Brain Co.
AI
GRCLead
Neural analysis suggests this role is
optimal for Senior candidates.
“GRC Lead at Brain Co.. Skills: GRC program, Data handling, Risk management, Compliance. Own the end-to-end GRC program. Build the data handling backbone”
What You'll Achieve.
treat it as a strategic advantage, not a checklist; win the next ones; unblocks enterprise deals; Bake compliance into the product; Shape how compliance is done for AI-native companies
Industry & Context.
energized by a 0→1 program; Bias toward pragmatism over bureaucracy
What They're Looking For.
Must Have
8+ years building and running GRC programs in regulated environments, taken a company through SOC 2 Type II from a cold start, lived HIPAA, GLBA, FedRAMP, or equivalent work hands-on, deep executor: you write the policies, draft the white papers, and ship the automation yourself, high-trust cross-functional partner, Translate technical risk for the boardroom and regulatory risk for the engineers fluently in both directions, at home in ambiguity and energized by a 0→1 program, opinion about data: how it’s classified, where it lives, who can see it, and how you prove it, Bias toward pragmatism over bureaucracy
Nice to Have
Direct experience operating across US and MENA (or other multi-jurisdictional) regulatory environments, on-prem and data residency requirements, FedRAMP/GovRAMP, IL4/IL5, or equivalent government-customer compliance experience, Standing up GRC programs at AI or ML-heavy companies, novel evidence and disclosure questions that come with model training data, agent actions, and customer data flowing through AI systems, Hands-on with compliance automation tooling (Vanta, Drata, Secureframe, etc.), willingness to replace it when it’s the wrong tool, Comfort reading the technical controls themselves (Terraform, IAM policies, audit logs) well enough to verify what an auditor is being told
What You'll Do.
Own the end-to-end GRC program
Build the data handling backbone
Run audits as a builder
Stand up third-party risk
Be the function that unblocks enterprise deals
Partner with engineering
Run a single risk operating cadence
How You'll Work.
Team & Collaboration
partner directly with engineering, legal, sales, and customer; sit with an engineer reasoning about IAM controls; walk GTM through a DPA; brief a customer’s CISO; Work alongside senior engineers
Communication Scope
Translate technical risk for the boardroom and regulatory risk for the engineers fluently in both directions
Process & Methodology
Run audits as a builder, not a project manager
Full Job Description
ABOUT BRAIN CO. Brain Co. is an applied AI startup co-founded by Jared Kushner and Elad Gil, and backed by leading Silicon Valley builders including Patrick Collison and Andrej Karpathy. We are building AI applications for the world's most important institutions, delivering impact on real-world problems across governments, healthcare systems, and critical industries. Our progress so far: - Automated construction permitting for a sovereign government → 80% faster, unlocking $375M+ in value - Optimized supply chains for a leading global energy company → 30% lower cost, 99% reliability, preventing $100M+ in losses - Streamlined hospital patient care across national health systems → 40% better outcomes, 80% less admin work Company momentum: - Raised a $55M Series A from leading investors - Built a team of 70+ AI experts from Tesla, Google DeepMind, NVIDIA, and Databricks ABOUT THE ROLE: At Brain Co., we focus on applying frontier AI to real institutional challenges, working alongside governments, healthcare systems, and critical industries to modernize how essential services operate. We are looking for leaders who want to help bring new technology into institutions that impact millions of people. As our GRC Lead, you’ll own the governance, risk, and compliance program end-to-end - and treat it as a strategic advantage, not a checklist. Brain Co. carries one of the most demanding regulatory loads of any company our size: SOC 2 Type II and HIPAA in place today, with ISO 27001, NIST 800-171, FedRAMP/GovRAMP, GLBA, and US/MENA data residency on the near-term roadmap. That’s what selling to governments, hospitals, and financial institutions costs - and done right, it’s how we win the next ones. This is a 0→1 builder role. You’ll define the principles, write the policies, run the audits, build the automation, and partner directly with engineering, legal, sales, and customer – not advising from the sidelines. This is a high-ownership role for someone who has built programs l
Applying for this GRC Lead role?
Most applicants get filtered before a human reads their resume. See if yours makes the cut.
How to Apply on Ashby
- Ashby is a fast modern ATS — most applications take under 3 minutes.
- The resume parser is strong; verify parsed experience dates and job titles.
- Custom screening questions are often scored algorithmically — answer completely.
- Location field affects geo-based screening; use your actual metro area.
ANONYMOUS · UNFILTERED
What do employees actually say about Brain Co.?
Real rants from real employees. Read before you apply.