Security Risk & Compliance, Cloud & Data Centers

Anthropic•Washington, DC

4h•Hybrid

About The Position

Anthropic’s mission is to create reliable, interpretable, and steerable AI systems. We want AI to be safe and beneficial for our users and for society as a whole. Our team is a quickly growing group of committed researchers, engineers, policy experts, and business leaders working together to build beneficial AI systems. As part of the Anthropic security department, the compliance team owns understanding security and AI safety expectations, as established by regulators, customers and (nascent) industry norms (which we also seek to influence). The compliance team uses this understanding to provide direction to internal partners on the priorities of security and safety requirements they must meet. The compliance team assures regulators and customers that those expectations are met by earning security credentials and responding to direct inquiry about Anthropic's security program from auditors, customers and partners. This opportunity is unique, as we work to secure today’s most novel and valuable asset types, we must build a new kind of compliance program, assuring the safety of artificial intelligence capabilities.

Requirements

Have 8+ years of progressive experience in audit and compliance roles, with direct ownership of certification/attestation projects
Have worked in cloud-native environments and understand security and privacy considerations for multi-cloud architectures
Can translate complex compliance requirements into actionable workstreams for technical and non-technical stakeholders
Have built common controls frameworks or GRC systems that scaled with organizational growth
Write clear and useful security and privacy documentation for both external and internal audiences.
Thrive in ambiguous, fast-paced environments where you'll need to build processes from scratch
Are comfortable organizing time-bounded task management of delegated work streams across a diverse organization
Are energized by being the subject matter expert who educates the organization on new compliance requirements

Nice To Haves

Have worked in AI/ML companies and understand unique security considerations for model development and deployment
Have worked with cloud companies and understand cloud security controls and physical security requirements
Bring experience from high-growth technology companies managing rapid compliance expansion
Have some experience implementing automated enforcement of security controls (i.e., compliance as code)
Possess relevant certifications (CISA, CRISC, CISM, CISSP, or ISO 27001 Lead Auditor/Implementer)

Responsibilities

Understand how Anthropic's security and privacy capabilities across major cloud platforms implement common frameworks (e.g., NIST 800-53, NIST 800-171, ISO 27001, ISO 27701, CSA CCM, and SOC 2).
Build scalable data center and cloud compliance processes and documentation systems that will support future expansion to additional geographies and compliance frameworks.
Assess and mitigate security and operational risks, implementing corrective actions, and managing vendor compliance.
Coordinate engagements with independent assessors to earn security and privacy certifications and attestations important to Anthropic customers and enterprise partnerships, and to meet regulatory obligations.
Write, update and enact policies capturing security, privacy, and AI safety requirements.
Maintain and enhance Anthropic's system of security controls through audit readiness, recordkeeping, and cross-functional communication.