
Security Compliance Lead
fal.ai is building the world’s best generative image, video and audio models. We're looking for a Security Compliance Lead to join our team and build scalable, efficient, and practical security and compliance foundations that align with our fast pace. In this role, you'll have a unique opportunity to design, operationalize, and scale our compliance and security programs in a cloud-native, AI-first environment. You’ll work across teams — legal, product, engineering, IT, and sales — to ensure we not only meet frameworks like SOC 2, HIPAA, GDPR, and ISO 27001, but do so in a way that supports business agility and long-term sustainability.
This role is both strategic and hands-on: you’ll set the vision and roll up your sleeves to get it done.
What You'll Do
- Own and scale our security governance, risk, and compliance programs, ensuring alignment with SOC 2 Type II, HIPAA, GDPR, and ISO 27001.
- Lead and coordinate audits, readiness efforts, gap assessments, remediation tracking, and evidence collection across multiple frameworks.
- Operationalize core security programs (e.g. access reviews, vendor security, policy lifecycle, incident response, risk assessments).
- Drive vendor security reviews and streamline intake processes in partnership with Legal, Procurement, and Engineering.
- Collaborate cross-functionally with product, engineering, and operations to embed compliance-by-design practices into our SDLC and AI infrastructure.
- Develop and maintain security policies and ensure effective enablement across the company.
- Establish lightweight, repeatable processes for risk and controls management that scale with our growth.
- Help build and manage our internal compliance tooling ecosystem (e.g. Drata or Vanta).
- Provide regular compliance and risk updates to leadership and stakeholders.
About You
- 5+ years in GRC, security, or privacy roles, ideally in a high-growth SaaS startup or regulated tech environment.
- Strong experience with SOC 2 Type II, HIPAA, ISO 27001, GDPR, and vendor risk management.
- Proven ability to operationalize compliance (not just advise on it).
- Experienced in managing and running audits across different frameworks.
- Comfortable navigating ambiguity and building programs from scratch in fast-moving environments.
- Excellent communication and stakeholder management skills — you know how to build alignment and keep momentum.
- Not required to be hands-on technical, but you’re comfortable with technical terminology and working closely with engineers and product teams.
- Highly organized and outcome-driven.
Bonus Points
- Familiarity with security tooling (e.g. Drata, Vanta, GRC platforms, Jira, Confluence).
- Experience working with cloud infrastructure (AWS, GCP, Azure).
- Prior work in AI/ML environments or data-heavy SaaS platforms.
- Industry certifications (e.g. CISM, CISA, CIPM, CISSP).
Compensation
-
$150,000 - $210,000 + equity + comprehensive benefits package
Location
-
San Francisco, CA - No remote options at this time
What we offer at fal
- Interesting and challenging work
- Employee-friendly equity terms (early exercise, extended exercise)
- A lot of learning and growth opportunities
- We offer visa sponsorship and will help you relocate to San Francisco.
- Health, dental, and vision insurance (US)
- Regular team events and offsites
Apply for this job
*
indicates a required field