Back to jobs
New

Security Compliance Lead

San Francisco

fal.ai is building the world’s best generative image, video and audio models. We're looking for a Security Compliance Lead to join our team and build scalable, efficient, and practical security and compliance foundations that align with our fast pace. In this role, you'll have a unique opportunity to design, operationalize, and scale our compliance and security programs in a cloud-native, AI-first environment. You’ll work across teams — legal, product, engineering, IT, and sales — to ensure we not only meet frameworks like SOC 2, HIPAA, GDPR, and ISO 27001, but do so in a way that supports business agility and long-term sustainability.

This role is both strategic and hands-on: you’ll set the vision and roll up your sleeves to get it done.

What You'll Do

  • Own and scale our security governance, risk, and compliance programs, ensuring alignment with SOC 2 Type II, HIPAA, GDPR, and ISO 27001.
  • Lead and coordinate audits, readiness efforts, gap assessments, remediation tracking, and evidence collection across multiple frameworks.
  • Operationalize core security programs (e.g. access reviews, vendor security, policy lifecycle, incident response, risk assessments).
  • Drive vendor security reviews and streamline intake processes in partnership with Legal, Procurement, and Engineering.
  • Collaborate cross-functionally with product, engineering, and operations to embed compliance-by-design practices into our SDLC and AI infrastructure.
  • Develop and maintain security policies and ensure effective enablement across the company.
  • Establish lightweight, repeatable processes for risk and controls management that scale with our growth.
  • Help build and manage our internal compliance tooling ecosystem (e.g. Drata or Vanta).
  • Provide regular compliance and risk updates to leadership and stakeholders.

About You

  • 5+ years in GRC, security, or privacy roles, ideally in a high-growth SaaS startup or regulated tech environment.
  • Strong experience with SOC 2 Type II, HIPAA, ISO 27001, GDPR, and vendor risk management.
  • Proven ability to operationalize compliance (not just advise on it).
  • Experienced in managing and running audits across different frameworks.
  • Comfortable navigating ambiguity and building programs from scratch in fast-moving environments.
  • Excellent communication and stakeholder management skills — you know how to build alignment and keep momentum.
  • Not required to be hands-on technical, but you’re comfortable with technical terminology and working closely with engineers and product teams.
  • Highly organized and outcome-driven.

Bonus Points

  • Familiarity with security tooling (e.g. Drata, Vanta, GRC platforms, Jira, Confluence).
  • Experience working with cloud infrastructure (AWS, GCP, Azure).
  • Prior work in AI/ML environments or data-heavy SaaS platforms.
  • Industry certifications (e.g. CISM, CISA, CIPM, CISSP).

Compensation

  • $150,000 - $210,000 + equity + comprehensive benefits package

Location

  • San Francisco, CA - No remote options at this time

What we offer at fal

  • Interesting and challenging work
  • Employee-friendly equity terms (early exercise, extended exercise)
  • A lot of learning and growth opportunities
  • We offer visa sponsorship and will help you relocate to San Francisco.
  • Health, dental, and vision insurance (US)
  • Regular team events and offsites

Apply for this job

*

indicates a required field

Resume/CV

Accepted file types: pdf, doc, docx, txt, rtf

Cover Letter

Accepted file types: pdf, doc, docx, txt, rtf