Writer

Security Engineer, GRC

Writer

full-time

Posted on:

Origin:  • 🇺🇸 United States • New York

Visit company website
AI Apply
Manual Apply

Job Level

SeniorLead

Tech Stack

Cloud

About the role

  • Overall compliance program strategy and management
  • AI regulatory compliance research and implementation
  • Enterprise risk management framework
  • Third-party risk management program
  • Data privacy and governance programs
  • Audit coordination and management
  • Technical implementation of security controls (other security teams own)
  • Operational security monitoring (Detection & Response owns)
  • Identity and access implementations (Enterprise/Corporate and Cloud/Infrastructure own)
  • With All Security Teams: You define compliance requirements; they implement technical controls
  • With AI Security: Partner on AI-specific regulatory requirements and risk assessments
  • With Enterprise/Corporate: They implement technical vendor assessments you define
  • With Legal: Collaborate on regulatory interpretation and privacy matters
  • Lead AI regulatory compliance — Research global AI regulations, develop compliance strategies, and align AI development with transparency, fairness, and safety requirements.
  • Own compliance programs — Manage SOC2, ISO 27001/27701/42001, GDPR, HIPAA, SOX readiness, and FedRAMP strategies.
  • Drive enterprise risk management — Design frameworks for assessing and mitigating AI-specific and enterprise-wide risks.
  • Manage third-party risk — Build vendor risk programs for AI/ML suppliers, cloud providers, and data processors.
  • Champion data privacy — Lead privacy programs for AI training data and user information, ensuring compliance with GDPR, CCPA, and emerging laws.
  • Coordinate audits and certifications — Oversee internal and external audits, evidence collection, and resolution of findings with minimal disruption.
  • Enable compliance through partnership — Define requirements and collaborate with security, engineering, and legal teams to implement controls.

Requirements

  • 8+ years in governance, risk, and compliance for technology companies.
  • 5+ years managing compliance programs (SOC2 and ISO certifications required).
  • Proven experience in emerging technology compliance, ideally AI/ML governance.
  • Deep expertise in global privacy regulations and implementation.
  • Strong program and stakeholder management skills.