Writer

Security Engineer, GRC

Writer

full-time

Posted on:

Origin:  • 🇺🇸 United States • California

Visit company website
AI Apply
Manual Apply

Job Level

SeniorLead

Tech Stack

Cloud

About the role

  • Lead AI regulatory compliance — Research global AI regulations, develop compliance strategies, and align AI development with transparency, fairness, and safety requirements.
  • Own compliance programs — Manage SOC2, ISO 27001/27701/42001, GDPR, HIPAA, SOX readiness, and FedRAMP strategies.
  • Drive enterprise risk management — Design frameworks for assessing and mitigating AI-specific and enterprise-wide risks.
  • Manage third-party risk — Build vendor risk programs for AI/ML suppliers, cloud providers, and data processors.
  • Champion data privacy — Lead privacy programs for AI training data and user information, ensuring compliance with GDPR, CCPA, and emerging laws.
  • Coordinate audits and certifications — Oversee internal and external audits, evidence collection, and resolution of findings with minimal disruption.
  • Enable compliance through partnership — Define requirements and collaborate with security, engineering, and legal teams to implement controls.

Requirements

  • 8+ years in governance, risk, and compliance for technology companies.
  • 5+ years managing compliance programs (SOC2 and ISO certifications required).
  • Proven experience in emerging technology compliance, ideally AI/ML governance.
  • Deep expertise in global privacy regulations and implementation.
  • Strong program and stakeholder management skills.
  • Expert in security frameworks (SOC2, ISO, NIST, GDPR, HIPAA, FedRAMP).
  • Understanding of AI/ML technologies and their unique risk profiles.
  • Proficiency with GRC platforms, automation tools, and risk assessment methods.
  • Knowledge of cloud security compliance requirements.
  • Experience with data governance, classification, and privacy-by-design.
  • Track record of building compliance programs from the ground up.
  • History of passing audits with minimal findings.
  • Proven ability to translate regulations into actionable, business-aligned programs.
  • Strong analytical approach to risk and compliance metrics.
  • Experience with AI governance frameworks.
  • Background in technology or engineering.
  • Certifications such as CISA, CRISC, CIPP.
  • Experience with public company compliance requirements.
  • Knowledge of international data transfer mechanisms.