434
- ISO 26262
Benefits & Compensation
- Comprehensive health insurance coverage
- Dental insurance coverage
- Vision insurance coverage
- Life and disability insurance coverage
- 401k retirement benefits with employer match
- Learning stipends
- Wellness stipends
- Paid time off
Compensation includes a base salary of $160,000 - $190,000 USD annually, equity in the form of options and/or restricted stock units, and comprehensive benefits.
Work Mode
Employees primarily work from the office 5 days a week, with flexibility for occasional remote work, starting the day with morning meetings from home before heading to the office, or leaving earlier when needed to accommodate family commitments. Office locations include Sunnyvale, California; Washington, D.C.; San Diego; Ft. Walton Beach, Florida; Ann Arbor, Michigan; London; Stuttgart; Munich; Stockholm; Bangalore; Seoul; and Tokyo.
Applied Intuition is an equal opportunity employer and federal contractor. The company abides by 41 CFR 60-1.4(a), 41 CFR 60-300.5(a), and 41 CFR 60-741.5(a), which prohibit discrimination based on race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability. The company also follows Executive Order 13496 regarding employee rights under federal labor laws.
