Governance, Risk & Compliance (GRC) Engineer

fal is the generative media ecosystem powering the next generation of AI products. We build the infrastructure, tools, and model access that teams need to move from idea to production, and do it at scale without compromise. For developers and enterprises, fal is the foundation that makes generative media not just possible, but practical: a unified platform where high-performance inference, orchestration, and observability come together to unlock new categories of AI-native products.

As generative media reshapes industries across a market projected to grow by hundreds of billions over the next decade, fal is becoming the ecosystem that ambitious teams build on.

About Us

Fal.ai is the leading generative media platform for developers, enabling organizations to build, deploy, and scale AI-powered applications. We are focused on delivering highly available, secure, and compliant infrastructure while maintaining the speed and agility expected from a modern AI company.

We are looking for a Governance, Risk & Compliance (GRC) Engineer to help scale our security and compliance programs as we continue to grow. This role will partner closely with Security, Engineering, Infrastructure, Legal, and Go-to-Market teams to strengthen our risk management capabilities, maintain compliance certifications, support enterprise customer requirements, and build scalable governance processes.

Role Overview

As a GRC Engineer, you will be responsible for designing, implementing, and continuously improving Fal's governance, risk management, and compliance programs. You will help ensure that our security controls meet regulatory, contractual, and customer requirements while enabling the business to move quickly.

This role combines technical security knowledge with compliance expertise and requires strong cross-functional collaboration skills. The ideal candidate understands cloud infrastructure, modern security practices, and compliance frameworks and can translate technical controls into business and regulatory requirements.

What You'll Do

Governance & Compliance

• Manage and improve Fal's security compliance programs, including:

  • SOC 2

  • ISO 27001

  • GDPR

  • Emerging AI governance frameworks

• Coordinate internal and external audits.

• Maintain security policies, standards, procedures, and control documentation.

• Develop compliance automation and continuous monitoring processes.

• Support security awareness and policy governance initiatives.

Risk Management

• Lead enterprise risk assessments and risk register management.

• Perform vendor and third-party risk assessments.

• Conduct control gap analyses and remediation tracking.

• Facilitate risk reviews with stakeholders across engineering and business teams.

• Develop metrics and reporting for risk and compliance leadership.

Customer Security & Trust

• Support enterprise security reviews and customer due diligence requests.

• Assist with security questionnaires, audits, and RFP responses.

• Help maintain trust center content and security documentation.

• Partner with Sales, Legal, and Customer Success to address customer security concerns.

Security Engineering & Control Validation

• Collaborate with Security and Infrastructure teams to implement and validate security controls.

• Evaluate cloud and AI infrastructure against security requirements.

• Assess effectiveness of technical safeguards including:

  • Identity and access management

  • Logging and monitoring

  • Vulnerability management

  • Incident response

  • Data protection controls

• Support evidence collection and control testing.

Program Development

• Build scalable GRC processes that reduce manual effort.

• Identify opportunities for compliance automation.

• Develop governance frameworks for emerging AI and machine learning technologies.

• Support strategic security initiatives and certifications.