About Us At You.com, we are building the AI Search Infrastructure that powers modern AI systems. Our goal is to create the trusted knowledge layer that agents, applications, and enterprises rely on to retrieve real‑time, accurate, and citation‑backed information.Our platform combines proprietary vertical indexes with LLM‑optimized retrieval systems to power AI agents, applications, and enterprise workflows. We are solving hard problems across search, large language models, and large‑scale infrastructure to make AI systems more reliable, transparent, and useful.Our team includes engineers, researchers, product builders, and operators who care about solving meaningful problems and delivering real‑world impact. Whether you are improving core infrastructure, shaping product experiences, or helping bring new AI capabilities to market, your work will help define how modern AI finds and uses knowledge.The Role We're looking for a GRC Analyst to join our growing Security, IT, and Privacy function. You'll be the backbone of all the compliance work at the intersection of Engineering, Legal, and Product. This role will build and maintain the compliance programs as part of the security team. Our goal is simple: earn and keep the trust of our customers. The right person translates security and risk into terms that the business and product teams can act on.Key Responsibilities Own and manage compliance programs across frameworks including SOC 2, ISO 27001, GDPR, CCPA, HIPAA, and FedRAMPCoordinate audit activities end‑to‑end: evidence collection, documentation, auditor responses, and remediation trackingLeverage AI and other tools to deliver metrics that stakeholders can consume and understandConduct vendor and third‑party risk assessments; manage the due diligence lifecycle for new and existing partnersHelp manage security and risk reviews (e.g. DDQs, VSQs) as part of the procurement process in collaboration with the Legal, Finance, and Security teamAssist with building and maintaining compliance policies, procedures, and supporting documentation for security and complianceTranslate regulatory and contractual requirements into actionable controls and processesMonitor the evolving regulatory landscape (especially AI‑specific regulations) and flag relevant obligationsSupport Privacy‑by‑Design reviews for new product features and data practicesTrack open compliance items and proactively drive them to closure across stakeholdersRequirements 3–5 years of experience in GRC, Information Security compliance, or a related fieldHands‑on experience with SOC 2 or ISO 27001 audits, including evidence collection and gap assessmentsFamiliarity with privacy regulations: GDPR, CCPA, and ideally emerging AI regulatory frameworks (EU AI Act, etc.)Experience managing vendor risk assessments and third‑party due diligence processesStrong written and verbal communication skills. You can explain compliance requirements to engineers and legal concepts to product managersHighly organized, able to manage multiple workstreams and deadlines without dropping the ballComfortable working independently in a fast‑paced environment with limited process overheadLeverage AI to help build automation and data analysis workflows for reporting and trackingBonus points for: Experience at an AI or search companyFamiliarity with data broker or data licensing complianceCISA, CISM, or CRISCOur salary bands are structured based on a combination of geographic tiers and internal leveling. Compensation is determined by multiple factors assessed during the interview process, with the final offer reflecting these considerations.Salary Band: $150,000 – $180,000 USDCompany Perks Hubs in San Francisco and New York City offering regular in‑person gatherings and co‑working sessionsFlexible PTO with U.S. holidays observed and a week shutdown in December to rest and recharge*A competitive health insurance plan covers 100% of the policyholder and 75% for dependents*12 weeks of paid parental leave in the US*401k program, 3% match - vested immediately!*$500 work‑from‑home stipend to be used up to a year of your start date*$600 technology stipend to support a portion of our hybrid/remote team's cell phone and internet expenses*$1,200 per year Health & Wellness Allowance to support your personal goals*The chance to collaborate with a team at the forefront of AI research*Certain perks and benefits are limited to full‑time employees onlyYou.com participates in E‑Verify. We will provide the Social Security Administration (SSA) and, if necessary, the Department of Homeland Security (DHS) with information from each new employee's Form I‑9 to confirm work authorization. We are also an inclusive, equitable, and accessible workplace. Please let us know if you require accommodation for any portion of the recruitment and hiring process.Beware of recruiting scams: You.com will only contact you through official @You.com email addresses and will never ask for payment or sensitive personal information during the hiring process.#J-18808-Ljbffr