Senior GRC Analyst

What We Do

Rillet serves accounting and finance teams, empowering them to run numbers with impossible speed, accuracy, and insight. As an AI-native ERP, Rillet drives a zero-day close through a unified source-of-truth data model, hundreds of best-in-class native integrations (Stripe, Ramp, Salesforce), automated & auditable workflows, multi-entity consolidation, and an expanding army of specialized AI agents. Our customers, including high-growth AI companies like Windsurf, Postscript, and Finch, consistently rate us with perfect satisfaction, loving our ship velocity as their financial stack scales rapidly. We've raised $100M from leading investors like Sequoia, a16z, Iconiq, Oak HC/FT, and First Round to capture this huge market.

Who We Are

Rillet's pace is not for everyone; intelligence is table stakes. To thrive here, you need extreme speed, agency, and flexibility. Successful Rilleteers internalize a mission, design strategy, and deliver results that exceed expectations in terms of speed, creativity, and quality. Our work revolves around our customers, and successful team members are energized by delivering the most important things, even those not initially planned. While accounting expertise isn't required for this role, an appreciation for the value our financial tools create for customers is essential. We love powering the financial core of the world's fastest-growing companies.

Who We Need

As our founding Senior GRC Analyst, you will build Rillet's governance, risk, and compliance program from the ground up. This is a unique opportunity to establish the security and compliance foundation for a high-growth fintech company handling sensitive financial data. You will own our SOC 2 Type II certification, lead customer security reviews, and build scalable compliance processes that enable product velocity rather than slowing it down. You will partner directly with engineering leadership to embed security into our development lifecycle and with sales leadership to accelerate enterprise deals through trust and transparency.

We value in-person collaboration and require teammates to be within commutable distance of our NYC or San Francisco offices (or willing to relocate). Team members are required to work in-office Tuesdays and Thursdays, plus one additional flexible in-office day.

What You'll Do

• Own and drive our SOC 2 Type II and SOC 1 Type II certifications from scoping through audit completion, establishing controls that scale with our hypergrowth while maintaining our legendary shipping velocity.
• Build Rillet's compliance program, including policies, procedures, and control frameworks for SOC 2, ISO 27001, GDPR, SOC 1, and financial services regulations, creating documentation that passes auditor scrutiny and is actively used by the team.
• Partner with engineering leadership to implement secure development practices, conduct risk assessments, and embed security requirements into the product roadmap without becoming a bottleneck.
• Enable enterprise sales by leading customer security assessments, managing the security questionnaire process, and providing the documentation and confidence that closes seven-figure deals faster.
• Monitor and manage risk across our infrastructure, vendors, and operations, building automated compliance monitoring that gives real-time visibility into our security posture.

Who We're Looking For

• 5+ years of experience in GRC, security compliance, or information security roles, with at least 2 years leading SOC 2 or ISO 27001 certification efforts.
• Hands-on experience successfully completing SOC 2 Type II audits, ideally at a high-growth B2B SaaS or fintech company handling sensitive data.
• Deep understanding of security frameworks (SOC 2, ISO 27001, NIST CSF) and data privacy regulations (GDPR, CCPA), with the ability to translate requirements into practical controls.
• Technical fluency to collaborate effectively with engineering teams on security architecture, vulnerability management, and cloud security (AWS/GCP/Azure).
• Track record of building compliance programs that enable fast product iteration rather than slowing teams down, with a bias toward automation and scalable processes.
• Exceptional communication skills with the ability to translate complex security concepts for executives, engineers, and customers alike.
• Entrepreneurial mindset with extreme ownership—you don't need a playbook or a large team; you build what needs to exist.

Life At Rillet

• Competitive Pay & Benefits: Backed by world-class investors, we offer strong salaries plus equity so you share in our success. We've got you covered with top-tier health and dental insurance, premiums partially or fully covered for you, plus 90% coverage for dependents.
• Room to Grow: We're building a team of ambitious, high-performing people who will grow with the company. As Rillet scales, so will your role, responsibilities, and compensation.
• Flexibility That Works: Take the time you need with flexible PTO and 9 company-wide holidays. We value both the flexibility of remote and hybrid work and the creativity and energy that comes from in-person collaboration at our hubs in San Francisco, NYC, and Barcelona.
• Build Real Connections: Great work happens when people connect. Join us for team offsites in incredible locations; our team has bonded everywhere from New York and San Francisco to Toronto, Italy, France, and beyond.

Key skills/competency

• GRC
• SOC 2 Type II
• ISO 27001
• GDPR
• Risk Management
• Compliance Program Development
• Information Security
• Cloud Security (AWS/GCP/Azure)
• Security Architecture
• Automation