Senior GRC Engineer

🕒 May 11

🇺🇸 United States – Remote

💵 $115.5k - $213k / year

⏰ Full Time

🟠 Senior

🚔 Compliance

🦅 H1B Visa Sponsor

This company has sponsored H1B visas in the past.

Apply Now

Find Similar Remote Jobs

Receive Emails For Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Upload Resume

Life360

WebsiteLinkedInAll Job Openings

201 - 500 employees

Founded 2008

👥 B2C

📡 Telecommunications

💰 Post-IPO Equity on 2022-11

B2C • Safety • Telecommunications

Life360 is a leading family safety app that offers a comprehensive suite of services for location and digital safety. With Life360, users can effortlessly share their location, track their phones, and manage driving safety measures, including crash detection and 24/7 roadside assistance. The app includes features for digital safety, such as identity theft protection and SOS alerts, ensuring protection and prevention for each family member. Life360's plans, which include free, Gold, and Platinum options, are designed to accommodate various needs, offering peace of mind with advanced safety and coordination tools. The app is trusted by millions of users and is highly rated on app stores for its efficiency and reliability in connecting family members and ensuring their safety.

📋 Description

• Own the governance framework for Life360's agentic systems. The major compliance frameworks are still figuring out how to account for autonomous agents. Define the policies, control sets, and compliance posture that govern how agents are built and deployed at Life360 — and build ahead of the regulation. • Take an agentic approach to GRC itself. Automate evidence collection, draft control narratives, triage vendor questionnaires — use AI and internal tooling to do the work humans shouldn't be doing manually. Write the integrations and pipelines that make it real. Know where AI creates leverage, where it introduces risk, and where a human needs to stay in the loop. • Build the policy program as code. Policies in Git, peer-reviewed via pull request. Requirements expressed as enforceable rules and automated checks, not static PDFs. A common controls framework that satisfies SOC 2, ISO 27001, NIST CSF, and future frameworks from a single control reference — no rework. • Drive SOC 2 Type 2, ISO 27001, and SOX ITGC end-to-end as management owner — managing evidence, coordinating with external assessors, and closing gaps before auditors find them. Build the automation once; satisfy three frameworks. • Build an operational risk function, not a register. Quantitative-leaning, FAIR-informed, and connected to live data sources across cloud security posture, endpoint detection, vulnerability management, and asset inventory. Risk scoring that reflects current reality and is actionable at every altitude — service owner to board executive leadership, with Audit Committee reporting on enterprise risk coordinated with Internal Audit. Build the data model, workflow layer, and closed loop that turns risk from a prioritization exercise into a lifecycle with owners and treatment decisions. • Mature the TPRM program. Tiered reviews by risk and data sensitivity. Automated evidence collection and agent-based workflows that reduce friction for vendors and internal teams alike — making it easier to do this right than to skip it. • Be the auditor's primary management contact. Own scoping, walkthroughs, evidence delivery, and management responses for SOC 2, ISO 27001, and SOX ITGC. Auditors leave knowing more about how Life360 actually works than they did when they walked in — and findings get closed before they become repeat findings. • Build the cross-functional relationships that make GRC work in practice. Engineering, Legal, Privacy, Internal Audit and Procurement are all load-bearing parts of this program — own those partnerships and build the workflows that make compliance a shared practice, not a security team deliverable. • Maintain clear role boundaries between management’s first- and second-line GRC operations and Internal Audit’s third-line independent assurance.

🎯 Requirements

• 5+ years in GRC, security engineering, or a hybrid role where you owned both the policy and control side and the technical implementation — not one or the other. • You build with AI tools, not just use them. You've used LLMs and agents in real work — drafting, code, automation, investigation — and can make judgment calls about where AI creates leverage and where it introduces risk. Experience designing or operating agentic workflows is a strong signal. • Coding ability that ships. Python or equivalent — you can call APIs, build integrations, schedule jobs, and deploy a working pipeline without help. Show us something you built. • You can evidence controls directly in cloud environments — identity, audit logs, configuration posture, secrets management — without relying on screenshots or system owners. You pull evidence from APIs. • You've implemented, integrated, or significantly extended a modern GRC platform. You know what these platforms actually solve, where they fall short, and when to write your own code instead. • SOC 2, ISO 27001, and NIST AI RMF at the control level, not just the headers. You understand how these frameworks are evolving to account for AI and agentic systems. • You've worked through SOX ITGC cycles at a public company — managing evidence, walkthroughs, and findings with external auditors. • Built or scaled a TPRM program — you've designed tiering, pushed back on bad vendors, and automated parts of the assessment workflow. • Quantitative risk experience — you've owned a risk register and made it useful to engineers and executives. FAIR or equivalent methodology in real use is a strong signal. • Clear writing — policies, control narratives, audit responses, and risk statements that engineers and lawyers both understand. • Bachelor's degree or equivalent.

🏖️ Benefits

• Competitive pay and benefits • Medical, dental, vision, life and disability insurance plans (100% paid for employees) • 401(k) plan with company matching program • Mental Wellness Program & Employee Assistance Program (EAP) for mental well-being • Flexible PTO, 13 company-wide days off throughout the year • Winter and Summer Weeklong Synchronized Company Shutdowns • Learning & Development programs • Equipment, tools, and reimbursement support for a productive remote environment • Free Life360 Platinum Membership for your preferred circle • Free Tile Products