Security GRC Specialist

Profound is on a mission to help companies understand and control their AI presence. We are hiring a Security GRC Specialist to own and scale our security and compliance programs while working closely with engineering, sales, and customer success.

Profound sells to enterprises with serious security expectations, and our GRC function is central to closing deals, sustaining customer trust, and meeting the regulatory bar for the markets we operate in. This is not a "watch the dashboard and file the report" role. You'll shape how we build secure systems, push remediation through with engineering, and make sure compliance accelerates the business rather than slowing it down.

What you'll do

• Own and operate our compliance frameworks: SOC 2, ISO 27001, GDPR, and others as we grow

• Drive audits end to end: readiness, evidence collection, auditor coordination

• Continuously improve controls and reduce compliance overhead through automation

• Lead responses to enterprise security questionnaires, RFPs, and due diligence requests

• Partner with Sales and Customer Success to unblock deals and build trust with security teams at Fortune 500 customers

• Develop and maintain our trust center, security whitepapers, and customer-facing documentation

• Work directly with engineering to design and implement practical security controls across our cloud infrastructure, data pipelines, and customer-facing surfaces

• Partner on identity and access work (SSO, SAML, SCIM, IdP integrations) where security, compliance, and customer-facing requirements intersect

• Translate compliance requirements into technical, scalable solutions

• Identify gaps and drive remediation, not just report them

• Run risk assessments across systems, vendors, and processes

• Maintain policies and standards that are lightweight, current, and actually useful

• Track and report on our security posture and compliance status to leadership

• Improve how we manage compliance: evidence collection, control mapping, automation

• Evaluate and implement GRC and security tooling where it earns its keep

Who you are

• 3 to 7+ years in security GRC, compliance, or adjacent security engineering roles

• Hands-on experience with SOC 2, ISO 27001, or similar frameworks

• Experience supporting audits and leading customer-facing security conversations

• Comfortable working with engineers and reasoning about cloud infrastructure, APIs, identity systems, and data flows

• Able to translate between compliance language and engineering reality in both directions

• Experience with modern cloud environments (AWS, GCP, or Azure) is a strong plus

• Proactive and hands-on: you drive changes, you don't just track them

• Comfortable balancing rigor with pragmatism in a fast-moving environment

• Strong written communication, especially with enterprise customers and cross-functional partners

• Experience building or scaling a GRC program from early stages

• Familiarity with automation in compliance workflows

• Background in security engineering, DevOps, or identity and access management

Location

This is an on-site role based in our NYC office, designed for builders who thrive on speed, iteration, and meaningful impact.

For this role, the expected base salary range is $150,000 to $240,000, depending on experience. Profound's total compensation package includes base salary, equity, and a full range of benefits and perks. Final compensation will depend on factors such as your skills, experience, qualifications, and location, and will be determined during the interview process. Our recruiting team will share more details about the full compensation package and benefits as you move through hiring.

#LI-DNI

Note: All official communication from Profound will come from a @tryprofound.com email address. If you're contacted by anyone using a different domain, please disregard and report it as spam.