Member of Technical Staff, GRC (Senior/Lead)

Basis AI•New York, NY

7d•Onsite

About The Position

Basis builds real agents that do real work in the real economy. Our agents operate for hours at a time, performing end-to-end work for some of the largest accounting firms in the world. We recently raised $100M at >$1B valuation and are racing to deploy the most advanced applied ML at production scale. Your job is to build the GRC systems that let Basis earn customer trust, pass audits cleanly, and scale without operational drag. You’ll start as the hands-on owner of GRC and may build the function as the company scales. We’re an AI-first company. We want someone who uses AI to automate repetitive GRC work—evidence collection, questionnaires, control mapping, reporting, and policy upkeep—instead of building manual spreadsheet bureaucracy.

Requirements

Own outcomes. You’ve owned audits, controls, evidence, remediation, vendor risk, and customer trust workflows end-to-end.
You know the work firsthand. You’ve personally run SOC 1, SOC 2, ISO 27001, or similar programs — not just managed them from a distance.
You build from first principles. You turn messy, manual compliance work into simple systems that scale.
You are technically fluent. You can translate frameworks into controls that IT, engineering, and security teams can actually operate.
You move fast without lowering the bar. You make pragmatic risk decisions, drive follow-through, and avoid process for process’s sake.
You are AI-first. You use AI to improve speed and quality across evidence collection, control mapping, policies, questionnaires, reporting, and documentation.
You communicate clearly. You write in plain English, explain tradeoffs, and work well across Legal, Finance, People, IT, Engineering, Security, and GTM.
You want to build at Basis. You’re excited to work in person in NYC with a high-agency team building AI agents for real-world professional work.
You’ve worked in high-trust environments. Ideally, you’ve helped build or mature GRC in a fast-growing SaaS, fintech, security, or AI company, and have exposure to ISO 42001, NIST AI RMF, Drata, or customer trust workflows.

Responsibilities

Build and own compliance programs
Own SOC 1, SOC 2 Type II, ISO 27001, and ISO 42001 end-to-end, including scope, audits, controls, and remediation
Translate compliance requirements into practical operating processes across IT, Engineering, Security, Legal, Finance, and People
Ensure controls have clear owners, evidence expectations, and remediation paths as Basis scales
Build GRC systems and automation
Build the source of truth for controls, evidence, ownership, audit readiness, and remediation tracking
Automate evidence collection, control monitoring, access reviews, risk tracking, and reporting wherever possible
Use AI to improve speed and quality across control mapping, policies, questionnaires, audit prep, and internal documentation
Own vendor risk and customer trust workflows
Run third-party risk reviews and track remediation through completion
Own customer security questionnaires, trust materials, and related diligence
Maintain a clear risk register with real follow-through, not just documentation
Partner across the company
Turn audit, customer, and regulatory requirements into clear control owners, operating processes, and follow-through
Work with IT and Engineering to make identity, device, endpoint, infrastructure, and SDLC controls real and auditable
Help teams move quickly by making risk decisions explicit, practical, and easy to act on