GRC Specialist

Skeletons, lasers, tattoo buses — the Torq brand grabs attention like nothing else in cybersecurity. And we're growing like crazy, backed by Series D funding, 200% employee growth, and 300% revenue growth. Fueling Torq's momentum is our game-changing AI SOC platform, backed by a team and culture that makes Torq one of Forbes' Best Startup Employers in America, and a Business Insider 'startup to bet your career on'.

Life at Torq is all gas, no brakes. We're a team of relentless, collaborative go-getters pushing the boundaries of what's possible for security automation. Every role is an essential driver of Torq's success as the AI-native autonomous SecOps platform of choice for security teams across the Fortune 500.

We’re looking for a driven, motivated, and ambitious GRC Specialist to join our growing Security team at Torq. Here, we’re redefining how security teams operate - not by buying more tools, but by building smarter, AI-driven programs from the ground up. As our GRC Specialist, you'll own the compliance programs that underpin trust with our customers and partners, while actively shaping how we use AI and automation to make compliance faster, more rigorous, and less manual. This isn't a checkbox role. It's a builder role for someone who sees compliance as a competitive advantage and AI as the engine to get there.

Responsibilities

Compliance Program Ownership

• Own and lead Torq's security compliance programs across SOC 2, ISO 27001, C5 BSI, and ISO 42001, ensuring continuous readiness and alignment with evolving requirements.
• Lead the scoping, planning, and implementation of new compliance frameworks as the business scales into new markets and regulatory environments.
• Act as the primary point of contact for audits — managing evidence collection, auditor relationships, and remediation tracking end-to-end.
  
  

• Design and operate continuous compliance monitoring programs leveraging AI and automation — replacing point-in-time snapshots with real-time assurance.
• Build internal AI-powered tooling and workflows (in partnership with the AI Transformation Lead) to automate evidence gathering, control validation, and risk signal aggregation.
• Evaluate and adopt emerging AI compliance methodologies, including AI-specific frameworks like ISO 42001, and translate them into actionable internal programs.
  
  

• Manage the third-party risk program (TPRM), including vendor assessments, security questionnaires, and ongoing monitoring of the vendor landscape.
• Maintain and actively drive the risk register in close collaboration with the CISO, ensuring risks are tracked, owned, and remediated on time.
  
  

• Develop and maintain security policies, standards, and procedures that are practical, current, and aligned with both compliance requirements and business objectives.
• Drive security awareness training across the organization and champion secure development practices in collaboration with engineering and product teams.
  
  

• Serve as a trusted partner to the CISO, Information Security Manager, HR, Legal, and AI Transformation Lead on matters of risk, compliance, and security governance.
  
  

• A self-starter mindset: comfortable with ambiguity, able to set priorities without heavy direction, and capable of building structure where none exists.
• Demonstrated ability to build compliance and security programs from scratch, not just maintain inherited ones.
• 2+ years of hands-on experience in information security and GRC, ideally in a fast-moving SaaS or tech environment.
• Deep familiarity with major frameworks and regulations - SOC 2, ISO 27001, NIST, CIS, DORA, GDPR, and related standards.
• Practical experience with security and IT tooling across cloud environments (AWS, Azure, or GCP), application security, and infrastructure security.
• Exposure to SOC (cybersecurity operations center) environments and cybersecurity incident response.
• Strong written and verbal communication skills - able to translate technical risk into clear language for executives, auditors, and non-technical stakeholders.
• Hands-on experience with IT and Security tools
  
  

• Genuine curiosity and working knowledge of AI tools, LLMs, and automation - you've used them, not just read about them.
• Experience building or operating AI-assisted workflows for compliance, risk, or security operations is a strong plus.
• Ability to think critically about AI risk, including how to govern and assess AI systems under frameworks like ISO 42001.
• Visionary outlook: you see the 2-year horizon where AI has transformed how GRC functions and you want to be the person who builds that future at Torq.