Life360’s mission is to keep people close to the ones they love. Our category‑leading mobile app, Tile tracking devices, and Pet GPS tracker empower members to protect the people, pets, and things they care about most with a range of services, including location sharing, safe driver reports, and crash detection with emergency dispatch. Life360 serves approximately 95.8 million monthly active users (MAU), as of December 31, 2025, across more than 180 countries.
Life360 delivers peace of mind and enhances everyday family life with seamless coordination for all the moments that matter, big and small. By continuing to innovate and deliver for our customers, we have become a household name and the must‑have mobile‑based membership for families (and those friends who are basically family).
Life360 is a Remote‑First company, which means a remote work environment will be the primary experience for all employees. All positions, unless otherwise specified, can be performed remotely (within the US) regardless of any specified location above.
We are AI Native
We are building an AI native company where AI is an integral part of how we build and operate. AI tool usage during interviews varies by role. You may be asked to demonstrate proficiency with AI tools, discuss how you leverage AI, or complete interview exercises without AI assistance. Your Recruiter will provide clear guidance as you move through the interview process.
Undisclosed use of AI not previously discussed or approved by your Recruiter may impact your candidacy.
About The Team
The Information Security and Technology team is responsible for keeping Life360 safe — our systems, our employees, and the tens of millions of families who trust us with their location data. That obligation is the starting point. How we meet it is what makes this team different.
We are builders. Security controls that don’t get used aren’t controls. Compliance programs that create friction without reducing risk aren’t programs. We build things that work in production, earn adoption from engineering teams, and get better over time — and we use AI to do it at a scale a traditional team couldn’t.
We’re also at an inflection point. Life360 is deploying agentic systems into how we build and operate, and the security and governance implications of that are still being worked out — by us, and by the industry. The threat surface is expanding. The compliance frameworks are catching up. The people on this team aren’t waiting for either.
About the Job
Governance, Risk, and Compliance (GRC) has been on a slow progression from audit binders and manual evidence collection toward policy as code, continuous control testing, and compliance infrastructure that generates its own proof. We’re hiring someone already living at that frontier — and ready to push past it.
Life360 is mid‑transformation into an AI‑native company, which means this role has two jobs running in parallel. The first is building the technical foundation of a modern GRC program: policies version‑controlled in Git, controls that self‑test, evidence generated by integrations rather than collected by humans, and a third‑party risk management program that reflects how we actually use third parties. SOC 2, ISO 27001, and SOX anchor this work.
The second job is harder and less charted. As Life360 deploys agentic systems into how we build and operate, the policy and control landscape is shifting in real time. Major frameworks are actively working out how to account for autonomous agents, and new control sets are emerging faster than the regulations that require them. You’ll anticipate new policy requirements, adapt existing controls, and ensure our governance architecture is ready before the auditors ask.
We use AI tools as a professional standard on this team. Here’s what that means in practice.
What You’ll Do
- Own the governance framework for Life360’s agentic systems. Define the policies, control sets, and compliance posture that govern how agents are built and deployed at Life360 — and build ahead of the regulation.
- Take an agentic approach to GRC itself. Automate evidence collection, draft control narratives, triage vendor questionnaires — use AI and internal tooling to do the work humans shouldn’t be doing manually. Write the integrations and pipelines that make it real. Know where AI creates leverage, where it introduces risk, and where a human needs to stay in the loop.
- Build the policy program as code. Policies in Git, peer‑reviewed via pull request. Requirements expressed as enforceable rules and automated checks, not static PDFs. A common controls framework that satisfies SOC 2, ISO 27001, NIST CSF, and future frameworks from a single control reference — no rework.
- Drive SOC 2 Type 2, ISO 27001, and SOX ITGC end‑to‑end as management owner — managing evidence, coordinating with external assessors, and closing gaps before auditors find them. Build the automation once; satisfy three frameworks.
- Build an operational risk function, not a register. Quantitative‑leaning, FAIR‑informed, and connected to live data sources across cloud security posture, endpoint detection, vulnerability management, and asset inventory. Risk scoring that reflects current reality and is actionable at every level — from service owner to board executive leadership, with Audit Committee reporting on enterprise risk coordinated with Internal Audit.
- Mature the TPRM program. Tiered reviews by risk and data sensitivity. Automated evidence collection and agent‑based workflows that reduce friction for vendors and internal teams alike.
- Be the auditor’s primary management contact. Own scoping, walkthroughs, evidence delivery, and management responses for SOC 2, ISO 27001, and SOX ITGC.
- Build the cross‑functional relationships that make GRC work in practice. Engineering, Legal, Privacy, Internal Audit, and Procurement are all load‑bearing parts of this program.
- Maintain clear role boundaries between management’s first‑ and second‑line GRC operations and Internal Audit’s third‑line independent assurance.
What We’re Looking For
- 5+ years in GRC, security engineering, or a hybrid role where you owned both the policy and control side and the technical implementation — not one or the other.
