Governance, Risk & Compliance (GRC) Engineer

fal•San Francisco, CA

About The Position

Fal is the generative media ecosystem powering the next generation of AI products. We build the infrastructure, tools, and model access that teams need to move from idea to production, and do it at scale without compromise. For developers and enterprises, fal is the foundation that makes generative media not just possible, but practical: a unified platform where high-performance inference, orchestration, and observability come together to unlock new categories of AI-native products. As generative media reshapes industries across a market projected to grow by hundreds of billions over the next decade, fal is becoming the ecosystem that ambitious teams build on. Fal.ai is the leading generative media platform for developers, enabling organizations to build, deploy, and scale AI-powered applications. We are focused on delivering highly available, secure, and compliant infrastructure while maintaining the speed and agility expected from a modern AI company. We are looking for a Governance, Risk & Compliance (GRC) Engineer to help scale our security and compliance programs as we continue to grow. This role will partner closely with Security, Engineering, Infrastructure, Legal, and Go-to-Market teams to strengthen our risk management capabilities, maintain compliance certifications, support enterprise customer requirements, and build scalable governance processes.

Requirements

Understand cloud infrastructure, modern security practices, and compliance frameworks
Ability to translate technical controls into business and regulatory requirements

Responsibilities

Manage and improve Fal's security compliance programs, including: SOC 2, ISO 27001, GDPR, Emerging AI governance frameworks
Coordinate internal and external audits.
Maintain security policies, standards, procedures, and control documentation.
Develop compliance automation and continuous monitoring processes.
Support security awareness and policy governance initiatives.
Lead enterprise risk assessments and risk register management.
Perform vendor and third-party risk assessments.
Conduct control gap analyses and remediation tracking.
Facilitate risk reviews with stakeholders across engineering and business teams.
Develop metrics and reporting for risk and compliance leadership.
Support enterprise security reviews and customer due diligence requests.
Assist with security questionnaires, audits, and RFP responses.
Help maintain trust center content and security documentation.
Partner with Sales, Legal, and Customer Success to address customer security concerns.
Collaborate with Security and Infrastructure teams to implement and validate security controls.
Evaluate cloud and AI infrastructure against security requirements.
Assess effectiveness of technical safeguards including: Identity and access management, Logging and monitoring, Vulnerability management, Incident response, Data protection controls
Support evidence collection and control testing.
Build scalable GRC processes that reduce manual effort.
Identify opportunities for compliance automation.
Develop governance frameworks for emerging AI and machine learning technologies.
Support strategic security initiatives and certifications.