Risk and Compliance Lead

About Applied Intuition Applied Intuition, Inc. is powering the future of physical AI. Founded in 2017 and now valued at $15 billion, the Silicon Valley company is creating the digital infrastructure needed to bring intelligence to every moving machine on the planet. Applied Intuition services the automotive, defense, trucking, construction, mining and agriculture industries in three core areas: tools and infrastructure, operating systems, and autonomy. Eighteen of the top 20 global automakers, as well as the United States military and its allies, trust the company’s solutions to deliver physical intelligence. Applied Intuition is headquartered in Sunnyvale, California, with offices in Washington, D.C.; San Diego; Ft. Walton Beach, Florida; Ann Arbor, Michigan; London; Stuttgart; Munich; Stockholm; Bangalore; Seoul; and Tokyo. Learn more at applied.co . We are an in-office company, and our expectation is that employees primarily work from their Applied Intuition office 5 days a week. However, we also recognize the importance of flexibility and trust our employees to manage their schedules responsibly. This may include occasional remote work, starting the day with morning meetings from home before heading to the office, or leaving earlier when needed to accommodate family commitments. About the role We are looking for a multifaceted Risk and Compliance Lead to lead our security compliance initiatives across the organization. You will be responsible for ensuring adequate security controls to identify and mitigate risk across the organization. Additionally, you will collaborate with legal, engineering, operations and customers, as necessary, to ensure the state of compliance is well communicated. At Applied Intuition, you will: Own and mature the security GRC program, including policy lifecycle management, risk register maintenance, and control framework alignment across the organization Conduct comprehensive enterprise and product-level risk assessments to identify, prioritize, and track risks against the company's risk appetite - translating findings into actionable remediation plans for stakeholders Lead, manage and support compliance efforts such as, but not limited to, SOC2, ISO 27001, ISO 9001, TISAX, and federal/defense requirements - owning audit readiness, evidence collection, and remediation tracking end to end Drive Third Party Risk Management (TPRM) program, including vendor assessments, contract security reviews, and ongoing monitoring of critical third parties Build and maintain the GRC program infrastructure - including risk tracking, compliance tooling, reporting cadences, and executive-level risk reporting Partner with Legal, Engineering, IT, and Operations to embed compliance and risk requirements into business processes, product development, and infrastructure decisions Develop and maintain security policies, standards, and procedures that are practical, enforceable, and aligned to regulatory and contractual obligations Support customer-facing security assurance activities including questionnaires, audits, and contractual security reviews We're looking for someone who has: 6+ years of experience in security GRC, risk management, or compliance program ownership - with a track record of building or maturing programs, not just executing within them Hands on experience in running Enterprise Risk Assessments aligned with industry standard frameworks, risk register ownership, and translating technical risk into business-level impact Past experience of running Security Maturity Assessments against NIST 800-53, CCF, and more Deep hands-on experience managing SOC 2, ISO 27001, and TISAX audits - including scoping, control mapping, evidence coordination, and auditor management Experience running Third Party Risk Management programs including vendor tiering, security assessments, and ongoing monitoring Ability to interpret compliance frameworks in practical terms and drive cross-functional remediation ... (truncated, view full listing at source)