Head of Security Risk

About The Position

Requirements

• Have 15+ years of experience in security or risk management disciplines, with at least 5-7 years in a people leadership role managing risk engineers or equivalent
• Have built, transformed, or significantly scaled a security risk management program at a high-growth technology company
• Have hands-on experience with quantitative risk analysis—including FAIR, scenario modeling, Monte Carlo simulation, or similar approaches
• Excel at engaging executives on risk decisions, translating complex technical risk scenarios into clear business-relevant recommendations
• Have established risk governance structures (risk councils, steering committees, escalation frameworks) that earned leadership trust
• Are a genuine player-coach who leads from the front on the hardest problems while developing your team’s capabilities
• Can write precise, compelling risk statements that convey technical depth while remaining accessible to diverse stakeholders
• We require at least a Bachelor's degree in a related field or equivalent experience.

Nice To Haves

• Bring deep expertise in risk assessment methodologies (NIST RMF, ISO 31000, FAIR, OCTAVE) and can adapt them to novel risk domains
• Have experience assessing AI-specific risks (model security, adversarial attacks, data pipeline integrity, prompt injection, training data provenance)
• Bring background in stress testing methodologies from financial services, critical infrastructure, or other high-stakes environments
• Have experience presenting to boards, executive risk committees, or senior leadership on enterprise risk posture
• Have experience with GRC platforms and risk management tooling (OneTrust, ServiceNow GRC, Archer, MetricStream, or similar)

Responsibilities

• Own and steer Anthropic’s security risk management program end-to-end: risk intake, triage, assessment, quantification, treatment tracking, and reporting
• Manage and develop a small team of risk engineer, setting priorities, coaching on assessment methodology, and guiding the team through complex risk scenarios
• Design and operate the risk intake and triage process for ad hoc weaknesses, vulnerabilities, and risk submissions surfaced from across the company
• Partner with leadership to facilitate an enterprise forum for escalation, risk acceptance decisions, and strategic risk discussions
• Lead risk quantification efforts including stress testing, scenario modeling, and deep dives into novel risk areas, particularly AI-specific risks with limited precedent
• Oversee the execution of periodic and ad hoc security risk assessments across infrastructure, products, operations, and vendors
• Develop executive-level risk reporting and dashboards that give leadership clear visibility into top risks, trends, and program effectiveness
• Collaborate with various teams such as Engineering, Product, Compliance, Privacy, and Legal to ensure risk assessments reflect cross-functional perspectives and align with regulatory obligations (SOC 2, ISO 27001, HIPAA, EU AI Act, FedRAMP)
• Lead the response to newly identified enterprise-level security risks, coordinating rapid assessment and escalation when needed

Benefits

• competitive compensation and benefits
• optional equity donation matching
• generous vacation and parental leave
• flexible working hours
• a lovely office space in which to collaborate with colleagues