Risk and Compliance Lead
Replit
Replit is the agentic software creation platform that enables anyone to build applications using natural language. With millions of users worldwide, Replit is democratizing software development by removing traditional barriers to application creation. ABOUT THE ROLE: Replit is building the security GRC function that will scale with an AI-native product. As the Risk & Compliance lead, you'll own our certification and audit program end to end: SOC 2, ISO 27001, and eventually ISO 42001 (AI management systems), while also owning the company's master security risk register and continuous compliance monitoring. You'll report to the Head of Security GRC, who retains overall accountability for the risk program, and work closely with Engineering to make sure controls hold up in practice, not just on paper. WHAT YOU'LL DO - Own the end-to-end certification roadmap (SOC 2 Type II, ISO 27001, and future frameworks like ISO 42001) including scoping, gap assessments, remediation, and audit execution - Manage relationships with external auditors and drive the annual audit calendar so certifications renew without last-minute scrambles - Own and maintain the company's master security risk register... Click Apply to read the full job description.