GRC Automation & Assurance Lead

RoktNew York, NY
Hybrid

About The Position

We are looking for a GRC professional who is equal parts auditor and builder. Rokt's information security management system is ISO 27001 and SOC 2 certified, and protects personal customer data entrusted to us by leading global e-commerce brands with a combined 100 million transactions each month. As we scale, we are reimagining GRC as an AI-first function — one where agents and automation do the heavy lifting on evidence collection, control monitoring, questionnaire response, and audit preparation, freeing humans to focus on judgment, strategy, and stakeholder partnership. You will own the audit, assurance, and compliance pillar of our GRC program, and you will lead the design and engineering of the agentic systems that run it. This is not a "use ChatGPT to summarise a policy" role. You will architect and ship agents on our internal Security Agent Suite, build internal GRC tools using AI coding agents like Claude Code and Cursor, and treat automation as a first-class deliverable alongside the audits you lead. You will work closely with engineering, product, legal, finance, people, and our external auditors to drive ISO 27001, SOC 1, and SOC 2 programs to clean outcomes — and to make sure that next year, the same outcomes are achieved with materially less manual effort. You move fast, you prefer significant leaps over small iterations, and you genuinely enjoy the intersection of compliance rigour and AI engineering.

Requirements

  • 4+ years of relevant experience in Governance, Risk & Compliance, ideally in a fast-moving tech environment
  • Working knowledge of ISO 27000 family, SOC 1, SOC 2, NIST CSF, and privacy regulations (GDPR, CCPA, CPRA); bonus for PCI-DSS, CIS, SCF, ISO 42001, NIST AI RMF
  • Hands-on internal auditing experience against ISO 27001 and SOC 2
  • Track record managing external audits end-to-end, including evidence collection, auditor engagement, and findings remediation
  • Solid grasp of controller/processor concepts and broader privacy fundamentals
  • Demonstrated experience designing and shipping agentic AI systems — not just using a chatbot. You have built agents that take actions, call tools, integrate with APIs, and complete multi-step workflows
  • Comfortable using AI coding agents (Claude Code, Cursor, Copilot, or similar) to build and maintain internal tools; able to read, modify, and ship code even if you don't consider yourself a software engineer
  • Familiarity with at least one agent framework (Google ADK, LangGraph, OpenAI Agents SDK, MCP, or similar) and the core patterns: tool use, memory, evaluation, guardrails
  • Understanding of LLM risks and controls — prompt injection, model misuse, agent autonomy, data leakage — and how they map to frameworks like OWASP Agentic Top 10 or NIST AI RMF
  • Working knowledge of basic IT, cloud (AWS preferred), APIs, and SQL
  • Comfort with version control (Git/GitHub) and basic scripting (Python or TypeScript)
  • Strong written and verbal communication; able to translate technical detail into business language for leadership, clients, and auditors
  • Demonstrated ability to break complex compliance requirements into scalable, automated processes that don't slow the business down
  • Bias for shipping, comfort with ambiguity, and a builder mindset
  • Strong attention to detail balanced with willingness to use AI to extend it
  • Highly responsive, autonomous, and resilient

Responsibilities

  • Architect, build, and maintain agents on Rokt's internal Security Agent Suite for GRC workflows, including client security questionnaires, evidence collection, control testing, vendor assessments, DPIAs, and audit preparation
  • Design new GRC automations end-to-end: scope the workflow, build the agent or tool, validate outputs, and roll it out with the rest of the GRC team
  • Build internal tools and integrations using AI coding agents (Claude Code, Cursor, or equivalents) to extend our in-house GRC systems and Jira-based workflows
  • Continuously evaluate agent performance, refine prompts and tool definitions, and improve coverage and accuracy of automated controls
  • Lead the ISO 27001:2022 surveillance and recertification cycles, and SOC 1 and SOC 2 Type 2 audits, end-to-end
  • Plan and execute Rokt's internal audit program (user access, exemptions, DPIAs, SCF controls, AI controls), ideally with agent-assisted execution
  • Drive external auditor engagement, evidence collection, and remediation tracking
  • Manage the processing of client security questionnaires using and continuously improving the questionnaire agent
  • Maintain and evolve ISMS performance metrics, including new metrics covering AI control effectiveness and automation coverage
  • Coordinate Rokt's security calendar including audit windows
  • Produce and maintain quality procedure documentation co-authored with AI assistance

Benefits

  • Equity in the company
  • Catered lunch every day
  • Healthy snacks in the office
  • Gym membership
  • Generous retirement plans
  • 4% dollar-for-dollar 401K matching plan
  • Fully funded premium health insurance
  • Dog-friendly office
  • Extra leave (bonus annual leave, sabbatical leave etc.)
  • Work with the greatest talent in town
  • Offices in New York, Seattle, Sydney, Tokyo and London
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service