Senior GRC Engineer

Life360’s mission is to keep people close to the ones they love. Our category‑leading mobile app, Tile tracking devices, and Pet GPS tracker empower members to protect the people, pets, and things they care about most with a range of services, including location sharing, safe driver reports, and crash detection with emergency dispatch. Life360 serves approximately 95.8 million monthly active users (MAU), as of December 31, 2025, across more than 180 countries. Life360 delivers peace of mind and enhances everyday family life with seamless coordination for all the moments that matter, big and small.

Life360 is a Remote‑First company, which means a remote work environment will be the primary experience for all employees. All positions, unless otherwise specified, can be performed remotely (within the US) regardless of any specified location above.

About The Team: The Information Security and Technology team is responsible for keeping Life360 safe — our systems, our employees, and the tens of millions of families who trust us with their location data. We are builders. Security controls that don’t get used aren’t controls. Compliance programs that create friction without reducing risk aren’t programs. We build things that work in production, earn adoption from engineering teams, and get better over time — and we use AI to do it at a scale a traditional team couldn’t.

About the Job: Governance, Risk, and Compliance (GRC) has been on a slow progression from audit binders and manual evidence collection toward policy as code, continuous control testing, and compliance infrastructure that generates its own proof. We’re hiring someone already living at that frontier — and ready to push past it.

Life360 is mid‑transformation into an AI‑native company, which means this role has two jobs running in parallel. The first is building the technical foundation of a modern GRC program: policies version‑controlled in Git, controls that self‑test, evidence generated by integrations rather than collected by humans, and a third‑party risk management program that reflects how we actually use third parties. SOC 2, ISO 27001, and SOX anchor this work.

The second job is harder and less charted. As Life360 deploys agentic systems into how we build and operate, the policy and control landscape is shifting in real time. Major frameworks are actively working out how to account for autonomous agents, and new control sets are emerging faster than the regulations that require them. You’ll anticipate new policy requirements, adapt existing controls, and ensure our governance architecture is ready before the auditors ask.

What You’ll Do:

• Own the governance framework for Life360’s agentic systems. Define the policies, control sets, and compliance posture that govern how agents are built and deployed at Life360 — and build ahead of the regulation.
• Take an agentic approach to GRC itself. Automate evidence collection, draft control narratives, triage vendor questionnaires — use AI and internal tooling to do the work humans shouldn’t be doing manually.
• Build the policy program as code. Policies in Git, peer‑reviewed via pull request. Requirements expressed as enforceable rules and automated checks, not static PDFs.
• Drive SOC 2 Type 2, ISO 27001, and SOX ITGC end‑to‑end as management owner — managing evidence, coordinating with external assessors, and closing gaps before auditors find them.
• Build an operational risk function, not a register. Quantitative‑leaning, FAIR‑informed, and connected to live data sources across cloud security posture, endpoint detection, vulnerability management, and asset inventory.
• Mature the TPRM program. Tiered reviews by risk and data sensitivity.
• Be the auditor’s primary management contact. Own scoping, walkthroughs, evidence delivery, and management responses for SOC 2, ISO 27001, and SOX ITGC.
• Build the cross‑functional relationships that make GRC work in practice. Engineering, Legal, Privacy, Internal Audit, and Procurement are all load‑bearing parts of this program.
• Maintain clear role boundaries between management’s first‑ and second‑line GRC operations and Internal Audit’s third‑line independent assurance.

What We’re Looking For:

• 5+ years in GRC, security engineering, or a hybrid role where you owned both the policy and control side and the technical implementation.
• You build with AI tools, not just use them. You’ve used LLMs and agents in real work — drafting, code, automation, investigation.
• Coding ability that ships. Python or equivalent — you can call APIs, build integrations, schedule jobs, and deploy a working pipeline without help.
• You can evidence controls directly in cloud environments — identity, audit logs, configuration posture, secrets management.
• You’ve implemented, integrated, or significantly extended a modern GRC platform.
• You understand SOC 2, ISO 27001, and NIST AI RMF at the control level.
• You’ve worked through SOX ITGC cycles at a public company.
• You have built or scaled a TPRM program.
• You have quantitative risk experience — owned a risk register and made it useful to engineers and executives.
• You have clear writing skills — policies, control narratives, audit responses, and risk statements that engineers and lawyers both understand.
• Bachelor’s degree or equivalent.

Nice to Have:

• Experience taking a company through SOC 2 Type 2 or ISO 27001 certification from scratch.
• You’ve worked on the implementation side of security — engineering, operations, or incident response.
• Experience building governance frameworks for AI systems.

Benefits:

• Competitive pay and benefits.
• Medical, dental, vision, life and disability insurance plans (100% paid for employees).
• 401(k) plan with company matching program.
• Mental Wellness Program & Employee Assistance Program (EAP) for mental well‑being.
• Flexible PTO, 13 company‑wide days off throughout the year.
• Winter and Summer Weeklong Synchronized Company Shutdowns.
• Equipment, tools, and reimbursement support for a productive remote environment.
• Free Life360 Platinum Membership for your preferred circle.
• Free Tile Products.
• US‑based salary range for this position is $115,500 to $213,000.