- You build with AI tools, not just use them. You’ve used LLMs and agents in real work — drafting, code, automation, investigation — and can make judgment calls about where AI creates leverage and where it introduces risk. Experience designing or operating agentic workflows is a strong signal.
- Coding ability that ships. Python or equivalent — you can call APIs, build integrations, schedule jobs, and deploy a working pipeline without help. Show us something you built.
- You can evidence controls directly in cloud environments — identity, audit logs, configuration posture, secrets management — without relying on screenshots or system owners. You pull evidence from APIs.
- You’ve implemented, integrated, or significantly extended a modern GRC platform. You know what these platforms actually solve, where they fall short, and when to write your own code instead.
- You understand SOC 2, ISO 27001, and NIST AI RMF at the control level, not just the headers. You know how these frameworks are evolving to account for AI and agentic systems.
- You’ve worked through SOX ITGC cycles at a public company — managing evidence, walkthroughs, and findings with external auditors.
- You have built or scaled a TPRM program — designed tiering, pushed back on bad vendors, and automated parts of the assessment workflow.
- You have quantitative risk experience — owned a risk register and made it useful to engineers and executives. FAIR or equivalent methodology in real use is a strong signal.
- You have clear writing skills — policies, control narratives, audit responses, and risk statements that engineers and lawyers both understand.
- Bachelor’s degree or equivalent.
Nice to Have
- Experience taking a company through SOC 2 Type 2 or ISO 27001 certification from scratch.
- You’ve worked on the implementation side of security — engineering, operations, or incident response.
- Experience building governance frameworks for AI systems — model risk, ISO 42001, or controls around LLM and agent deployment.
Benefits
- Competitive pay and benefits
- Medical, dental, vision, life and disability insurance plans (100% paid for employees)
- 401(k) plan with company matching program
- Mental Wellness Program & Employee Assistance Program (EAP) for mental well‑being
- Flexible PTO, 13 company‑wide days off throughout the year
- Winter and Summer Weeklong Synchronized Company Shutdowns
- Equipment, tools, and reimbursement support for a productive remote environment
- Free Life360 Platinum Membership for your preferred circle
- Free Tile Products
US‑based salary range for this position is $115,500 to $213,000. Salary may vary depending on geography and experience. The compensation package includes medical, dental, vision, financial, and other benefits, as well as equity.
#J-18808-Ljbffr”, “datePosted”: “2026-05-17”, “hiringOrganization”: { “@type”: “Organization”, “name”: “Life360”, “sameAs”: “https://uk.whatjobs.com/pub_api__cpl__435471036__4861?utm_campaign=publisher&utm_medium=api&utm_source=4861” }, “jobLocation”: { “@type”: “Place”, “address”: { “@type”: “PostalAddress”, “addressLocality”: “” } } }Life360’s mission is to keep people close to the ones they love. Our category‑leading mobile app, Tile tracking devices, and Pet GPS tracker empower members to protect the people, pets, and things they care about most with a range of services, including location sharing, safe driver reports, and crash detection with emergency dispatch. Life360 serves approximately 95.8 million monthly active users (MAU), as of December 31, 2025, across more than 180 countries.
Life360 delivers peace of mind and enhances everyday family life with seamless coordination for all the moments that matter, big and small. By continuing to innovate and deliver for our customers, we have become a household name and the must‑have mobile‑based membership for families (and those friends who are basically family).
Life360 is a Remote‑First company, which means a remote work environment will be the primary experience for all employees. All positions, unless otherwise specified, can be performed remotely (within the US) regardless of any specified location above.
We are AI Native
We are building an AI native company where AI is an integral part of how we build and operate. AI tool usage during interviews varies by role. You may be asked to demonstrate proficiency with AI tools, discuss how you leverage AI, or complete interview exercises without AI assistance. Your Recruiter will provide clear guidance as you move through the interview process.
Undisclosed use of AI not previously discussed or approved by your Recruiter may impact your candidacy.
About The Team
The Information Security and Technology team is responsible for keeping Life360 safe — our systems, our employees, and the tens of millions of families who trust us with their location data. That obligation is the starting point. How we meet it is what makes this team different.
We are builders. Security controls that don’t get used aren’t controls. Compliance programs that create friction without reducing risk aren’t programs. We build things that work in production, earn adoption from engineering teams, and get better over time — and we use AI to do it at a scale a traditional team couldn’t.
We’re also at an inflection point. Life360 is deploying agentic systems into how we build and operate, and the security and governance implications of that are still being worked out — by us, and by the industry. The threat surface is expanding. The compliance frameworks are catching up. The people on this team aren’t waiting for either.
About the Job
Governance, Risk, and Compliance (GRC) has been on a slow progression from audit binders and manual evidence collection toward policy as code, continuous control testing, and compliance infrastructure that generates its own proof. We’re hiring someone already living at that frontier — and ready to push past it.
Life360 is mid‑transformation into an AI‑native company, which means this role has two jobs running in parallel. The first is building the technical foundation of a modern GRC program: policies version‑controlled in Git, controls that self‑test, evidence generated by integrations rather than collected by humans, and a third‑party risk management program that reflects how we actually use third parties. SOC 2, ISO 27001, and SOX anchor this work.
