Risk and Compliance Lead

ReplitVerified source: this listing comes from the employer's official hiring system or a verified company Β· Remote, United States Β· Remote
Listed via Ashby
Posted Jul 10, 2026 Β· Apply by Oct 9
Recently checked

Last checked active on Jul 11, 2026.

Position Overview

Compensation: Not disclosed
Position: Mid
Type: Job
Employment: Full time
Practice Area: Compliance
Remote: Yes
Deadline: Oct 9, 2026

Job Description

Replit is the agentic software creation platform that enables anyone to build applications using natural language. With millions of users worldwide, Replit is democratizing software development by removing traditional barriers to application creation.


About the role:

Replit is building the security GRC function that will scale with an AI-native product. As the Risk & Compliance lead, you'll own our certification and audit program end to end: SOC 2, ISO 27001, and eventually ISO 42001 (AI management systems), while also owning the company's master security risk register and continuous compliance monitoring. You'll report to the Head of Security GRC, who retains overall accountability for the risk program, and work closely with Engineering to make sure controls hold up in practice, not just on paper.


What You'll Do

  • Own the end-to-end certification roadmap (SOC 2 Type II, ISO 27001, and future frameworks like ISO 42001) including scoping, gap assessments, remediation, and audit execution

  • Manage relationships with external auditors and drive the annual audit calendar so certifications renew without last-minute scrambles

  • Own and maintain the company's master security risk register including risk identification, scoring methodology, treatment plans, and residual risk reporting

  • Build and maintain continuous compliance monitoring so control status reflects real-time state rather than point-in-time snapshots

  • Own the core audit artifacts that back every certification including ISMS documentation, Statements of Applicability, risk assessments, and potentially FedRAMP System Security Plans (SSPs)

  • Run regular audits and readiness assessments, and track remediation of findings and control gaps to closure

  • Support GDPR and broader privacy compliance alongside the Legal/Privacy team, without owning the legal interpretation of requirements

  • Partner with the GRC Engineer to define what evidence collection and control monitoring should be automated versus manually reviewed

  • Track and report on compliance posture and audit findings to security leadership


Required Skills & Experience

  • 8+ years in security compliance, IT audit, or GRC roles, with direct ownership of at least one SOC 2 and/or ISO 27001 certification cycle

  • Working knowledge of common frameworks (SOC 2, ISO 27001, NIST CSF) and how to map controls across them

  • Hands-on experience authoring or substantially maintaining an ISMS, SSP, or equivalent audit-facing documentation set and not just filling out a template

  • Experience owning a formal risk register including risk identification, scoring methodology, treatment plans, and residual risk reporting to leadership

  • Experience with GRC/compliance automation platforms (e.g., Anecdotes, Vanta, Drata, etc.) and continuous control monitoring

  • Experience working directly with external auditors and managing an audit end to end

  • Comfortable reading technical control evidence and having detailed conversations with engineers about how systems actually work

  • Working familiarity with GDPR/privacy fundamentals sufficient to partner effectively with a legal team


Bonus Qualifications

  • Experience scoping or pursuing ISO 42001 or other AI governance frameworks

  • Familiarity with FedRAMP or other government compliance regimes

  • Background in a developer tools, platform, or AI/ML product company

  • Relevant certifications (CISA, CISSP, ISO 27001 Lead Auditor/Implementer)

  • Experience standing up a compliance program from an early or pre-certification stage

This is a full-time role that can be held from our Foster City, CA office. The role has an in-office requirement of Monday, Wednesday, and Friday.

Full-Time Employee Benefits Include:

πŸ’° Competitive Salary & Equity

πŸ’Ή 401(k) Program with a 4% match (US Only)

βš•οΈ Health, Dental, Vision and Life Insurance

🩼 Short Term and Long Term Disability

🚼 Paid Parental, Medical, Caregiver Leave

🏝 Flexible Time Off (FTO) + Holidays

πŸš— Commuter Benefits (In-Office Only)

πŸ“± Monthly Wellness Stipend

πŸ§‘β€πŸ’» Autonomous Work Environment

πŸ–₯ In Office Set-Up Reimbursement (In-Office Only)

πŸš€ Quarterly Team Gatherings

β˜• In Office Amenities (In-Office Only)

Want to learn more about what we are up to?

Interviewing + Culture at Replit

To achieve our mission of making programming more accessible around the world, we need our team to be representative of the world. We welcome your unique perspective and experiences in shaping this product. We encourage people from all kinds of backgrounds to apply, including and especially candidates from underrepresented and non-traditional backgrounds.

Practice Area

Position

Mid

Industry

Technology

Applicant Location Requirements

Applicants must be located in: United States

Application Deadline

October 9, 2026

Employment Type

Full time

Work Arrangement

Remote/Telecommute Position

Report this job
Thank you. Our team will review this report.

Tell us if this listing is inaccurate, closed, fake, duplicated, or unsafe. You do not need an account to report it.