Fal
fal.ai is building the world’s best generative image, video and audio models. We're looking for a Security Compliance Lead to join our team and build scalable, efficient, and practical security and compliance foundations that align with our fast pace. In this role, you'll have a unique opportunity to design, operationalize, and scale our compliance and security programs in a cloud-native, AI-first environment. You’ll work across teams — legal, product, engineering, IT, and sales — to ensure we not only meet frameworks like SOC 2, HIPAA, GDPR, and ISO 27001, but do so in a way that supports business agility and long-term sustainability.
This role is both strategic and hands-on: you’ll set the vision and roll up your sleeves to get it done.
What You\'ll Do
Own and scale our security governance, risk, and compliance programs, ensuring alignment with SOC 2 Type II, HIPAA, GDPR, and ISO 27001. Lead and coordinate audits, readiness efforts, gap assessments, remediation tracking, and evidence collection across multiple frameworks. Operationalize core security programs (e.g. access reviews, vendor security, policy lifecycle, incident response, risk assessments). Drive vendor security reviews and streamline intake processes in partnership with Legal, Procurement, and Engineering. Collaborate cross-functionally with product, engineering, and operations to embed compliance-by-design practices into our SDLC and AI infrastructure. Develop and maintain security policies and ensure effective enablement across the company. Establish lightweight, repeatable processes for risk and controls management that scale with our growth. Help build and manage our internal compliance tooling ecosystem (e.g. Drata or Vanta). Provide regular compliance and risk updates to leadership and stakeholders. About You
5+ years in GRC, security, or privacy roles, ideally in a high-growth SaaS startup or regulated tech environment. Strong experience with SOC 2 Type II, HIPAA, ISO 27001, GDPR, and vendor risk management. Proven ability to operationalize compliance (not just advise on it). Experienced in managing and running audits across different frameworks. Comfortable navigating ambiguity and building programs from scratch in fast-moving environments. Excellent communication and stakeholder management skills — you know how to build alignment and keep momentum. Not required to be hands-on technical, but you’re comfortable with technical terminology and working closely with engineers and product teams. Highly organized and outcome-driven. Bonus Points
Familiarity with security tooling (e.g. Drata, Vanta, GRC platforms, Jira, Confluence). Experience working with cloud infrastructure (AWS, GCP, Azure). Prior work in AI/ML environments or data-heavy SaaS platforms. Industry certifications (e.g. CISM, CISA, CIPM, CISSP). Compensation
$150,000 - $210,000 + equity + comprehensive benefits package Location
San Francisco, CA - No remote options at this time What we offer at fal
Interesting and challenging work Employee-friendly equity terms (early exercise, extended exercise) A lot of learning and growth opportunities We offer visa sponsorship and will help you relocate to San Francisco. Health, dental, and vision insurance (US)
#J-18808-Ljbffr
Own and scale our security governance, risk, and compliance programs, ensuring alignment with SOC 2 Type II, HIPAA, GDPR, and ISO 27001. Lead and coordinate audits, readiness efforts, gap assessments, remediation tracking, and evidence collection across multiple frameworks. Operationalize core security programs (e.g. access reviews, vendor security, policy lifecycle, incident response, risk assessments). Drive vendor security reviews and streamline intake processes in partnership with Legal, Procurement, and Engineering. Collaborate cross-functionally with product, engineering, and operations to embed compliance-by-design practices into our SDLC and AI infrastructure. Develop and maintain security policies and ensure effective enablement across the company. Establish lightweight, repeatable processes for risk and controls management that scale with our growth. Help build and manage our internal compliance tooling ecosystem (e.g. Drata or Vanta). Provide regular compliance and risk updates to leadership and stakeholders. About You
5+ years in GRC, security, or privacy roles, ideally in a high-growth SaaS startup or regulated tech environment. Strong experience with SOC 2 Type II, HIPAA, ISO 27001, GDPR, and vendor risk management. Proven ability to operationalize compliance (not just advise on it). Experienced in managing and running audits across different frameworks. Comfortable navigating ambiguity and building programs from scratch in fast-moving environments. Excellent communication and stakeholder management skills — you know how to build alignment and keep momentum. Not required to be hands-on technical, but you’re comfortable with technical terminology and working closely with engineers and product teams. Highly organized and outcome-driven. Bonus Points
Familiarity with security tooling (e.g. Drata, Vanta, GRC platforms, Jira, Confluence). Experience working with cloud infrastructure (AWS, GCP, Azure). Prior work in AI/ML environments or data-heavy SaaS platforms. Industry certifications (e.g. CISM, CISA, CIPM, CISSP). Compensation
$150,000 - $210,000 + equity + comprehensive benefits package Location
San Francisco, CA - No remote options at this time What we offer at fal
Interesting and challenging work Employee-friendly equity terms (early exercise, extended exercise) A lot of learning and growth opportunities We offer visa sponsorship and will help you relocate to San Francisco. Health, dental, and vision insurance (US)
#J-18808-Ljbffr