Senior GRC Engineer

🕒 vor 29 Tagen

🇺🇸 Vereinigte Staaten – Remote

💵 $115.500 - $213.000 / Jahr

⏰ Vollzeit

🟠 Senior

🚔 Compliance

🦅 H1B-Visum-Sponsor

Dieses Unternehmen hat in der Vergangenheit H1B-Visa gesponsert.

Jetzt Bewerben

Ähnliche Remote-Jobs finden

E-Mails für Remote-Jobs erhalten

📊 Überprüfen Sie Ihre Lebenslauf-Bewertung für diese Stelle

Verbessern Sie Ihre Chancen auf ein Vorstellungsgespräch, indem Sie Ihre Lebenslauf-Bewertung vor der Bewerbung überprüfen.

Lebenslauf hochladen

Life360

WebsiteLinkedInAlle Stellen

201 - 500 Mitarbeiter

Gegründet 2008

👥 B2C

📡 Telekommunikation

💰 Post-IPO Equity im 2022-11

B2C • Safety • Telecommunications

Life360 ist eine führende App für Familiensicherheit, die eine umfassende Palette von Diensten für Standort- und digitale Sicherheit bietet. Mit Life360 können Benutzer mühelos ihren Standort teilen, ihre Telefone verfolgen und Sicherheitsmaßnahmen beim Fahren verwalten, einschließlich Unfallerkennung und 24/7 Pannenhilfe. Die App beinhaltet Funktionen zur digitalen Sicherheit, wie Identitätsschutz und SOS-Benachrichtigungen, um Sicherung und Prävention für jedes Familienmitglied zu gewährleisten. Die Pläne von Life360, zu denen kostenlose, Gold- und Platin-Optionen gehören, sind darauf ausgelegt, verschiedene Bedürfnisse zu erfüllen und bieten Sicherheit durch fortschrittliche Sicherheits- und Koordinationstools. Die App wird von Millionen von Nutzern vertraut und ist in den App-Stores für ihre Effizienz und Zuverlässigkeit hoch bewertet, wenn es darum geht, Familienmitglieder zu verbinden und deren Sicherheit zu gewährleisten.

Beschreibung

• Own the governance framework for Life360's agentic systems. The major compliance frameworks are still figuring out how to account for autonomous agents. Define the policies, control sets, and compliance posture that govern how agents are built and deployed at Life360 — and build ahead of the regulation. • Take an agentic approach to GRC itself. Automate evidence collection, draft control narratives, triage vendor questionnaires — use AI and internal tooling to do the work humans shouldn't be doing manually. Write the integrations and pipelines that make it real. Know where AI creates leverage, where it introduces risk, and where a human needs to stay in the loop. • Build the policy program as code. Policies in Git, peer-reviewed via pull request. Requirements expressed as enforceable rules and automated checks, not static PDFs. A common controls framework that satisfies SOC 2, ISO 27001, NIST CSF, and future frameworks from a single control reference — no rework. • Drive SOC 2 Type 2, ISO 27001, and SOX ITGC end-to-end as management owner — managing evidence, coordinating with external assessors, and closing gaps before auditors find them. Build the automation once; satisfy three frameworks. • Build an operational risk function, not a register. Quantitative-leaning, FAIR-informed, and connected to live data sources across cloud security posture, endpoint detection, vulnerability management, and asset inventory. Risk scoring that reflects current reality and is actionable at every altitude — service owner to board executive leadership, with Audit Committee reporting on enterprise risk coordinated with Internal Audit. Build the data model, workflow layer, and closed loop that turns risk from a prioritization exercise into a lifecycle with owners and treatment decisions. • Mature the TPRM program. Tiered reviews by risk and data sensitivity. Automated evidence collection and agent-based workflows that reduce friction for vendors and internal teams alike — making it easier to do this right than to skip it. • Be the auditor's primary management contact. Own scoping, walkthroughs, evidence delivery, and management responses for SOC 2, ISO 27001, and SOX ITGC. Auditors leave knowing more about how Life360 actually works than they did when they walked in — and findings get closed before they become repeat findings. • Build the cross-functional relationships that make GRC work in practice. Engineering, Legal, Privacy, Internal Audit and Procurement are all load-bearing parts of this program — own those partnerships and build the workflows that make compliance a shared practice, not a security team deliverable. • Maintain clear role boundaries between management’s first- and second-line GRC operations and Internal Audit’s third-line independent assurance.

🎯 Anforderungen

• 5+ years in GRC, security engineering, or a hybrid role where you owned both the policy and control side and the technical implementation — not one or the other. • You build with AI tools, not just use them. You've used LLMs and agents in real work — drafting, code, automation, investigation — and can make judgment calls about where AI creates leverage and where it introduces risk. Experience designing or operating agentic workflows is a strong signal. • Coding ability that ships. Python or equivalent — you can call APIs, build integrations, schedule jobs, and deploy a working pipeline without help. Show us something you built. • You can evidence controls directly in cloud environments — identity, audit logs, configuration posture, secrets management — without relying on screenshots or system owners. You pull evidence from APIs. • You've implemented, integrated, or significantly extended a modern GRC platform. You know what these platforms actually solve, where they fall short, and when to write your own code instead. • SOC 2, ISO 27001, and NIST AI RMF at the control level, not just the headers. You understand how these frameworks are evolving to account for AI and agentic systems. • You've worked through SOX ITGC cycles at a public company — managing evidence, walkthroughs, and findings with external auditors. • Built or scaled a TPRM program — you've designed tiering, pushed back on bad vendors, and automated parts of the assessment workflow. • Quantitative risk experience — you've owned a risk register and made it useful to engineers and executives. FAIR or equivalent methodology in real use is a strong signal. • Clear writing — policies, control narratives, audit responses, and risk statements that engineers and lawyers both understand. • Bachelor's degree or equivalent.

🏖️ Vorteile

• Competitive pay and benefits • Medical, dental, vision, life and disability insurance plans (100% paid for employees) • 401(k) plan with company matching program • Mental Wellness Program & Employee Assistance Program (EAP) for mental well-being • Flexible PTO, 13 company-wide days off throughout the year • Winter and Summer Weeklong Synchronized Company Shutdowns • Learning & Development programs • Equipment, tools, and reimbursement support for a productive remote environment • Free Life360 Platinum Membership for your preferred circle • Free Tile Products