The second job is harder and less charted. As Life360 deploys agentic systems into how we build and operate, the policy and control landscape is shifting in real time. Major frameworks are actively working out how to account for autonomous agents, and new control sets are emerging faster than the regulations that require them. You’ll anticipate new policy requirements, adapt existing controls, and ensure our governance architecture is ready before the auditors ask.
We use AI tools as a professional standard on this team. Here’s what that means in practice.
What You’ll Do
- Own the governance framework for Life360’s agentic systems. Define the policies, control sets, and compliance posture that govern how agents are built and deployed at Life360 — and build ahead of the regulation.
- Take an agentic approach to GRC itself. Automate evidence collection, draft control narratives, triage vendor questionnaires — use AI and internal tooling to do the work humans shouldn’t be doing manually. Write the integrations and pipelines that make it real. Know where AI creates leverage, where it introduces risk, and where a human needs to stay in the loop.
- Build the policy program as code. Policies in Git, peer‑reviewed via pull request. Requirements expressed as enforceable rules and automated checks, not static PDFs. A common controls framework that satisfies SOC 2, ISO 27001, NIST CSF, and future frameworks from a single control reference — no rework.
- Drive SOC 2 Type 2, ISO 27001, and SOX ITGC end‑to‑end as management owner — managing evidence, coordinating with external assessors, and closing gaps before auditors find them. Build the automation once; satisfy three frameworks.
- Build an operational risk function, not a register. Quantitative‑leaning, FAIR‑informed, and connected to live data sources across cloud security posture, endpoint detection, vulnerability management, and asset inventory. Risk scoring that reflects current reality and is actionable at every level — from service owner to board executive leadership, with Audit Committee reporting on enterprise risk coordinated with Internal Audit.
- Mature the TPRM program. Tiered reviews by risk and data sensitivity. Automated evidence collection and agent‑based workflows that reduce friction for vendors and internal teams alike.
- Be the auditor’s primary management contact. Own scoping, walkthroughs, evidence delivery, and management responses for SOC 2, ISO 27001, and SOX ITGC.
- Build the cross‑functional relationships that make GRC work in practice. Engineering, Legal, Privacy, Internal Audit, and Procurement are all load‑bearing parts of this program.
- Maintain clear role boundaries between management’s first‑ and second‑line GRC operations and Internal Audit’s third‑line independent assurance.
What We’re Looking For
- 5+ years in GRC, security engineering, or a hybrid role where you owned both the policy and control side and the technical implementation — not one or the other.
- You build with AI tools, not just use them. You’ve used LLMs and agents in real work — drafting, code, automation, investigation — and can make judgment calls about where AI creates leverage and where it introduces risk. Experience designing or operating agentic workflows is a strong signal.
- Coding ability that ships. Python or equivalent — you can call APIs, build integrations, schedule jobs, and deploy a working pipeline without help. Show us something you built.
- You can evidence controls directly in cloud environments — identity, audit logs, configuration posture, secrets management — without relying on screenshots or system owners. You pull evidence from APIs.
- You’ve implemented, integrated, or significantly extended a modern GRC platform. You know what these platforms actually solve, where they fall short, and when to write your own code instead.
- You understand SOC 2, ISO 27001, and NIST AI RMF at the control level, not just the headers. You know how these frameworks are evolving to account for AI and agentic systems.
- You’ve worked through SOX ITGC cycles at a public company — managing evidence, walkthroughs, and findings with external auditors.
- You have built or scaled a TPRM program — designed tiering, pushed back on bad vendors, and automated parts of the assessment workflow.
- You have quantitative risk experience — owned a risk register and made it useful to engineers and executives. FAIR or equivalent methodology in real use is a strong signal.
- You have clear writing skills — policies, control narratives, audit responses, and risk statements that engineers and lawyers both understand.
- Bachelor’s degree or equivalent.
Nice to Have
- Experience taking a company through SOC 2 Type 2 or ISO 27001 certification from scratch.
- You’ve worked on the implementation side of security — engineering, operations, or incident response.
- Experience building governance frameworks for AI systems — model risk, ISO 42001, or controls around LLM and agent deployment.
Benefits
- Competitive pay and benefits
- Medical, dental, vision, life and disability insurance plans (100% paid for employees)
- 401(k) plan with company matching program
- Mental Wellness Program & Employee Assistance Program (EAP) for mental well‑being
- Flexible PTO, 13 company‑wide days off throughout the year
- Winter and Summer Weeklong Synchronized Company Shutdowns
- Equipment, tools, and reimbursement support for a productive remote environment
- Free Life360 Platinum Membership for your preferred circle
- Free Tile Products
US‑based salary range for this position is $115,500 to $213,000. Salary may vary depending on geography and experience. The compensation package includes medical, dental, vision, financial, and other benefits, as well as equity.
#J-18808-Ljbffr…