Shape the Future of AI Governance as a GRC Specialist at WRITER
Are you a cybersecurity professional passionate about navigating the complexities of AI governance and ensuring compliance in a rapidly evolving technological landscape? WRITER, a pioneering force in AI/AGI technologies, is seeking a talented and driven GRC Specialist to lead our governance, risk, and compliance strategy.
In this role, you'll be at the forefront of shaping how AI systems are built and deployed responsibly. You'll balance rigorous adherence to established compliance frameworks (SOC2, ISO, GDPR, HIPAA, SOX readiness, and FedRAMP strategies) with the agility required to support rapid innovation. This is your chance to make a profound impact on the development of safe, compliant, and trusted AI solutions.
What You'll Do: Own the GRC Landscape
Lead AI Regulatory Compliance: Research global AI regulations, develop proactive compliance strategies, and ensure AI development aligns with transparency, fairness, and safety requirements.
Own and Manage Compliance Programs: Oversee and enhance our existing SOC2, ISO 27001/27701/42001, GDPR, HIPAA, SOX readiness, and FedRAMP strategies.
Drive Enterprise Risk Management: Design and implement frameworks for assessing and mitigating both AI-specific and enterprise-wide risks.
Manage Third-Party Risk: Develop and maintain robust vendor risk programs for AI/ML suppliers, cloud providers, and data processors.
Champion Data Privacy: Lead privacy programs for AI training data and user information, ensuring compliance with GDPR, CCPA, and emerging data protection laws.
Coordinate Audits and Certifications: Manage internal and external audits, evidence collection, and the resolution of findings, minimizing disruption to the business.
Enable Compliance Through Partnership: Define clear compliance requirements and collaborate closely with security, engineering, and legal teams to ensure effective control implementation.
Collaboration & Ownership
You Own:
Overall compliance program strategy and management
AI regulatory compliance research and implementation
Enterprise risk management framework
Third-party risk management program
Data privacy and governance programs
Audit coordination and management
You Don't Own (but will collaborate with):
Technical implementation of security controls (owned by other security teams)
Operational security monitoring (owned by Detection & Response)
Identity and access implementations (owned by Enterprise/Corporate and Cloud/Infrastructure)
Key Partnerships:
All Security Teams: You define compliance requirements; they implement technical controls.
AI Security: Partner on AI-specific regulatory requirements and risk assessments.
Enterprise/Corporate: They implement the technical vendor assessments you define.
Legal: Collaborate on regulatory interpretation and privacy matters.
Do You Have What It Takes?
Required Experience:
8+ years of experience in governance, risk, and compliance within technology companies.
5+ years of experience managing compliance programs (SOC2 and ISO certifications required).
Demonstrated experience in emerging technology compliance, ideally with a focus on AI/ML governance.
In-depth expertise in global privacy regulations and their implementation.
Exceptional program and stakeholder management skills.
Technical Expertise:
Expert knowledge of security frameworks (SOC2, ISO, NIST, GDPR, HIPAA, FedRAMP).
Solid understanding of AI/ML technologies and their unique risk profiles.
Proficiency with GRC platforms, automation tools, and risk assessment methodologies.
Knowledge of cloud security compliance requirements.
Experience with data governance, classification, and privacy-by-design principles.
Execution & Impact:
Proven track record of building and scaling compliance programs from the ground up.
History of successfully passing audits with minimal findings.
Demonstrated ability to translate complex regulations into actionable, business-aligned programs.
A strong analytical approach to risk and compliance metrics.
Preferred Qualifications:
Experience with AI governance frameworks.
A background in technology or engineering.
Relevant certifications such as CISA, CRISC, or CIPP.
Experience with public company compliance requirements.
Knowledge of international data transfer mechanisms.
Benefits & Perks (US Full-time employees)
Generous PTO, plus company holidays
Medical, dental, and vision coverage for you and your family
Paid parental leave for all parents (12 weeks)
Fertility and family planning support
Early-detection cancer testing through Galleri
Flexible spending account and dependent FSA options
Health savings account for eligible plans with company contribution
Annual work-life stipends for:
Home office setup, cell phone, internet
Wellness stipend for gym, massage/chiropractor, personal training, etc.
Learning and development stipend
Company-wide off-sites and team off-sites
Competitive compensation, company stock options, and 401k
WRITER is an equal-opportunity employer and is committed to diversity. We don't make hiring or employment decisions based on race, color, religion, creed, gender, national origin, age, disability, veteran status, marital status, pregnancy, sex, gender expression or identity, sexual orientation, citizenship, or any other basis protected by applicable local, state or federal law. Under the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.
By submitting your application, you acknowledge and agree to WRITER's Global Candidate Privacy Notice.