Replit

GRCEngineer

$210–320k Foster City, California, United States FULL TIME

Market Sentiment

HIGH DEMAND

Neural analysis suggests this role is
optimal for Senior candidates.

The Brief

“GRC Engineer at Replit. Skills: GRC, Information Security, Technical Fluency, Regulatory Breadth, Automation Mindset. Act as a technical subject matter expert for the GRC team.. Drive quality, technical depth, and operational efficiency in our security controls.”

Industry & Context.

Problems you'll solve

Solutions-Oriented: You prefer fixing root causes and empowering teams through automation over manual bureaucracy.

What They're Looking For.

Must Have

8+ years of experience in GRC or Information Security, Technical Fluency: Ability to speak the language of engineering, cloud (GCP/AWS), and security architecture., Regulatory Breadth: Deep experience with SOC 2, ISO 27001, PCI, HIPPA, and Privacy laws., Collaborative Communication: ability to explain risk and tradeoffs to technical (Engineers), legal, and commercial (Sales/Execs) stakeholders., Automation Mindset: Experience with GRC automation tools (e.g., Vanta, Drata) and a bias toward reducing manual toil.

Nice to Have

Familiarity with FedRAMP, ITAR, or AI regulation is a plus.

What You'll Do.

Act as a technical subject matter expert for the GRC team.

and operational efficiency in our security controls.

Own the technical vision for Replit’s GRC program

moving the team from manual workflows toward "Compliance-as-Code" and automated evidence collection.

Champion a culture of security and privacy across the company

educating teams on why controls exist rather than just enforcing them.

Partner with Architects and Engineering Leads to "bake in" compliance requirements early in the design phase.

Translate complex technical implementations into narratives that satisfy frameworks without slowing down development.

Work closely with Legal Counsel to interpret and implement requirements for Privacy (GDPR

CCPA) and emerging AI-specific regulations (e.g.

Enable the Sales team by managing the Customer Trust Center and handling complex security questionnaires.

Serve as a subject matter expert in customer calls to build confidence with enterprise prospects.

Own and cultivate the primary relationship with external auditors.

Serve as the bridge between auditors and internal teams

ensuring requests are reasonable

and relevant to our tech stack.

Operate the Cybersecurity Risk Register.

distinguishing between theoretical compliance gaps and meaningful business risks.

Manage and evolve our compliance posture across SOC 2

and prepare the organization for future certifications in regulated markets (e.g.

Apply judgment to operate in "gray areas" when appropriate.

Prioritize issues that represent real security or business risk over "compliance theater."

Drive the shift from manual evidence collection to continuous monitoring.

Identify opportunities to automate audit work

ensuring GRC scales with the business.

Architect a scalable framework for assessing third-party vendors and AI model providers

ensuring our supply chain remains secure without creating administrative bottlenecks.

How You'll Work.

Team & Collaboration

Partnering deeply across the organization.; Partner with Architects and Engineering Leads to "bake in" compliance requirements early in the design phase.; Work closely with Legal Counsel to interpret and implement requirements.; Enable the Sales team by managing the Customer Trust Center and handling complex security questionnaires.; Serve as a subject matter expert in customer calls to build confidence with enterprise prospects.; Own and cultivate the primary relationship with external auditors.; Serve as the bridge between auditors and internal teams, ensuring requests are reasonable, clear, and relevant to our tech stack.; Collaborative Communication: ability to explain risk and tradeoffs to technical (Engineers), legal, and commercial (Sales/Execs) stakeholders.; Solutions-Oriented: You are collaborative and low-ego.

Communication Scope

Collaborative Communication: ability to explain risk and tradeoffs to technical (Engineers), legal, and commercial (Sales/Execs) stakeholders.; Clarity: You can take a complex regulation and explain exactly what it means for a specific engineering team in plain English.

Full Job Description

Replit is the agentic software creation platform that enables anyone to build applications using natural language. With millions of users worldwide, Replit is democratizing software development by removing traditional barriers to application creation. ABOUT THE ROLE Replit is the agentic software creation platform that enables anyone to build applications using natural language. As we scale to support millions of developers and enterprise organizations, maintaining a robust, transparent, and technically sound Governance, Risk, and Compliance (GRC) program is critical. We are looking for a GRC Engineer to serve as a key technical contributor for our compliance and risk management ecosystem. You will architect the systems and processes that automate trust, partnering deeply across the organization. We need a pragmatic operator who understands that GRC exists to enable the business—balancing rigorous standards with the velocity of a high-growth startup. WHAT YOU'LL DO Technical Excellence & Architecture - Technical Depth: Act as a technical subject matter expert for the GRC team. You will drive quality, technical depth, and operational efficiency in our security controls. - Program Architecture: Own the technical vision for Replit’s GRC program, moving the team from manual workflows toward "Compliance-as-Code" and automated evidence collection. - Thought Leadership: Champion a culture of security and privacy across the company, educating teams on why controls exist rather than just enforcing them. Cross-Functional Collaboration - Engineering & Architecture: Partner with Architects and Engineering Leads to "bake in" compliance requirements early in the design phase. You will translate complex technical implementations into narratives that satisfy frameworks without slowing down development. - Legal & Privacy: Work closely with Legal Counsel to interpret and implement requirements for Privacy (GDPR, CCPA) and emerging AI-specific regulations (e.g., EU AI Act). - Sales

Free ATS check

Applying for this GRC Engineer role?

Most applicants get filtered before a human reads their resume. See if yours makes the cut.

Should you apply? AI reads your resume vs this job — match score, gaps to address, ATS keywords.

SKILL SIGNAL 34 detected · ranked by frequency

Technical Depth ×3

Program Architecture ×3

Risk Management ×3

Strategic Compliance ×3

Automation & Efficiency ×3

Control Automation ×3

Continuous Monitoring ×3

Third-Party Risk ×3

GRC ×2

Information Security ×2

Technical Fluency ×2

Regulatory Breadth ×2

Automation Mindset ×2

GRC automation tools ×2

Vanta ×2

Drata ×2

GCP

AWS

Governance, Risk, and Compliance (GRC) program

Compliance-as-Code

automated evidence collection

Privacy (GDPR, CCPA)

AI-specific regulations (e.g., EU AI Act)

Customer Trust Center

security questionnaires

Cybersecurity Risk Register

SOC 2

ISO 27001

FedRAMP

ITAR

PCI

HIPAA

BEHAVIOURAL

Pragmatic operatorThought LeadershipPragmatismSolutions-Orientedlow-egoClarity

Role Details

Experience 8–10 yrs

Level Senior

Work Mode Hybrid: 3 days in office

Type FULL TIME

Category security

Salary Band 200k+

AI-Extracted Insights

Domain Areas

governanceriskand-compliance-grcinformation-securityprivacy-gdprccpaai-specific-regulations-e-geu-ai-act

How to Apply on Ashby

Ashby is a fast modern ATS — most applications take under 3 minutes.
The resume parser is strong; verify parsed experience dates and job titles.
Custom screening questions are often scored algorithmically — answer completely.
Location field affects geo-based screening; use your actual metro area.

ANONYMOUS · UNFILTERED

What do employees actually say about Replit?

Real rants from real employees. Read before you apply.

Read Company Rants →