Senior GRC Engineer

About Life360

Life360’s mission is to keep people close to the ones they love. Our category-leading mobile app,Tile tracking devices, and Pet GPS tracker empower members to protect the people, pets, and things they care about most with a range of services, including location sharing, safe driver reports, and crash detection with emergency dispatch. Life360 serves approximately 95.8 million monthly active users (MAU), as of December 31, 2025, across more than 180 countries.

Life360 delivers peace of mind and enhances everyday family life with seamless coordination for all the moments that matter, big and small. By continuing to innovate and deliver for our customers, we have become a household name and the must-have mobile-based membership for families (and those friends who are basically family).

Life360 has more than 500 (and growing!) remote-first employees. For more information, please visit life360.com.

Life360 is a Remote-First company, which means a remote work environment will be the primary experience for all employees. All positions, unless otherwise specified, can be performed remotely (within the US) regardless of any specified location above. 

We are AI Native

We are building an AI native company where AI is an integral part of how we build and operate. AI tool usage during interviews varies by role. You may be asked to demonstrate proficiency with AI tools, discuss how you leverage AI, or complete interview exercises without AI assistance. Your Recruiter will provide clear guidance as you move through the interview process.

Undisclosed use of AI not previously discussed with or approved by your Recruiter may impact your candidacy.

About The Team

The Information Security and Technology team is responsible for keeping Life360 safe — our systems, our employees, and the tens of millions of families who trust us with their location data. That obligation is the starting point. How we meet it is what makes this team different.

We are builders. Security controls that don't get used aren't controls. Compliance programs that create friction without reducing risk aren't programs. We build things that work in production, earn adoption from engineering teams, and get better over time — and we use AI to do it at a scale a traditional team couldn't.

We're also at an inflection point. Life360 is deploying agentic systems into how we build and operate, and the security and governance implications of that are still being worked out — by us, and by the industry. The threat surface is expanding. The compliance frameworks are catching up. The people on this team aren't waiting for either.

About the Job

Governance, Risk, and Compliance (GRC) has been on a slow progression from audit binders and manual evidence collection toward policy as code, continuous control testing, and compliance infrastructure that generates its own proof. We're hiring someone already living at that frontier — and ready to push past it.

Life360 is mid-transformation into an AI-native company, which means this role has two jobs running in parallel. The first is building the technical foundation of a modern GRC program: policies version-controlled in Git, controls that self-test, evidence generated by integrations rather than collected by humans, and a TPRM program that reflects how we actually use third parties. SOC 2, ISO 27001, and SOX anchor this work.

The second job is harder and less charted. As Life360 deploys agentic systems into how we build and operate, the policy and control landscape is shifting in real time. Major frameworks are actively working out how to account for autonomous agents, and new control sets are emerging faster than the regulations that require them. You'll anticipate new policy requirements, adapt existing controls, and ensure our governance architecture is ready before the auditors ask.

We use AI tools as a professional standard on this team. Here's what that means in practice.

Ai-Native Daily use: You use AI tools for real, substantive work — analysis, drafting, automation, code, investigations, evidence gathering. 

Judgment and ownership: AI-generated work gets the same scrutiny you'd give any human-produced artifact. You're accountable for everything you ship.

Domain-specific judgment: You know where AI is the wrong tool. Sensitive data handling, attacker-controlled inputs, agents with production access, and privileged identity changes all need careful guardrails — and you can articulate where AI helps, where it hurts, and where it needs a human in the loop.

Leverage: When AI is working well, you take on problems that would otherwise require a larger team. We hire people who use that leverage to ship better outcomes, not just faster ones.

Continuous learning: The tooling moves fast. You stay current, share what works with the team, and speak up when something would meaningfully change how we operate.

The US-based salary range for this position is $115,500 to $213,000. We take into consideration an individual's background and experience in determining final salary - therefore, base pay offered may vary considerably depending on geographic location, job-related knowledge, skills, and experience. The compensation package includes a wide range of medical, dental, vision, financial, and other benefits, as well as equity.

What You’ll Do

• Own the governance framework for Life360's agentic systems. The major compliance frameworks are still figuring out how to account for autonomous agents. Define the policies, control sets, and compliance posture that govern how agents are built and deployed at Life360 — and build ahead of the regulation.
• Take an agentic approach to GRC itself. Automate evidence collection, draft control narratives, triage vendor questionnaires — use AI and internal tooling to do the work humans shouldn't be doing manually. Write the integrations and pipelines that make it real. Know where AI creates leverage, where it introduces risk, and where a human needs to stay in the loop.
• Build the policy program as code. Policies in Git, peer-reviewed via pull request. Requirements expressed as enforceable rules and automated checks, not static PDFs. A common controls framework that satisfies SOC 2, ISO 27001, NIST CSF, and future frameworks from a single control reference — no rework.
• Drive SOC 2 Type 2, ISO 27001, and SOX ITGC end-to-end as management owner — managing evidence, coordinating with external assessors, and closing gaps before auditors find them. Build the automation once; satisfy three frameworks. Financial reporting controls beyond ITGC live with Internal Audit; you'll partner closely with them  on shared control libraries, evidence pipelines, and walkthroughs. Internal Audit retains independent SOX program ownership, third-line testing, and Audit Committee reporting . The goal is audit readiness as a continuous state, not a quarterly sprint.
• Build an operational risk function, not a register. Quantitative-leaning, FAIR-informed, and connected to live data sources across cloud security posture, endpoint detection, vulnerability management, and asset inventory. Risk scoring that reflects current reality and is actionable at every altitude — service owner to board executive leadership, with Audit Committee reporting on enterprise risk coordinated with Internal Audit. Build the data model, workflow layer, and closed loop that turns risk from a prioritization exercise into a lifecycle with owners and treatment decisions
• Mature the TPRM program. Tiered reviews by risk and data sensitivity. Automated evidence collection and agent-based workflows that reduce friction for vendors and internal teams alike — making it easier to do this right than to skip it.
• Be the auditor's primary management contact. Own scoping, walkthroughs, evidence delivery, and management responses for SOC 2, ISO 27001, and SOX ITGC. Auditors leave knowing more about how Life360 actually works than they did when they walked in — and findings get closed before they become repeat findings. 
• Build the cross-functional relationships that make GRC work in practice. Engineering, Legal, Privacy, Internal Audit and Procurement are all load-bearing parts of this program — own those partnerships and build the workflows that make compliance a shared practice, not a security team deliverable.
• Maintain clear role boundaries between management’s first- and second-line GRC operations and Internal Audit’s third-line independent assurance.

