GRC Specialist
Why Aisle?
Aisle is redefining how enterprises secure their software with an AI agent for autonomous vulnerability remediation. Vulnerabilities are the #1 root cause of cyber incidents, yet most organizations take weeks or months to patch what attackers exploit in days. We’re changing that.
Our mission is to protect democratic societies from the most sophisticated cyberattacks. We do that by giving organizations - including those operating critical infrastructure - the power to harden their systems and resolve security issues at superhuman speed and scale. Backed by world-class founders and advisors, we’re creating a new category in cybersecurity at the intersection of AI, automation, and enterprise resilience.
We’re a small, talent-dense team spread across the US, Europe, and Israel. We value high ownership, high velocity, and low-ego collaboration. If you want to work with world-class minds in AI and security, thrive in fast-moving environments, and care about solving one of the toughest challenges in tech, Aisle is the place for you.
What You’ll Be Doing
Framework Oversight: Maintain and evolve the company’s internal controls and policies to ensure we remain compliant with industry standards and regulatory requirements.
Risk Reporting: Produce high-quality risk assessments and reporting dashboards that turn complex technical vulnerabilities into clear, actionable insights for leadership.
Audit Management: Coordinate and lead internal and external audits, serving as the primary point of contact for regulators and third-party auditors.
AI Governance & Oversight: Develop and implement frameworks for the secure and ethical use of AI; monitor AI tool adoption across the company to ensure data privacy and model integrity.
Cross-Functional Collaboration: Support the IT and Security teams by applying risk management principles to new infrastructure projects and digital workflows.
Compliance & Training Support: Work alongside HR and Legal teams to develop security awareness materials and training programs that drive a culture of compliance.
Program Ownership: Take compliance initiatives from the initial gap analysis phase through to remediation and final certification.
Policy Management: Oversee the lifecycle of all corporate policies, ensuring they are updated, documented, and accessible across the organization.
Vendor Risk Assessment: Provide additional support by evaluating third-party vendors to ensure their security posture aligns with our corporate standards.
Requirements
Professional Background: 5 + years of experience in GRC, Information Security, or IT Audit roles with a track record of managing complex compliance projects.
Technical Toolkit: Proficiency with GRC software (e.g. Vanta) and a strong grasp of Excel for data analysis and risk modeling.
GRC Fundamentals: A deep understanding of industry frameworks such as SOC2, ISO 27001, ISO 42001, NIST, or GDPR. Experience with FedRamp is a strong plus.
Internal Control Knowledge: Familiarity with mapping controls to business processes and a willingness to contribute to technical security discussions.
Communication Skills: Confidence in interpreting regulatory jargon and presenting risk-based concepts to non-technical stakeholders.
Deadline Driven: Proven ability to manage multiple audit cycles and remediation deadlines at once without compromising on accuracy.
Execution & Detail: A meticulous approach to documentation and evidence collection, demonstrating a high level of organizational integrity.
Added Value: Relevant certifications such as CISSP, CISA, CRISC, or CISM are a plus for this role.
Bonus points: A Law degree or a Technical background (e.g., cloud security, application security) is a major plus and will help you excel in navigating complex regulatory and infrastructure challenges.