Support and maintain security and compliance programs aligned with frameworks such as NIST, ISO, PCI DSS, and HIPAA
Assist in maintaining alignment with global privacy regulations (GDPR, CCPA, and similar frameworks)
Assist in the development, implementation, and maintenance of security, privacy, and AI governance policies, standards, and procedures
Coordinate and support internal and external audits (e.g., SOX, PCI DSS, SOC 2, ISO, HIPAA)
Track and manage remediation efforts for identified risks, control gaps, and audit findings
Support third-party risk management processes, including vendor assessments for AI/ML and data processing providers
Partner with engineering, data, and AI/ML teams to ensure secure and compliant system and model lifecycle practices
Maintain and improve GRC tooling (e.g., AuditBoard, Vanta, or similar platforms)
Monitor regulatory and framework changes (U.S. and international), including emerging AI governance requirements
Develop and maintain risk registers, control matrices, and compliance documentation
Conduct risk assessments, including technology, security, privacy, and AI/ML model risk evaluations
Assist with security, privacy, and responsible AI awareness and training initiatives
Provide reporting and metrics on risk posture, compliance status, and AI governance maturity

Requirements

Bachelor’s degree in Cybersecurity, Information Security, Information Technology/Systems, or related field
3–5 years of experience in GRC, security compliance, risk management, audit, or related field
Experience supporting audits and compliance assessments
Experience with third-party/vendor risk management
Familiarity with data governance principles (classification, retention, lineage)
Thorough understanding of risk management methodologies and control frameworks
Strong communication, documentation, organizational, and analytical skills
Ability to communicate security, privacy, and AI risk concepts to technical and non-technical stakeholders
Working knowledge of core frameworks: NIST CSF, PCI DSS, HIPAA, ISO 27001/27002, and global privacy regulations (GDPR, CCPA)
Foundational understanding of AI/ML systems and associated governance, risk, and compliance considerations (NIST AI RMF, ISO 42001)
Familiarity with cloud environments (AWS primary, Google Workspace/MS Azure preferred) and modern SaaS architectures
Experience with GRC tools (AuditBoard, Vanta, Drata, Archer, ServiceNow GRC, or similar) and ticketing/workflow/documentation tools (Jira, Freshservice, Confluence, GitHub, etc.)

Benefits

Competitive salary & equity compensation for full-time roles
Unlimited PTO, company holidays, and quarterly mental health days
Comprehensive health benefits including medical, dental & vision, and parental leave
Employee Stock Purchase Program (ESPP)
401k benefits with employer matching contribution
Offsite team retreats

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

GRCsecurity compliancerisk managementauditdata governancerisk assessmentsAI governancecontrol frameworksthird-party risk managementAI/ML model risk evaluations

Soft Skills

communicationdocumentationorganizationalanalyticalstakeholder engagementtrainingreportingmetrics analysisproblem-solvingcollaboration