What We’re Looking For

• 5+ years in GRC, security engineering, or a hybrid role where you owned both the policy and control side and the technical implementation — not one or the other.
• You build with AI tools, not just use them. You've used LLMs and agents in real work — drafting, code, automation, investigation — and can make judgment calls about where AI creates leverage and where it introduces risk. Experience designing or operating agentic workflows is a strong signal.
• Coding ability that ships. Python or equivalent — you can call APIs, build integrations, schedule jobs, and deploy a working pipeline without help. Show us something you built. 
• You can evidence controls directly in cloud environments — identity, audit logs, configuration posture, secrets management — without relying on screenshots or system owners. You pull evidence from APIs.
• You've implemented, integrated, or significantly extended a modern GRC platform. You know what these platforms actually solve, where they fall short, and when to write your own code instead.
• SOC 2, ISO 27001, and NIST AI RMF at the control level, not just the headers. You understand how these frameworks are evolving to account for AI and agentic systems.
• You've worked through SOX ITGC cycles at a public company — managing evidence, walkthroughs, and findings with external auditors.
• Built or scaled a TPRM program — you've designed tiering, pushed back on bad vendors, and automated parts of the assessment workflow.
• Quantitative risk experience — you've owned a risk register and made it useful to engineers and executives. FAIR or equivalent methodology in real use is a strong signal.
• Clear writing — policies, control narratives, audit responses, and risk statements that engineers and lawyers both understand.
• Bachelor's degree or equivalent.

Nice to have

• Experience taking a company through SOC 2 Type 2 or ISO 27001 certification from scratch.
• Privacy program crossover — GDPR, CCPA, data mapping, DPIAs.
• You've worked on the implementation side of security — engineering, operations, or incident response. You don't just audit other teams' work; you understand it because you've done it.
• Experience building governance frameworks for AI systems — model risk, ISO 42001, or controls around LLM and agent deployment.

Ai-Native Daily use: You use AI tools for real, substantive work — analysis, drafting, automation, code, investigations, evidence gathering. 

Judgment and ownership: AI-generated work gets the same scrutiny you'd give any human-produced artifact. You're accountable for everything you ship.

Domain-specific judgment: You know where AI is the wrong tool. Sensitive data handling, attacker-controlled inputs, agents with production access, and privileged identity changes all need careful guardrails — and you can articulate where AI helps, where it hurts, and where it needs a human in the loop.

Leverage: When AI is working well, you take on problems that would otherwise require a larger team. We hire people who use that leverage to ship better outcomes, not just faster ones.

Continuous learning: The tooling moves fast. You stay current, share what works with the team, and speak up when something would meaningfully change how we operate.

Our Benefits

• Competitive pay and benefits
• Medical, dental, vision, life and disability insurance plans (100% paid for employees)
• 401(k) plan with company matching program
• Mental Wellness Program & Employee Assistance Program (EAP) for mental well-being
• Flexible PTO, 13 company-wide days off throughout the year
• Winter and Summer Weeklong Synchronized Company Shutdowns
• Learning & Development programs
• Equipment, tools, and reimbursement support for a productive remote environment
• Free Life360 Platinum Membership for your preferred circle
• Free Tile Products

Life360 Values

Our company’s mission-driven culture is guided by our shared values to create a trusted work environment where you can bring your authentic self to work and make a positive difference 

• Be a Good Person - We have a team of high integrity people you can trust. 
• Be Direct With Respect - We communicate directly, even when it’s hard.
• Members Before Metrics - We focus on building an exceptional experience for families. 
• High Intensity, High Impact - We do whatever it takes to get the job done. 

Our Commitment to Diversity

We believe that different ideas, perspectives and backgrounds create a stronger and more creative work environment that delivers better results. Together, we continue to build an inclusive culture that encourages, supports, and celebrates the diverse voices of our employees. It fuels our innovation and connects us closer to our customers and the communities we serve. We strive to create a workplace that reflects the communities we serve and where everyone feels empowered to bring their authentic best selves to work.

We are an equal opportunity employer and value diversity at Life360. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, disability status or any legally protected status.  

We encourage people of all backgrounds to apply. We believe that a diversity of perspectives and experiences create a foundation for the best ideas. Come join us in building something meaningful. Even if you don’t meet 100% of the below qualifications, you should still seriously consider applying!

 

#LI-Remote

____________________________________________________________________________