Member of GRC Staff
About the role
We are building AI to simulate the world through merging art and science. This role combines traditional information security compliance with the unique challenges of ensuring safe and responsible AI system development.
Responsibilities
- Design and implement a comprehensive GRC framework that addresses both traditional security controls and novel AI safety considerations
- Lead engagements with external auditors and assessors to obtain and maintain critical security certifications (SOC 2, ISO 27001/27701/42001, FedRAMP, etc.)
- Own and help fulfill GDPR data subject requests, including access (DSARs) and erasure/deletion requests that involve coordinating with Legal, Support, and engineering on data sourcing and response workflows
- Review and redline the security and data protection terms of customer and vendor contracts (TOMs, DPAs, MSAs) in partnership with Legal
- Partner with AI research teams to develop and implement appropriate safeguards and controls for machine learning systems
- Create and maintain security policies, standards, and procedures that balance innovation with appropriate risk management
- Maintain AI governance documentation and internal AI usage guidelines, monitoring changes from model and AI tool providers (e.g., retention and data-use terms) and reconciling them into company policy
- Develop and oversee security awareness and training programs across the organization
- Drive continuous improvement of security controls and risk management processes
- Serve as a key advisor to leadership on security, privacy, and AI safety matters
- Manage relationships with customers, auditors, and other external stakeholders
Requirements
7+ years of experience in information security, risk management, or compliance roles
Deep understanding of security frameworks and standards (NIST, ISO 27001, SOC 2)
Hands-on experience running SOC 2 Type II and ISO 27001 audits
Experience building compliance programs in fast-paced technology environments
Strong knowledge of privacy regulations and requirements (GDPR, CCPA) including operational experience handling data subject access and deletion requests
Experience completing customer security questionnaires and supporting Sales on security due diligence
Excellent communication skills with ability to effectively engage technical and non-technical stakeholders
Experience with cloud security and modern development practices
Understanding of machine learning concepts and AI development workflows
Qualifications
Preferred Qualifications:
- Experience in AI/ML company or research organization
- Experience with AI safety and ethics frameworks
- Background in implementing automated security controls