Job Details

GRC and Security Lead (Europe Remote)

Operations Multiple locations Fully Remote

About Maisa

Maisa AI is an innovative Agentic Process Automation (APA) Platform that enables enterprises to create and deploy bulletproof AI Agents ("Digital Workers") for automating knowledge-intensive processes. Our flagship product, Maisa Studio, streamlines the creation, deployment, and continuous improvement of AI Agents while maintaining full auditability and explainability through our unique "Chain of Work" approach. We're building the future of enterprise automation with a platform that combines deterministic, code-based steps with AI reasoning, providing unprecedented transparency and reliability for mission-critical business processes.

Role Overview

We're looking for a GRC / Security Lead to build and maintain trustworthy, compliant, and secure systems that our customers, partners, and auditors can rely on. This role sits at the critical intersection of technology, legal, and operationsensuring we can not only build secure products but also prove our security posture to the world.

You'll be responsible for establishing our security foundation from the ground up, implementing compliance frameworks that scale with our growth, and serving as the trusted face of security for our customers and partners. This role reports directly to the COO and will work closely with the leadership team across all areas.

What You'll Do

Governance (G): Policy, Structure & Ownership

• Develop comprehensive security policies covering data classification, access management, vendor management, and incident response
• Create governance frameworks that align the entire organization around security best practices
• Define clear roles and responsibilities for information security processes across all teams
• Ensure organizational alignment through employee onboarding, security awareness training, and comprehensive documentation

Risk Management (R): Identification, Tracking & Mitigation

• Conduct comprehensive risk assessments across infrastructure, vendor relationships, and internal processes
• Own and maintain the enterprise risk register with detailed mitigation plans and timelines
• Execute regular third-party vendor assessments for data security posture (including cloud providers like AWS, AI services like OpenAI APIs, and SaaS tools)
• Implement risk monitoring processes with regular reporting to executive leadership

Compliance (C): Controls, Audits & Evidence

• Lead compliance certification initiatives (SOC 2, ISO 27001, GDPR) and industry-specific requirements
• Maintain auditable evidence through logging, access reviews, vulnerability scanning, and control testing
• Coordinate with external auditors and manage relationships with compliance automation tools (Vanta, Drata, TrustCloud)
• Monitor and update data privacy and security controls across all organizational functions
• Ensure continuous compliance through regular control assessments and gap analysis

Client-Facing Security Support

• Respond to security questionnaires and manage automated response systems to streamline the process
• Serve as primary security contact for RFPs, due diligence processes, and vendor security reviews
• Host security review calls with customers' legal, IT, and procurement departments
• Maintain and update Trust Center content and security documentation for customer transparency
• Support sales enablement through security collateral and competitive positioning

What You Bring

Required Experience

• 3-5 years in security-focused operations, technical program management, or DevOps/Infrastructure
• Deep familiarity with compliance frameworks (SOC 2, ISO 27001, ISO 42001, GDPR, HIPAA)
• Experience with cloud security architectures and modern technology stacks
• Proven track record managing multiple concurrent security initiatives

Core Skills

• Strong ability to interpret legal/regulatory requirements and translate them into technical controls
• Exceptional documentation and project management capabilities
• Excellent communication skills for technical teams, executives, and external stakeholders
• Analytical mindset for risk assessment and control effectiveness evaluation
• Proficient or native language level: English (mandatory)

Preferred Qualifications

• Industry certifications (CISSP, CISA, CISM, or equivalent)
• Previous startup or high-growth company experience
• Experience with AI/ML security considerations and data protection
• Background in customer-facing security roles or professional services

What Success Looks Like

First 90 Days:

• Assess current security posture and identify immediate priorities
• Establish foundational security policies and procedures
• Implement compliance automation tools and begin consolidation and process development

Year 1:

• Achieve SOC 2 Type II certification
• Build streamlined security questionnaire response process
• Establish mature risk management program with executive reporting
• Enable rapid customer security reviews and onboarding

Year 2:

• Achieve ISO 27001 and ISO 42001 certification and additional compliance certifications
• Scale security processes to support significant business growth
• Develop advanced customer security enablement capabilities
• Build security into a competitive advantage

Why You'll Love This Role

• Direct Impact: Build our security program from the ground up and see immediate results
• Customer-Facing: Work directly with customers and partners as the trusted face of security
• Strategic Influence: Report to the COO and influence company-wide security decisions
• Growth Opportunity: Scale with the company and build a security team as we grow
• Cutting-Edge: Work with modern compliance automation tools and emerging security technologies

What we offer

• Competitive salary and meaningful equity participation
• Professional development budget for certifications and training
• Clear growth path with opportunity to build and lead a security team
• Collaborative environment where your expertise directly shapes our success

About Maisa: Maisa AI is an innovative APA platform that enables enterprises to create and deploy bulletproof AI Agents for automating knowledge-intensive processes. Our flagship product, Maisa Studio, streamlines the creation, deployment, and continuous improvement of AI Agents while maintaining auditability and explainability through our Chain of Work approach. We're building the future of enterprise automation with a platform that combines deterministic, code-based steps with AI reasoning, providing transparency and reliability for mission-critical business processes.