Senior GRC Engineer

🕒 Maio 11

🇺🇸 Estados Unidos – Remoto (EUA)

💵 $115.500 - $213.000 / ano

⏰ Tempo Integral

🟠 Sênior

🚔 Conformidade

🦅 Patrocina Visto H1B

Esta empresa já patrocinou vistos H1B no passado.

Candidatar-se

Encontrar Vagas Remotas Similares

Receber Emails de Vagas Remotas

📊 Verifique sua pontuação de currículo para esta vaga

Melhore suas chances de conseguir uma entrevista verificando sua pontuação de currículo antes de se candidatar.

Enviar Currículo

Life360

SiteLinkedInTodas as Vagas

201 - 500 funcionários

Fundada em 2008

👥 B2C

📡 Telecomunicações

💰 Post-IPO Equity em 2022-11

B2C • Safety • Telecommunications

A Life360 é um aplicativo líder em segurança familiar que oferece um conjunto abrangente de serviços para segurança digital e de localização. Com a Life360, os usuários podem compartilhar sua localização facilmente, rastrear seus telefones e gerenciar medidas de segurança de direção, incluindo detecção de acidentes e assistência na estrada 24 horas por dia, 7 dias por semana. O aplicativo inclui recursos para segurança digital, como proteção contra roubo de identidade e alertas SOS, garantindo proteção e prevenção para cada membro da família. Os planos da Life360, que incluem opções gratuitas, Gold e Platinum, são projetados para atender diversas necessidades, oferecendo tranquilidade com ferramentas avançadas de segurança e coordenação. O aplicativo é confiado por milhões de usuários e altamente avaliado nas lojas de aplicativos por sua eficiência e confiabilidade na conexão entre membros da família e garantia de sua segurança.

Descrição

• Own the governance framework for Life360's agentic systems. The major compliance frameworks are still figuring out how to account for autonomous agents. Define the policies, control sets, and compliance posture that govern how agents are built and deployed at Life360 — and build ahead of the regulation. • Take an agentic approach to GRC itself. Automate evidence collection, draft control narratives, triage vendor questionnaires — use AI and internal tooling to do the work humans shouldn't be doing manually. Write the integrations and pipelines that make it real. Know where AI creates leverage, where it introduces risk, and where a human needs to stay in the loop. • Build the policy program as code. Policies in Git, peer-reviewed via pull request. Requirements expressed as enforceable rules and automated checks, not static PDFs. A common controls framework that satisfies SOC 2, ISO 27001, NIST CSF, and future frameworks from a single control reference — no rework. • Drive SOC 2 Type 2, ISO 27001, and SOX ITGC end-to-end as management owner — managing evidence, coordinating with external assessors, and closing gaps before auditors find them. Build the automation once; satisfy three frameworks. • Build an operational risk function, not a register. Quantitative-leaning, FAIR-informed, and connected to live data sources across cloud security posture, endpoint detection, vulnerability management, and asset inventory. Risk scoring that reflects current reality and is actionable at every altitude — service owner to board executive leadership, with Audit Committee reporting on enterprise risk coordinated with Internal Audit. Build the data model, workflow layer, and closed loop that turns risk from a prioritization exercise into a lifecycle with owners and treatment decisions. • Mature the TPRM program. Tiered reviews by risk and data sensitivity. Automated evidence collection and agent-based workflows that reduce friction for vendors and internal teams alike — making it easier to do this right than to skip it. • Be the auditor's primary management contact. Own scoping, walkthroughs, evidence delivery, and management responses for SOC 2, ISO 27001, and SOX ITGC. Auditors leave knowing more about how Life360 actually works than they did when they walked in — and findings get closed before they become repeat findings. • Build the cross-functional relationships that make GRC work in practice. Engineering, Legal, Privacy, Internal Audit and Procurement are all load-bearing parts of this program — own those partnerships and build the workflows that make compliance a shared practice, not a security team deliverable. • Maintain clear role boundaries between management’s first- and second-line GRC operations and Internal Audit’s third-line independent assurance.

🎯 Requisitos

• 5+ years in GRC, security engineering, or a hybrid role where you owned both the policy and control side and the technical implementation — not one or the other. • You build with AI tools, not just use them. You've used LLMs and agents in real work — drafting, code, automation, investigation — and can make judgment calls about where AI creates leverage and where it introduces risk. Experience designing or operating agentic workflows is a strong signal. • Coding ability that ships. Python or equivalent — you can call APIs, build integrations, schedule jobs, and deploy a working pipeline without help. Show us something you built. • You can evidence controls directly in cloud environments — identity, audit logs, configuration posture, secrets management — without relying on screenshots or system owners. You pull evidence from APIs. • You've implemented, integrated, or significantly extended a modern GRC platform. You know what these platforms actually solve, where they fall short, and when to write your own code instead. • SOC 2, ISO 27001, and NIST AI RMF at the control level, not just the headers. You understand how these frameworks are evolving to account for AI and agentic systems. • You've worked through SOX ITGC cycles at a public company — managing evidence, walkthroughs, and findings with external auditors. • Built or scaled a TPRM program — you've designed tiering, pushed back on bad vendors, and automated parts of the assessment workflow. • Quantitative risk experience — you've owned a risk register and made it useful to engineers and executives. FAIR or equivalent methodology in real use is a strong signal. • Clear writing — policies, control narratives, audit responses, and risk statements that engineers and lawyers both understand. • Bachelor's degree or equivalent.

🏖️ Benefícios

• Competitive pay and benefits • Medical, dental, vision, life and disability insurance plans (100% paid for employees) • 401(k) plan with company matching program • Mental Wellness Program & Employee Assistance Program (EAP) for mental well-being • Flexible PTO, 13 company-wide days off throughout the year • Winter and Summer Weeklong Synchronized Company Shutdowns • Learning & Development programs • Equipment, tools, and reimbursement support for a productive remote environment • Free Life360 Platinum Membership for your preferred circle • Free Tile Products