Member of Technical Staff, GRC (Senior/Lead)
Basis Ai
Posted: May 11, 2026
Interested in this position?
Create a free account to apply with AI-powered matching
Quick Summary
We're looking for a Senior/Lead to join our engineering team as a member of our GRC (General Risk and Compliance) team. The ideal candidate will have expertise in applied machine learning and be able to work closely with our team to deploy advanced ML solutions for real-world applications.
Required Skills
Job Description
About Basis
Basis builds real agents that do real work in the real economy. Our agents operate for hours at a time, performing end-to-end work for some of the largest accounting firms in the world.
We recently raised $100M at >$1B valuation and are racing to deploy the most advanced applied ML at production scale.
Our investors include: Khosla Ventures (Keith Rabois & Vinod Khosla), Accel (Miles Clements), Google Ventures, Nat Friedman & Daniel Gross, Adam D'Angelo, Jeff Dean, Jack Altman, Noam Brown, Kyle Vogt, Amjad Masad, Clem Delangue and many other operators/technical leaders.
"Basis is on the frontier of building production-grade, long-horizon agents. They've pushed the limits of what we thought our models could do on real-world, economically valuable, complex accounting tasks. They've been a great collaborator in helping us shape what the future of agents looks like." — Prashant Mital, Applied AI Lead, OpenAI
Your job is to build the GRC systems that let Basis earn customer trust, pass audits cleanly, and scale without operational drag. You’ll start as the hands-on owner of GRC and may build the function as the company scales.
We’re an AI-first company. We want someone who uses AI to automate repetitive GRC work—evidence collection, questionnaires, control mapping, reporting, and policy upkeep—instead of building manual spreadsheet bureaucracy.
What You’ll Do
Build and own compliance programs
• Own SOC 1, SOC 2 Type II, ISO 27001, and ISO 42001 end-to-end, including scope, audits, controls, and remediation
• Translate compliance requirements into practical operating processes across IT, Engineering, Security, Legal, Finance, and People
• Ensure controls have clear owners, evidence expectations, and remediation paths as Basis scales
Build GRC systems and automation
• Build the source of truth for controls, evidence, ownership, audit readiness, and remediation tracking
• Automate evidence collection, control monitoring, access reviews, risk tracking, and reporting wherever possible
• Use AI to improve speed and quality across control mapping, policies, questionnaires, audit prep, and internal documentation
Own vendor risk and customer trust workflows
• Run third-party risk reviews and track remediation through completion
• Own customer security questionnaires, trust materials, and related diligence
• Maintain a clear risk register with real follow-through, not just documentation
Partner across the company
• Turn audit, customer, and regulatory requirements into clear control owners, operating processes, and follow-through
• Work with IT and Engineering to make identity, device, endpoint, infrastructure, and SDLC controls real and auditable
• Help teams move quickly by making risk decisions explicit, practical, and easy to act on
What “Great” Looks Like
• GRC helps Basis ship, sell, and scale faster — without lowering the bar on trust or security
• SOC 1, SOC 2 Type II, ISO 27001, and ISO 42001 run cleanly with clear owners, evidence, and remediation paths
• AI-enabled workflows make evidence collection, control monitoring, and audit prep increasingly automated
• Customer security reviews, vendor reviews, and risk decisions move quickly without becoming bottlenecks
• The company has a clear, current view of its highest-priority risks and who owns them
Who You Are
• You own outcomes. You’ve owned audits, controls, evidence, remediation, vendor risk, and customer trust workflows end-to-end.
• You know the work firsthand. You’ve personally run SOC 1, SOC 2, ISO 27001, or similar programs — not just managed them from a distance.
• You build from first principles. You turn messy, manual compliance work into simple systems that scale.
• You are technically fluent. You can translate frameworks into controls that IT, engineering, and security teams can actually operate.
• You move fast without lowering the bar. You make pragmatic risk decisions, drive follow-through, and avoid process for process’s sake.
• You are AI-first. You use AI to improve speed and quality across evidence collection, control mapping, policies, questionnaires, reporting, and documentation.
• You communicate clearly. You write in plain English, explain tradeoffs, and work well across Legal, Finance, People, IT, Engineering, Security, and GTM.
• You want to build at Basis. You’re excited to work in person in NYC with a high-agency team building AI agents for real-world professional work.
You’ve worked in high-trust environments. Ideally, you’ve helped build or mature GRC in a fast-growing SaaS, fintech, security, or AI company, and have exposure to ISO 42001, NIST AI RMF, Drata, or customer trust workflows.
Benefits at Basis
We offer a competitive and thoughtful benefits package designed to support your physical, mental, and financial well-being:
• Health & Wellness: Premium Medical, Dental, and Vision coverage; Life Insurance; and 6 coaching & 6 therapy sessions through Spring Health.
• Time off: Unlimited PTO + 12 paid company holidays.
• In-Office Perks: Daily meal stipends, a fully stocked kitchen, and $300 toward your custom desk setup.
• Financial Benefits: Pre-tax commuter benefits and 401(k) retirement plan
• Team Culture: Monthly office activities and frequent optional team happy hours.
• Parental Leave