Role Overview
Modal is hiring a Security GRC Specialist. This is a full-time role in New York. Full responsibilities, required qualifications, and the apply link are listed in the description below.
Resume Keywords to Include
Make sure these keywords appear in your resume to improve ATS scoring
Job description
ABOUT US
AI needs a new infrastructure layer. We're building it at Modal.
Every era of computing brought new workloads that previous infrastructure couldn't support: mainframes, databases, and the cloud. Each time, the company that rebuilt the layer underneath defined the decade. AI is no different, except it touches everything instead of one slice, and the window to build the layer underneath it is open right now.
Our customers include category-defining companies like Lovable https://modal.com/blog/lovable-case-study, Ramp https://modal.com/blog/how-ramp-built-a-full-context-background-coding-agent-on-modal, Cognition, DoorDash, and Suno. They rely on Modal for instant GPU access, sub-second container starts, and native storage, so it's simple to serve low-latency inference, fine-tune models, and access production-ready sandboxes at scale.
We recently raised a $355M Series C https://modal.com/blog/modal-series-c at a $4.65B valuation, led by General Catalyst and Redpoint Ventures. We've crossed $300M+ ARR and grown fivefold since September.
Our team includes creators of popular open-source projects (e.g.,Seaborn https://github.com/mwaskom/seaborn,Luigi https://github.com/spotify/luigi), academic researchers, international olympiad medalists, and experienced engineering and product leaders with decades of experience.
THE ROLE:
We’re looking for a hands-on Security GRC Specialist to own and scale our security and compliance programs while working closely with engineering and product teams. This role is central to building customer trust, enabling sales, and ensuring we meet evolving regulatory and security expectations without slowing down innovation.
You won’t just maintain compliance, you’ll help shape how we build secure systems.
WHAT YOU'LL DO
Compliance & Security Programs
- Own and operate compliance frameworks (e.g., SOC 2, ISO 27001, GDPR, etc.)
- Drive audits end-to-end: readiness, evidence collection, auditor coordination
- Continuously improve controls and reduce compliance overhead through automation
Customer Trust & Sales Enablement
- Lead responses to customer security questionnaires, RFPs, and due diligence requests
- Partner with Sales and Customer Success to unblock deals and build trust
- Develop and maintain security documentation (trust center, whitepapers, FAQs)
Engineering Collaboration
- Work directly with engineering teams to design and implement practical security controls
- Translate compliance requirements into technical, scalable solutions
- Identify gaps and drive remediation projects (not just report them)
Risk & Governance
- Run risk assessments across systems, vendors, and processes
- Maintain policies and standards, but keep them lightweight and actionable
- Track and report on security posture and compliance status
Process & Tooling
- Improve how we manage compliance (evidence collection, control mapping, automation)
- Evaluate and implement GRC/security tools where appropriate
REQUIREMENTS
- Core Experience
- 3–7+ years in security GRC, compliance, or security engineering-adjacent roles
- Hands-on experience with frameworks like SOC 2, ISO 27001, or similar
- Experience supporting audits and customer-facing security conversations
Technical Mindset (Important)
- Comfortable working with engineers and understanding systems (cloud, infra, APIs, etc.)
- Ability to translate between compliance language and technical implementation
- Experience with modern cloud environments (AWS/GCP/Azure) is a strong plus
Execution & Ownership
- Proactive and hands-on—you drive changes, not just track them
- Able to balance rigor with pragmatism in a fast-moving environment
- Strong communication skills, especially with customers and cross-functional teams
Bonus
- Experience building or scaling a GRC program from early stages
- Familiarity with automation in compliance workflows
- Background in security engineering or DevOps
HOW WE THINK ABOUT THIS ROLE:
- Compliance is a means to build trust, not the end goal
- GRC should enable the business, not slow it down
- The best candidates are technical, pragmatic, and collaborative
About Modal
Frequently Asked Questions
How do I apply for the Security GRC Specialist position at Modal?
Use the Apply button above to submit your application directly to Modal. Most applications take less than 5 minutes if your resume and contact details are ready, and you'll be routed to the employer's official application system to finish.
Where is the Security GRC Specialist position at Modal located?
This position is based in New York. Modal has not indicated remote or hybrid options for this role, so candidates should plan for on-site work.
What does a Security GRC Specialist at Modal earn?
Modal has not disclosed a salary range in this posting. Many employers share specifics later in the interview process; you can also ask during a recruiter screen if compensation transparency is important to you.
When was the Security GRC Specialist role at Modal posted?
This role was posted on April 21, 2026 (81 days ago). It's still listed as actively hiring; we re-confirm openings against the source system multiple times per day and remove closed roles.
More Jobs at Modal
View all →AI-powered job search
Get every job scored to your resume
Upload your resume and get jobs ranked, your resume tailored, and employee contacts found automatically.
Get started freeNo credit card to start