Founding GRC Engineer

About SecureOS

SecureOS is a stealth startup building an agentic, AI-native GRC platform that automates security, compliance, risk, and vendor risk workflows end-to-end. Were not building another compliance dashboard. Were replacing manual work with systems and AI agents.

Role

This is not a checkbox compliance role.

You will:

• Own real customer outcomes (SOC 2, HIPAA, HITRUST readiness)
• Work directly with founders, engineers, and auditors
• Turn messy, manual compliance work into repeatable systems
• Help design and validate AI agents that replace human effort over time

If youre looking for stability, rigid processes, or a 95 compliance job, this is not a fit .

If you like ownership, speed, and building things that scale , keep reading.

What You'll Do

Customer Delivery (~50%)

• Lead SOC 2 Type I / II, HIPAA, PCI, and HITRUST readiness end-to-end
• Drive gap assessments, evidence collection, policy implementation, and audit prep
• Work directly with customer engineering, security, and leadership teams
• Interface with auditors and third-party assessors

Automation & Product Enablement (~60%)

• Document compliance workflows as systems , not checklists
• Identify repetitive tasks and design automation opportunities
• Collaborate with founders to translate delivery work into agent workflows
• Help define how SecureOS agents reason, act, and validate controls
• Replace manual work with scripts, tooling, or AI over time
  

What Success Looks Like

30 Days

• Own customer engagements
• Produce a clear, written delivery playbook
• Identify top repetitive compliance tasks

60 Days

• Replace tasks with automation or agent workflows
• Reduce founder involvement in delivery
• Improve delivery speed and customer experience

90 Days

• Delivery no longer depends on founders
• Agent workflows are demo-ready
• Consulting work directly feeds the product roadmap

Required Experience

• Hands-on ownership of SOC 2, HIPAA, HITRUST, and ISO's readiness (end-to-end)
• Experience working with startups or fast-moving teams
• Strong written communication and documentation skills
• Comfort operating in ambiguity with high ownership
• Curiosity about AI, automation, and agent-based systems
• Understanding of TPRM / vendor risk, FAIR concepts

Strongly Preferred

• Familiarity with
• Experience working alongside DevOps or platform engineering teams

What We're not looking for

• Advisor-only or oversight-only profiles
• People who avoid execution or hands-on delivery
• Candidates who need rigid processes before acting
• Traditional GRC roles focused purely on documentation.

Why Join SecureOS?

• Work directly with founders.
• Shape how AI agents replace manual compliance work
• High ownership, high-impact role
• Competitive compensation + meaningful equity
• Clear path to Head of GRC Automation / Product roles

Interview

1. Intro call (ownership + mindset)
2. Deep dive on a SOC 2 or HITRUST project you personally led
3. Mock gap/risk assessment
4. Practical exercise: Turn this compliance task into an automated workflow.
5. Founder conversation & decision