Life360 - Senior GRC Engineer

• 5+ years in GRC, security engineering, or a hybrid role where you owned both the policy and control side and the technical implementation — not one or the other. • You build with AI tools, not just use them. You've used LLMs and agents in real work — drafting, code, automation, investigation — and can make judgment calls about where AI creates leverage and where it introduces risk. Experience designing or operating agentic workflows is a strong signal. • Coding ability that ships. Python or equivalent — you can call APIs, build integrations, schedule jobs, and deploy a working pipeline without help. Show us something you built. • You can evidence controls directly in cloud environments — identity, audit logs, configuration posture, secrets management — without relying on screenshots or system owners. You pull evidence from APIs. • You've implemented, integrated, or significantly extended a modern GRC platform. You know what these platforms actually solve, where they fall short, and when to write your own code instead. • SOC 2, ISO 27001, and NIST AI RMF at the control level, not just the headers. You understand how these frameworks are evolving to account for AI and agentic systems. • You've worked through SOX ITGC cycles at a public company — managing evidence, walkthroughs, and findings with external auditors. • Built or scaled a TPRM program — you've designed tiering, pushed back on bad vendors, and automated parts of the assessment workflow. • Quantitative risk experience — you've owned a risk register and made it useful to engineers and executives. FAIR or equivalent methodology in real use is a strong signal. • Clear writing — policies, control narratives, audit responses, and risk statements that engineers and lawyers both understand. • Bachelor's degree or equivalent. • Experience taking a company through SOC 2 Type 2 or ISO 27001 certification from scratch. • You've worked on the implementation side of security — engineering, operations, or incident response. You don't just audit other teams' work; you understand it because you've done it. • Experience building governance frameworks for AI systems — model risk, ISO 42001, or controls around LLM and agent deployment. • Ai-Native Daily use: You use AI tools for real, substantive work — analysis, drafting, automation, code, investigations, evidence gathering. • Ai-Native Daily use: • Judgment and ownership: AI-generated work gets the same scrutiny you'd give any human-produced artifact. You're accountable for everything you ship. • Judgment and ownership: • Domain-specific judgment: You know where AI is the wrong tool. Sensitive data handling, attacker-controlled inputs, agents with production access, and privileged identity changes all need careful guardrails — and you can articulate where AI helps, where it hurts, and where it needs a human in the loop. • Domain-specific judgment: • Leverage: When AI is working well, you take on problems that would otherwise require a larger team. We hire people who use that leverage to ship better outcomes, not just faster ones. • Leverage: • Continuous learning: The tooling moves fast. You stay current, share what works with the team, and speak up when something would meaningfully change how we operate. • Continuous learning: