GRC Engineer (AI & Privacy)

About The Position

Requirements

• Bachelor's degree in Computer Science, Information Technology, or a related field.
• 3 - 5+ years of experience in a GRC, Information Security, or Cloud Security role.
• A self-starter mentality with the ability to work autonomously, manage competing priorities, and drive projects to completion in a fast-paced environment.
• Demonstrable experience implementing security controls for AI/ML systems and a strong understanding of privacy principles.
• Proficiency in a scripting language (e.g., Python) for automating compliance tasks.
• Experience with policy-as-code (PaC) concepts and tools (e.g., Open Policy Agent).
• Strong understanding of cloud infrastructure management (ie: AWS), including networking, security groups, and IAM roles.
• Proven track record of working with security and privacy frameworks such as ISO 27001, PCI DSS, SOC 2, or US Data Privacy laws.
• Excellent communication and interpersonal skills, with the ability to effectively communicate complex technical concepts to both technical and non-technical stakeholders.

Nice To Haves

• Experience with GRC and ticketing tools (Vanta, Jira) or Infrastructure-as-Code tools like Terraform.

Responsibilities

• Design, build, and maintain a comprehensive AI GRC framework, leveraging industry standards such as ISO 27001 to inform our AI governance strategy and control implementation.
• Perform technical control assessments on new and existing AI systems to identify risks, evaluate effectiveness, and advise on secure architecture and design patterns.
• Work closely with Information Security teams to support regular security audits and vulnerability assessments of AI systems.
• Translate AI policies and privacy requirements into tangible, automated technical controls, using policy-as-code principles where possible.
• Partner with Engineering and Data teams to design and validate the implementation of privacy-enhancing technologies (PETs) and data governance controls for data within our cloud environments.
• Lead the selection and management of GRC tooling to continuously monitor AI systems, automate evidence collection, and report on compliance.
• Serve as the subject matter expert and a key cross-functional partner on AI GRC.
• Work closely with Legal to intake and translate new privacy and regulatory requirements into technical solutions.
• Review new AI models and integrate governance controls directly into the MLOps lifecycle.
• Ensure security and privacy controls are consistently applied to data platforms.
• Align on technical security standards and support audits and vulnerability assessments of AI systems.
• Contribute to the overall security and data strategy, ensuring that AI governance capabilities align with business objectives.
• Stay abreast of industry trends in AI security and privacy, recommending and implementing new features and best practices.

Benefits

• Competitive pay
• Generous health and wellness benefits
• Retirement savings plans
• Parental leave