
Senior GRC Engineer
Posted 15 hours ago

Posted 15 hours ago
This is a fully remote position, open to applicants in United States.
• Take ownership of the governance framework for Life360's agentic systems. Major compliance frameworks are still adapting to include autonomous agents. Establish the policies, control sets, and compliance stance that dictate how agents are constructed and deployed at Life360, proactively anticipating regulations.
• Adopt an agentic perspective towards Governance, Risk, and Compliance (GRC). Automate the collection of evidence, draft control narratives, and manage vendor questionnaires—leveraging AI and internal tools to handle tasks that should not be performed manually. Develop the integrations and pipelines that bring this vision to fruition while understanding where AI offers advantages, introduces risks, and necessitates human oversight.
• Transform the policy program into code. Store policies in Git, ensuring peer reviews via pull requests. Express requirements as enforceable rules with automated checks instead of static PDFs. Create a common controls framework that meets the requirements of SOC 2, ISO 27001, NIST CSF, and future frameworks from a single control reference—eliminating the need for rework.
• Lead SOC 2 Type 2, ISO 27001, and SOX ITGC processes end-to-end as the management owner—overseeing evidence management, collaborating with external assessors, and addressing gaps before auditors identify them. Build the automation once to fulfill three frameworks.
• Develop an operational risk function rather than merely a register. Focus on quantitative assessments, informed by FAIR methodology, and connect it to real-time data sources across cloud security posture, endpoint detection, vulnerability management, and asset inventory. Create risk scoring that accurately reflects the current state and is actionable across all levels—from service owners to executive leadership—while ensuring Audit Committee reports on enterprise risk are coordinated with Internal Audit. Design the data model, workflow layer, and closed-loop system that transitions risk from a mere prioritization task to a comprehensive lifecycle with designated owners and treatment decisions.
• Enhance the Third-Party Risk Management (TPRM) program. Implement tiered reviews based on risk and data sensitivity. Automate evidence collection and agent-based workflows to reduce friction for both vendors and internal teams—making compliance easier than non-compliance.
• Serve as the primary management contact for auditors. Handle scoping, walkthroughs, evidence delivery, and management responses for SOC 2, ISO 27001, and SOX ITGC. Ensure that auditors leave with a deeper understanding of Life360's operations than when they arrived, and close findings before they can be repeated.
• Cultivate cross-functional relationships essential for effective GRC implementation. Collaborate with Engineering, Legal, Privacy, Internal Audit, and Procurement—integrating these partnerships and developing workflows that make compliance a collective effort rather than solely a security team's responsibility.
• Ensure clear role delineation between management's first- and second-line GRC operations and Internal Audit’s third-line independent assurance.
• Over 5 years of experience in GRC, security engineering, or a hybrid role where you managed both the policy and control aspects alongside technical implementation—rather than focusing on just one side.
• Proficient in building with AI tools, not just utilizing them. You've employed LLMs and agents in practical scenarios—such as drafting, coding, automating, and investigating—and can discern where AI provides leverage versus where it poses risks. Experience in designing or operating agentic workflows is highly valued.
• Capable of coding that results in deployment. Proficient in Python or a similar language—you can call APIs, create integrations, schedule jobs, and deploy a functional pipeline independently. Demonstrate something you've developed.
• Ability to directly evidence controls within cloud environments—covering identity, audit logs, configuration posture, and secrets management—without depending on screenshots or system owners. You retrieve evidence directly from APIs.
• Experienced in implementing, integrating, or significantly enhancing a modern GRC platform. You understand the practical problems these platforms address, their limitations, and when it’s more effective to write custom code.
• Familiarity with SOC 2, ISO 27001, and NIST AI RMF at the control level—not just at the headline level. You are aware of how these frameworks are evolving to encompass AI and agentic systems.
• Experience navigating SOX ITGC cycles at a public company—managing evidence, walkthroughs, and findings in conjunction with external auditors.
• Developed or scaled a TPRM program—designing tiering, challenging poor vendors, and automating portions of the assessment process.
• Possess quantitative risk experience—having managed a risk register that proves useful to both engineers and executives. Experience with FAIR or equivalent methodologies in practical application is a strong indicator.
• Exceptional writing skills—capable of producing policies, control narratives, audit responses, and risk statements that are clear and comprehensible to both engineers and legal professionals.
• Bachelor's degree or equivalent qualification.
• Competitive salary and benefits package
• Comprehensive medical, dental, vision, life, and disability insurance plans (100% covered for employees)
• 401(k) plan with company matching
• Mental Wellness Program & Employee Assistance Program (EAP) to support mental health
• Flexible PTO and 13 company-wide days off throughout the year
• Winter and Summer Weeklong Synchronized Company Shutdowns
• Opportunities for Learning & Development
• Provision of equipment, tools, and reimbursement support for an effective remote working environment
• Complimentary Life360 Platinum Membership for your preferred circle
• Free Tile Products
UltraCon Consultoria
ZeOmega
ARHS Group
Get handpicked remote jobs straight to your inbox weekly.