Security GRC Specialist

Modal
new york, US
RemoteCareer-pivot friendly

Who this role is best for

A natural match if you have 3–7+ years in security GRC and experience with frameworks like SOC 2 or ISO 27001, working remotely in a fast-moving AI infrastructure environment.

Best fit for

  • Senior GRC specialist with hands-on compliance framework experience and technical collaboration skills.
    — “3–7+ years in security GRC, compliance, or security engineering-adjacent roles
  • Candidate comfortable translating compliance language into technical implementations for engineering teams.
    — “Ability to translate between compliance language and technical implementation
  • Proactive professional who drives security changes rather than just tracking them.
    — “Proactive and hands-on—you drive changes, not just track them

Things to consider

  • Role requires balancing compliance rigor with pragmatism in a fast-moving environment.
    — “Able to balance rigor with pragmatism in a fast-moving environment
  • Must support audits and customer-facing security conversations regularly.
    — “Experience supporting audits and customer-facing security conversations

How to stand out

  • Highlight experience scaling GRC programs from early stages.
    — “Experience building or scaling a GRC program from early stages
  • Demonstrate familiarity with automation in compliance workflows.
    — “Familiarity with automation in compliance workflows
  • Show examples of collaborating with engineering teams on security controls.
    — “Work directly with engineering teams to design and implement practical security controls
Pace · SteadyCollaboration · HighAutonomy · MediumDecision Impact · TeamLevel · Senior

Derived from job-description analysis by Serendipath's career intelligence engine.

What success looks like

  • Owned and operated compliance frameworks
  • Led responses to customer security questionnaires
Typical background
Bachelor's in IT or related field3-7 years in security GRC or compliance roles

Skills & requirements

Required

Compliance FrameworksSecurity GRCRisk AssessmentSecurity ControlsCloud SecuritySecurity DocumentationAudit Support

Preferred

ISO 27001GDPR

Stack & domain

Soc 2Iso 27001GDPRCloud Environments (aws/gcp/azure)Communication

About the role

As a Security GRC Specialist at Modal, you'll be instrumental in shaping and scaling the company's security and compliance programs, ensuring they meet evolving regulatory standards while fostering customer trust and enabling sales. This role is ideal for someone with a technical mindset who can balance rigorous compliance with practical, innovative solutions.

Original posting from Modal via Ashby

ABOUT US:

Modal provides the infrastructure foundation for AI teams. With instant GPU access, sub-second container startups, and native storage, Modal makes it simple to train models, run batch jobs, and serve low-latency inference. We have thousands of customers who rely on us for production AI workloads, including Lovable, Scale AI, Substack, and Suno.

We're a fast-growing team based out of NYC, SF, and Stockholm. We've hit 9-figure ARR and recently raised a Series B https://modal.com/blog/announcing-our-series-b at a $1.1B valuation. Our investors include Lux Capital https://www.luxcapital.com/, Redpoint Ventures https://www.redpoint.com/, Amplify Partners https://www.amplifypartners.com/, and Elad Gil https://eladgil.com/.

Working at Modal means joining one of the fastest-growing AI infrastructure organizations at an early stage, with many opportunities to grow within the company. Our team includes creators of popular open-source projects (e.g. Seaborn https://github.com/mwaskom/seaborn, Luigi https://github.com/spotify/luigi), academic researchers, international olympiad medalists, and experienced engineering and product leaders with decades of experience.

THE ROLE:

We’re looking for a hands-on Security GRC Specialist to own and scale our security and compliance programs while working closely with engineering and product teams. This role is central to building customer trust, enabling sales, and ensuring we meet evolving regulatory and security expectations without slowing down innovation.

You won’t just maintain compliance, you’ll help shape how we build secure systems.

WHAT YOU'LL DO:

Compliance & Security Programs

  • Own and operate compliance frameworks (e.g., SOC 2, ISO 27001, GDPR, etc.)
  • Drive audits end-to-end: readiness, evidence collection, auditor coordination
  • Continuously improve controls and reduce compliance overhead through automation

Customer Trust & Sales Enablement

  • Lead responses to customer security questionnaires, RFPs, and due diligence requests
  • Partner with Sales and Customer Success to unblock deals and build trust
  • Develop and maintain security documentation (trust center, whitepapers, FAQs)

Engineering Collaboration

  • Work directly with engineering teams to design and implement practical security controls
  • Translate compliance requirements into technical, scalable solutions
  • Identify gaps and drive remediation projects (not just report them)

Risk & Governance

  • Run risk assessments across systems, vendors, and processes
  • Maintain policies and standards, but keep them lightweight and actionable
  • Track and report on security posture and compliance status

Process & Tooling

  • Improve how we manage compliance (evidence collection, control mapping, automation)
  • Evaluate and implement GRC/security tools where appropriate

REQUIREMENTS:

  • Core Experience
  • 3–7+ years in security GRC, compliance, or security engineering-adjacent roles
  • Hands-on experience with frameworks like SOC 2, ISO 27001, or similar
  • Experience supporting audits and customer-facing security conversations

Technical Mindset (Important)

  • Comfortable working with engineers and understanding systems (cloud, infra, APIs, etc.)
  • Ability to translate between compliance language and technical implementation
  • Experience with modern cloud environments (AWS/GCP/Azure) is a strong plus

Execution & Ownership

  • Proactive and hands-on—you drive changes, not just track them
  • Able to balance rigor with pragmatism in a fast-moving environment
  • Strong communication skills, especially with customers and cross-functional teams

Bonus

  • Experience building or scaling a GRC program from early stages
  • Familiarity with automation in compliance workflows
  • Background in security engineering or DevOps

HOW WE THINK ABOUT THIS ROLE:

  • Compliance is a means to build trust, not the end goal
  • GRC should enable the business, not slow it down
  • The best candidates are technical, pragmatic, and collaborative

Source: Modal careers (Ashby)

Similar roles