About this role
About Us:Modal provides the infrastructure foundation for AI teams. With instant GPU access, sub-second container startups, and native storage, Modal makes it simple to train models, run batch jobs, and serve low-latency inference. We have thousands of customers who rely on us for production AI workloads, including Lovable, Scale AI, Substack, and Suno.
We're a fast-growing team based out of NYC, SF, and Stockholm. We've hit 9-figure ARR and recently raised a Series B at a $1.1B valuation. Our investors include Lux Capital, Redpoint Ventures, Amplify Partners, and Elad Gil.
Working at Modal means joining one of the fastest-growing AI infrastructure organizations at an early stage, with many opportunities to grow within the company. Our team includes creators of popular open-source projects (e.g. Seaborn, Luigi), academic researchers, international olympiad medalists, and experienced engineering and product leaders with decades of experience.
The Role:We’re looking for a hands-on Security GRC Specialist to own and scale our security and compliance programs while working closely with engineering and product teams. This role is central to building customer trust, enabling sales, and ensuring we meet evolving regulatory and security expectations without slowing down innovation.
You won’t just maintain compliance, you’ll help shape how we build secure systems.
What You'll Do:Compliance & Security Programs
Own and operate compliance frameworks (e.g., SOC 2, ISO 27001, GDPR, etc.)
Drive audits end-to-end: readiness, evidence collection, auditor coordination
Continuously improve controls and reduce compliance overhead through automation
Customer Trust & Sales Enablement
Lead responses to customer security questionnaires, RFPs, and due diligence requests
Partner with Sales and Customer Success to unblock deals and build trust
Develop and maintain security documentation (trust center, whitepapers, FAQs)
Engineering Collaboration
Work directly with engineering teams to design and implement practical security controls
Translate compliance requirements into technical, scalable solutions
Identify gaps and drive remediation projects (not just report them)
Risk & Governance
Run risk assessments across systems, vendors, and processes
Maintain policies and standards, but keep them lightweight and actionable
Track and report on security posture and compliance status
Process & Tooling
Improve how we manage compliance (evidence collection, control mapping, automation)
Evaluate and implement GRC/security tools where appropriate
Requirements:Core Experience
3–7+ years in security GRC, compliance, or security engineering-adjacent roles
Hands-on experience with frameworks like SOC 2, ISO 27001, or similar
Experience supporting audits and customer-facing security conversations
Technical Mindset (Important)
Comfortable working with engineers and understanding systems (cloud, infra, APIs, etc.)
Ability to translate between compliance language and technical implementation
Experience with modern cloud environments (AWS/GCP/Azure) is a strong plus
Execution & Ownership
Proactive and hands-on—you drive changes, not just track them
Able to balance rigor with pragmatism in a fast-moving environment
Strong communication skills, especially with customers and cross-functional teams
Bonus
Experience building or scaling a GRC program from early stages
Familiarity with automation in compliance workflows
Background in security engineering or DevOps
How We Think About This Role:Compliance is a means to build trust, not the end goal
GRC should enable the business, not slow it down
The best candidates are technical, pragmatic, and collaborative