Founding GRC Lead
About The Position
Pallet is hiring its first dedicated GRC leader to own how we earn and keep trust: with customers, auditors, and regulators. You'll run our SOC 1 and SOC 2 programs, build our GDPR and CCPA privacy operations, and work shoulder-to-shoulder with engineering, product, sales, and legal to make compliance something Pallet is good at, not something it survives. This role reports directly to leadership and is the foundation of a function you will one end to end, and eventually grow. Why this role is different: You're the first. No inherited process, no legacy bureaucracy: you design the compliance operating model from a blank page, with the GRC tooling and executive support to do it right. Revenue-facing, not back-office. Enterprise deals at Pallet increasingly hinge on security posture. You'll sit in on customer conversations, own the trust narrative, and directly unblock sales. Full-spectrum scope. Most GRC roles silo you into audit or privacy or vendor risk. Here you own all of it, with the engineering proximity to actually change how things get built. Surround yourself with top-tier talent and fast-track your career : this is a foundational seat with a clear path to building and leading a team.
Requirements
- 7–12 years across GRC, security compliance, or audit, including full ownership of at least two SOC 2 Type II cycles.
- Built or significantly matured SOC, ISO, GDPR, and privacy compliance programs in-house - you've operationalized privacy, not just advised on it.
- Technically credible with engineers: comfortable discussing access controls, encryption, logging, and cloud infrastructure (AWS/GCP) without needing translation.
- Deep hands-on experience with compliance automation platforms and evidence workflows.
- Startup-calibrated judgment: you know which risks matter, build lightweight process, and have certifications (CISA, CISSP, ISO 27001 LA) as a bonus rather than a substitute for experience.
Responsibilities
- Run SOC 1 and SOC 2 Type II audit cycles end to end: control design, evidence automation, auditor relationships, and clean reports delivered on schedule, every cycle.
- Build Pallet's privacy program for GDPR and CCPA/CPRA: data inventory and mapping, DSAR handling, DPAs, and privacy reviews baked into product development.
- Primary point of contact for external auditors and assessors in collecting evidence, audit responses, timelines.
- Translate audit findings into actionable plans.
- Implement continuous-compliance infrastructure so audit readiness is a byproduct of how we operate, not an annual fire drill.
- Embed security and privacy controls into engineering and product workflows, earning adoption through partnership rather than mandate.
- Stand up vendor risk management: security reviews, DPA negotiation support, and an ongoing third-party risk register.
- Own the customer-facing trust motion (security questionnaires, trust center, customer audits) and measurably shorten enterprise sales cycles.
Benefits
- Health, Vision, and Dental benefits
- Flexible PTO
- Life Insurance and Accidental Insurance
- Short-Term Disability Coverage
- Generous salary and equity for all staff
- 401k option
- Yearly learning and development stipend
- Commuter benefits for Bay Area employees
- Uber ride stipend if you ever have to work late in the office
- Remote office home stipend to get you comfy in your space
- Daily catered lunches provided
- Onboarding trip to San Francisco HQ if you work remotely
- Monthly happy hours
- Annual Company Offsites
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
Education Level
No Education Listed
