Senior GRC Analyst

Rillet serves accounting and finance teams. Our customers are the financial brains of their companies. Our job is to help them run the numbers with impossible speed, accuracy, and insight.

Rillet is an AI-native ERP that can drive a zero-day close. We are different because of our unified source-of-truth data model, hundreds of best-in-class native integrations (Stripe, Ramp, Salesforce, etc), automated & auditable workflows, multi-entity consolidation, and quickly expanding army of specialized AI agents (e.g., accrual, audit, P&L flux, board decks, etc). These earn us a consistently perfect customer satisfaction score. High-growth AI customers like Mercor, Windsurf, and Function Health love our ship velocity, because their financial stack needs to scale as quickly as they do.

This huge market is ours to take. We have raised $100M from leading investors (including Sequoia, a16z, Iconiq, Oak HC/FT, and First Round) to help everyone run their numbers at the speed of AI.

Rillet’s pace is not for everyone. Intelligence is table stakes. To succeed here, you need extreme speed, agency, and flexibility.

Successful Rilleteers do not wait for assignments. They internalize a mission, design a strategy, and bring back results that are better, faster, and more creative than a manager could have asked for.

Work revolves around our customers. Successful Rilleteers are energized by delivering the most important things, even those that weren’t in the original plan.

In this role, you do not need to be an accountant. But you do need to appreciate the value that our customers can create for their own company when we equip them with the perfect financial tools. Successful Rilleteers love powering the financial core of the world’s fastest-growing companies.

As our founding Senior GRC Analyst, you will build Rillet's governance, risk, and compliance program from the ground up. This is a unique opportunity to establish the security and compliance foundation for a high-growth fintech company handling sensitive financial data for the world's fastest-growing companies. You will own our SOC 2 Type II certification, lead customer security reviews, and build scalable compliance processes that enable rather than slow down our product velocity. You will partner directly with engineering leadership to embed security into our development lifecycle and with sales leadership to accelerate enterprise deals through trust and transparency.

We're looking for teammates who value in-person collaboration and are within commutable distance of our NYC or San Francisco offices (or willing to relocate). Team members are required to work in-office Tuesdays and Thursdays, plus one additional flexible in-office day. Certain roles may require additional in-office time based on function.

• Own and drive our SOC 2 Type II and SOC1 Type II certifications from scoping through audit completion, establishing controls that scale with our hypergrowth while maintaining our legendary shipping velocity

• Build Rillet's compliance program including policies, procedures, and control frameworks for SOC 2, ISO 27001, GDPR, SOC 1 and financial services regulations, creating documentation that passes auditor scrutiny and actually gets used by the team

• Partner with engineering leadership to implement secure development practices, conduct risk assessments, and embed security requirements into the product roadmap without becoming a bottleneck

• Enable enterprise sales by leading customer security assessments, managing the security questionnaire process, and providing the documentation and confidence that closes seven-figure deals faster

• Monitor and manage risk across our infrastructure, vendors, and operations, building automated compliance monitoring that gives real-time visibility into our security posture

• 5+ years of experience in GRC, security compliance, or information security roles, with at least 2 years leading SOC 2 or ISO 27001 certification efforts

• Hands-on experience successfully completing SOC 2 Type II audits, ideally at a high-growth B2B SaaS or fintech company handling sensitive data

• Deep understanding of security frameworks (SOC 2, ISO 27001, NIST CSF) and data privacy regulations (GDPR, CCPA), with the ability to translate requirements into practical controls

• Technical fluency to collaborate effectively with engineering teams on security architecture, vulnerability management, and cloud security (AWS/GCP/Azure)

• Track record of building compliance programs that enable fast product iteration rather than slowing teams down, with a bias toward automation and scalable processes

• Exceptional communication skills with the ability to translate complex security concepts for executives, engineers, and customers alike

• Entrepreneurial mindset with extreme ownership—you don't need a playbook or a large team, you build what needs to exist.

• Competitive Pay & Benefits: Backed by world-class investors, we offer strong salaries plus equity so you share in our success. We've got you covered with top-tier health and dental insurance, premiums partially or fully covered for you, plus 90% coverage for dependents.

• Room to Grow: We're building a team of ambitious, high-performing people who will grow with the company. As Rillet scales, so will your role, responsibilities, and compensation.

• Flexibility That Works: Take the time you need with flexible PTO and 9 company-wide holidays. We value both the flexibility of remote and hybrid work and the creativity and energy that comes from in-person collaboration at our hubs in San Francisco, NYC, and Barcelona.

• Build Real Connections: Great work happens when people connect. Join us for team offsites in incredible locations, our team has bonded everywhere from New York and San Francisco to Toronto, Italy, France, and beyond.