Founding GRC Lead

About Pallet Pallet is building AI Agents to transform logistics — a $12 trillion global industry. We’ve raised $50M from top investors, including General Catalyst, Bessemer Venture Partners, and Bain Capital Ventures. In under two years, we’ve achieved 700% revenue growth and are just getting started. Our mission is to increase the efficiency of the global supply chain by automating the manual workflows that slow logistics teams down — from scheduling and appointment setting to data entry and load management. Our flagship platform provides end-to-end visibility, control, and optimization, while our newest product, CoPallet, introduces AI Agents that can understand and execute requests in real time, and integrate directly with customer systems. As logistics providers look to generative AI to drive efficiency, many are turning to Pallet to lead the way. With deep industry expertise and cutting-edge AI capabilities, we’re positioned to build the next $10B company in logistics. Join us and work alongside leaders from Google, DoorDash, YC, and more to shape the future of logistics tech. You could be a GRC Lead anywhere, why us? Join a well-funded, high-growth startup on the path to IPO ($50M raised, 700% revenue growth in 2 years, targeting a $6T market) Work directly with our Head of Finance and CTO Help transform a massive industry and scale us toward a $10 B+ business About the opportunity: Pallet is hiring its first dedicated GRC leader to own how we earn and keep trust: with customers, auditors, and regulators. You'll run our SOC 1 and SOC 2 programs, build our GDPR and CCPA privacy operations, and work shoulder-to-shoulder with engineering, product, sales, and legal to make compliance something Pallet is good at, not something it survives. This role reports directly to leadership and is the foundation of a function you will one end to end, and eventually grow. Why this role is different: You're the first. No inherited process, no legacy bureaucracy: you design the compliance operating model from a blank page, with the GRC tooling and executive support to do it right. Revenue-facing, not back-office. Enterprise deals at Pallet increasingly hinge on security posture. You'll sit in on customer conversations, own the trust narrative, and directly unblock sales. Full-spectrum scope. Most GRC roles silo you into audit or privacy or vendor risk. Here you own all of it, with the engineering proximity to actually change how things get built. Surround yourself with top-tier talent and fast-track your career : this is a foundational seat with a clear path to building and leading a team. How you will make an impact: Run SOC 1 and SOC 2 Type II audit cycles end to end: control design, evidence automation, auditor relationships, and clean reports delivered on schedule, every cycle. Build Pallet's privacy program for GDPR and CCPA/CPRA:data inventory and mapping, DSAR handling, DPAs, and privacy reviews baked into product development. Primary point of contact for external auditors and assessors in collecting evidence, audit responses, timelines. Translate audit findings into actionable plans. Implement continuous-compliance infrastructure so audit readiness is a byproduct of how we operate, not an annual fire drill. Embed security and privacy controls into engineering and product workflows, earning adoption through partnership rather than mandate. Stand up vendor risk management: security reviews, DPA negotiation support, and an ongoing third-party risk register. Own the customer-facing trust motion (security questionnaires, trust center, customer audits) and measurably shorten enterprise sales cycles. Preferred experience: 7–12 years across GRC, security compliance, or audit, including full ownership of at least two SOC 2 Type II cycles. Built or significantly matured SOC, ISO, GDPR, and privacy compliance programs in-house - you've operationalized privacy, not just advised on it. Technically credible with engineers: comfortable discussing access controls, encryption, logging, and cloud infrastructure (AWS/GCP) without needing translation. Deep hands-on experience with compliance automation platforms and evidence workflows. Startup-calibrated judgment: you know which risks matter, build lightweight process, and have certifications (CISA, CISSP, ISO 27001 LA) as a bonus rather than a substitute for experience. Interview Process: Chat with Christy - Business Recruiter - 30 mins Chat with Austin Zheng - 30-45 mins  Proficiency Assessment    Final Interview - 3-4 hours Brief Background Check and Reference Check We move fast, and we’ll keep you informed at every stage of the process. Location: This role is an in-office role in our San Francisco office (5 mins walk from Montgomery BART Station) Compensation: The estimated salary range for this role is $175,000-$225,000, depending on experience and skill set. In addition to base salary, we offer competitive equity, benefits, and opportunities for growth. Final compensation will be determined based on a combination of factors, including experience, qualifications, and location. Our Benefits  We invest in our people the same way we invest in our product: seriously. 🩺 Health, Vision, and Dental benefits  🏝️ Flexible PTO ➕ Life Insurance and Accidental Insurance  ❤️‍🩹 Short-Term Disability Coverage 💸 Generous salary and equity for all staff 🪜 401k option; company match not currently offered 🧑‍🧑‍🧒‍🧒 Paid parental leave to support growing families 📚 Yearly learning and development stipend 🚌 Commuter benefits for Bay Area employees 🚘 Uber ride stipend if you ever have to work late in the office  🏡 Remote office home stipend to get you comfy in your space 🍔 Daily catered lunches provided  ✈️ Onboarding trip to San Francisco HQ if you work remotely 🥤 Monthly happy hours 🎉 Annual Company Offsites; our last one was in Palm Springs CA 🌴 Workplace Po