GRC Automation & Assurance Lead

Rokt

New York, NY

JOB DETAILS
SALARY
$174,000–$215,000 Per Year
SKILLS
Artificial Intelligence (AI), Artificial Intelligence (AI) Agents, Atlassian JIRA, Auditing, Automation, Corporate Policies, Customer/Client Research, Documentation, External Audit, Finance, Hyperion Pillar, ISO (International Organization for Standardization), Information Technology & Information Systems, Information/Data Security (InfoSec), Internal Audit, Legal, Machine Tool, Metrics, Performance Metrics, Quality Management, Revenue Growth, Sales, Security Auditing, Security Monitoring, Surveillance, Systems Engineering, Technical/Engineering Design, eCommerce
LOCATION
New York, NY
POSTED
19 days ago

We are Rokt, a hyper-growth ecommerce leader. Rokt is the global leader in ecommerce, unlocking real-time relevance in the moment that matters most. Rokt's AI Brain and ecommerce Network powers billions of transactions connecting hundreds of millions of customers, and is trusted to do this by the world's leading companies.

We are a team of builders helping smart businesses find innovative ways to meet customer needs and generate incremental revenue. Leading companies drive 10-50% of additional revenue-and often all their profits-from the extra products or services they sell. This economic edge unleashes a world of possibilities for growth and innovation.

At Rokt, we practice transparency in career paths and compensation. We believe in transparency, which is why we have a well-defined career ladder with transparent compensation and clear career paths based on competency and ability. Rokt'stars constantly strive to raise the bar, pushing the envelope of what is possible.

We are looking for a GRC Automation & Assurance Lead

Target total compensation ranges from $214,000 - $255,000, including a fixed annual salary of $174,000- $215,000, an employee equity plan grant, and world-class benefits.

Equity grants are issued in good faith and are subject to company policies, board approval, and individual eligibility.

About the Role:

We are looking for a GRC professional who is equal parts auditor and builder. Rokt's information security management system is ISO 27001 and SOC 2 certified, and protects personal customer data entrusted to us by leading global e-commerce brands with a combined 100 million transactions each month. As we scale, we are reimagining GRC as an AI-first function - one where agents and automation do the heavy lifting on evidence collection, control monitoring, questionnaire response, and audit preparation, freeing humans to focus on judgment, strategy, and stakeholder partnership.

You will own the audit, assurance, and compliance pillar of our GRC program, and you will lead the design and engineering of the agentic systems that run it. This is not a "use ChatGPT to summarise a policy" role. You will architect and ship agents on our internal Security Agent Suite, build internal GRC tools using AI coding agents like Claude Code and Cursor, and treat automation as a first-class deliverable alongside the audits you lead.

You will work closely with engineering, product, legal, finance, people, and our external auditors to drive ISO 27001, SOC 1, and SOC 2 programs to clean outcomes - and to make sure that next year, the same outcomes are achieved with materially less manual effort. You move fast, you prefer significant leaps over small iterations, and you genuinely enjoy the intersection of compliance rigour and AI engineering.

Responsibilities:

AI automation and tooling

  • Architect, build, and maintain agents on Rokt's internal Security Agent Suite for GRC workflows, including client security questionnaires, evidence collection, control testing, vendor assessments, DPIAs, and audit preparation
  • Design new GRC automations end-to-end: scope the workflow, build the agent or tool, validate outputs, and roll it out with the rest of the GRC team
  • Build internal tools and integrations using AI coding agents (Claude Code, Cursor, or equivalents) to extend our in-house GRC systems and Jira-based workflows
  • Continuously evaluate agent performance, refine prompts and tool definitions, and improve coverage and accuracy of automated controls

Audit, assurance, and compliance

  • Lead the ISO 27001:2022 surveillance and recertification cycles, and SOC 1 and SOC 2 Type 2 audits, end-to-end
  • Plan and execute Rokt's internal audit program (user access, exemptions, DPIAs, SCF controls, AI controls), ideally with agent-assisted execution
  • Drive external auditor engagement, evidence collection, and remediation tracking
  • Manage the processing of client security questionnaires using and continuously improving the questionnaire agent
  • Maintain and evolve ISMS performance metrics, including new metrics covering AI control effectiveness and automation coverage
  • Coordinate Rokt's security calendar including audit windows
  • Produce and maintain quality procedure documentation co-authored with AI assistance

About the Company

R

Rokt