GRC Analyst

Fluidstack
Fluidstack

IT

New York, NY, USA

Posted on Jul 8, 2026

About Fluidstack

We exist to make humanity more free. For most of human history, you farmed or you starved. Technology gave people more time for the things they wanted to do, instead of things they had to do. Powerful AI will be the biggest lever for human choice we've ever built - but only if models are aligned with what humanity actually wants. There are groups building AI who don't share these goals. Whoever deploys frontier compute infrastructure fastest will decide whether AI expands human freedom or shrinks it.

We're singularly focused on delivering 10 to 100s of GWs of compute faster than anyone else, rethinking every layer of the stack. We acquire power, design and build data centers, and operate them - with teams spanning hardware and software. Speed and scale are our key differentiators. Come be a part of building civilization-scale infrastructure for AI.


We hire people who care deeply about this problem space. If that is you, please apply!

How We Operate

  • Extreme ownership. Full autonomy. Own things end to end often taking on scope outside your core role without being asked to get things done.

  • Velocity. We drive everything forward as fast as possible.

  • First principles. Challenge every assumption. Zero analogy thinking, no egos, the best idea wins.

  • Love of the game. The frontier of AI is the most interesting problem of our time. We put in long hours at high intensity to push the frontier forward.

The Security Team

Examples of key problems the team is working on

  • You’re securing the frontier of AI. The model weights training on our infrastructure are the most valuable and most targeted artifacts in technology, and we’re standing up the compute to hold them faster than anyone ever has. A breach isn’t a leak, it’s the frontier walking out the door.

  • Build the entire security program from scratch. Most leaders inherit someone else’s system and spend a career patching it. Here you own it end to end, bare metal to boardroom, as we scale across continents.

  • Your threat surface is measured in gigawatts. The customers running on our infrastructure are building the most consequential technology in human history, and being responsible for the physical and logical security of that work makes everything else feel small.

Role Scope

  • Run the day-to-day compliance program end to end across SOC 2 Type II, ISO 27001, NIST 800-53, and FedRAMP Moderate equivalency: continuous evidence collection, control monitoring, and audit readiness held on GRC platforms (Vanta) and the tooling we build in-house.

  • Own the policy and procedure set: draft, maintain, and run the review cycle so documentation keeps pace with the controls as the program grows.

  • Run recurring control operations on cadence, access reviews, control owner attestations, and evidence refreshes, chasing system owners and employees across the org directly to get them done on time.

  • Drive audit and assessment cycles with external auditors and assessors and manage the POA&M to closure, tracking each finding to a named owner and milestone so nothing ages past its deadline.

  • Bring each new site and team into the compliance program as we scale, mapping their systems to existing controls so coverage stays consistent instead of fragmenting facility by facility.

What We’re Looking For

The below is a starting point. We always make space for exceptional people, so if you don’t fit this role exactly, tell us where you would.

  • You’ve operated controls and pulled evidence against at least one major framework (SOC 2, ISO 27001, NIST 800-53, or FedRAMP) through a real audit, not just read the policy.

  • You’ve owned a compliance documentation set, policies, procedures, and control narratives, and kept it current as the environment changed underneath you.

  • You’ve sat across from an auditor or assessor, defended how a control runs in practice, and closed findings without escalating every question upward.

  • You get evidence and adherence out of busy engineers, system owners, and employees across the org, on time, without a manager pushing you to do it.

  • You catch a stale control, an expired access grant, or a coverage gap before an assessor does, because you watch the portfolio continuously, not once a quarter.

  • You translate a control requirement into the exact artifact that proves it, and you keep that mapping tight across overlapping frameworks instead of collecting the same evidence twice.

  • Bonus: FedRAMP Moderate equivalency or NIST 800-53 evidence work. GRC platforms (Vanta) or comparable continuous-compliance tooling. Cloud, GPU, or data center environments. Mapping controls across SOC 2, ISO 27001, and NIST in parallel.

Salary & Benefits

  • Competitive total compensation package (salary + equity).

  • Retirement or pension plan, in line with local norms.

  • Health, dental, and vision insurance.

  • Generous PTO policy, in line with local norms.

The base salary range for this position is $200,000 - $270,000 per year, depending on experience, skills, qualifications, and location. This range represents our good faith estimate of the compensation for this role at the time of posting. Total compensation may also include equity in the form of stock options.

We are committed to pay equity and transparency.

Fluidstack is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability and protected veterans’ status, or any other characteristic protected by law. Fluidstack will consider for employment qualified applicants with arrest and conviction records pursuant to applicable law.

You will receive a confirmation email once your application has successfully been accepted. If there is an error with your submission and you did not receive a confirmation email, please email careers@fluidstack.io with your resume/CV, the role you've applied for, and the date you submitted your application-- someone from our recruiting team will be in touch.