About Rippling

Rippling gives businesses one place to run HR, IT, and Finance. It brings together all of the workforce systems that are normally scattered across a company, like payroll, expenses, benefits, and computers. For the first time ever, you can manage and automate every part of the employee lifecycle in a single system.

Take onboarding, for example. With Rippling, you can hire a new employee anywhere in the world and set up their payroll, corporate card, computer, benefits, and even third-party apps like Slack and Microsoft 365—all within 90 seconds.

Based in San Francisco, CA, Rippling has raised $1.4B+ from the world’s top investors—including Kleiner Perkins, Founders Fund, Sequoia, Greenoaks, and Bedrock—and was named one of America's best startup employers by Forbes.

We prioritize candidate safety. Please be aware that all official communication will only be sent from @Rippling.com addresses.

About the role

We're looking for a GRC Engineer to design the foundation for automated compliance at Rippling. This role sits at the intersection of security frameworks, product design, and AI-first software development. You'll translate compliance frameworks like SOC 2 and ISO 27001 into automated signals inside the Rippling platform.

You'll design the controls, evidence models, and data requirements that power Rippling's Automated Compliance product. You'll define what evidence needs to be collected, how it should be structured, and how we determine whether a control is passing or failing based on real system activity. You'll work closely with product and engineering to automate integrations with cloud providers, identity platforms, developer tools, and HR systems. These integrations allow Rippling to continuously verify compliance controls.

This role requires thinking like both a compliance expert and a systems designer — understanding how compliance administrators operate while breaking down requirements into data schemas, API queries, and engineering tasks.

What you will do

• You will translate security frameworks like SOC 2, ISO 27001, and NIST into structured controls and evidence requirements.
• You will design an intuitive control and evidence library that breaks down compliance work into clear, user-friendly tasks.
• You will define what evidence is required for each control and how it should be collected automatically.
• You will determine what system data is required to validate a given control and define the schemas, signals, and conditions that determine whether a control is passing or failing.
• You will create detection logic that continuously evaluates compliance using real system activity.
• You will research and define the API data required from third-party systems to validate compliance controls.
• You will work with engineering teams to implement connectors that extract and normalize compliance data.
• You will break down compliance requirements into well-defined engineering tasks that can be implemented across integrations.
• You will contribute to an AI-first workflow that accelerates integration development and evidence generation.
• You will develop a deep understanding of how compliance admins manage audits and design workflows that reduce their manual work.

What you will need

• Experience working with compliance frameworks like SOC 2, ISO 27001, or NIST.
• Experience implementing or managing compliance programs, with the ability to break down controls into concrete evidence requirements.
• Strong intuition for what auditors expect and how evidence should be structured.
• Experience defining data requirements or system signals used to validate controls.
• Ability to reason about APIs, system events, and structured data.
• Comfort working with engineering teams to define schemas and integration requirements.
• Strong analytical thinking and ability to reason about data correctness and edge cases.
• Excellent communication skills with the ability to translate complex compliance concepts into clear instructions for non-experts.
• Experience designing scalable processes rather than manual workflows.

Additional Information

Rippling is an equal opportunity employer. We are committed to building a diverse and inclusive workforce and do not discriminate based on race, religion, color, national origin, ancestry, physical disability, mental disability, medical condition, genetic information, marital status, sex, gender, gender identity, gender expression, age, sexual orientation, veteran or military status, or any other legally protected characteristics, Rippling is committed to providing reasonable accommodations for candidates with disabilities who need assistance during the hiring process. To request a reasonable accommodation, please email accommodations@rippling.com

Rippling highly values having employees working in-office to foster a collaborative work environment and company culture. For office-based employees (employees who live within a defined radius of a Rippling office), Rippling considers working in the office, at least three days a week under current policy, to be an essential function of the employee's role.

This role will receive a competitive salary + benefits + equity. The salary for US-based employees will be aligned with one of the ranges below based on location; see which tier applies to your location here.

A variety of factors are considered when determining someone’s compensation–including a candidate’s professional background, experience, and location. Final offer amounts may vary from the amounts listed below.