Shape the Future of AI Governance as a GRC Specialist
WRITER is at the forefront of AI innovation, and we're looking for a passionate and experienced GRC Specialist to lead our governance, risk, and compliance strategy. This isn't just about checking boxes; it's about building a secure and compliant foundation for the future of AI.
As AI/AGI technologies rapidly evolve, so does the regulatory landscape. You'll play a critical role in navigating these changes, balancing rigorous adherence to established standards (SOC2, ISO, GDPR, HIPAA, SOX readiness, and FedRAMP) with the agility needed to support rapid innovation. You'll be researching emerging AI regulations, designing scalable compliance programs, and managing risk in a way that empowers our growth.
Own the end-to-end compliance strategy, partner with technical and legal teams, and translate complex regulatory obligations into practical, business-aligned programs. Your work will have a direct impact on how WRITER builds safe, compliant, and trusted AI systems.
Your Mission:
AI Regulatory Pioneer: Research global AI regulations, develop compliance strategies, and ensure AI development aligns with transparency, fairness, and safety requirements.
Compliance Program Architect: Own and manage critical compliance programs including SOC2, ISO 27001/27701/42001, GDPR, HIPAA, SOX readiness, and FedRAMP strategies.
Risk Management Strategist: Design frameworks for assessing and mitigating AI-specific and enterprise-wide risks.
Third-Party Risk Guardian: Build and manage vendor risk programs for AI/ML suppliers, cloud providers, and data processors.
Data Privacy Champion: Lead data privacy programs for AI training data and user information, ensuring compliance with GDPR, CCPA, and emerging laws.
Audit and Certification Maestro: Oversee internal and external audits, evidence collection, and resolution of findings with minimal disruption.
Compliance Enablement Partner: Define requirements and collaborate with security, engineering, and legal teams to seamlessly integrate compliance into our processes.
What You'll Own:
Overall compliance program strategy and management
AI regulatory compliance research and implementation
Enterprise risk management framework
Third-party risk management program
Data privacy and governance programs
Audit coordination and management
What You Won't Own:
Technical implementation of security controls (other security teams own)
Operational security monitoring (Detection & Response owns)
Identity and access implementations (Enterprise/Corporate and Cloud/Infrastructure own)
Key Partnerships:
All Security Teams: You define compliance requirements; they implement technical controls.
AI Security: Partner on AI-specific regulatory requirements and risk assessments.
Enterprise/Corporate: They implement technical vendor assessments you define.
Legal: Collaborate on regulatory interpretation and privacy matters.
Do You Have What It Takes?
Required Experience:
8+ years in governance, risk, and compliance for technology companies.
5+ years managing compliance programs (SOC2 and ISO certifications required).
Proven experience in emerging technology compliance, ideally AI/ML governance.
Deep expertise in global privacy regulations and implementation.
Strong program and stakeholder management skills.
Technical Expertise:
Expert in security frameworks (SOC2, ISO, NIST, GDPR, HIPAA, FedRAMP).
Understanding of AI/ML technologies and their unique risk profiles.
Proficiency with GRC platforms, automation tools, and risk assessment methods.
Knowledge of cloud security compliance requirements.
Experience with data governance, classification, and privacy-by-design.
Execution & Impact:
Track record of building compliance programs from the ground up.
History of passing audits with minimal findings.
Proven ability to translate regulations into actionable, business-aligned programs.
Strong analytical approach to risk and compliance metrics.
Preferred Qualifications:
Experience with AI governance frameworks.
Background in technology or engineering.
Certifications such as CISA, CRISC, CIPP.
Experience with public company compliance requirements.
Knowledge of international data transfer mechanisms.
Perks & Benefits (UK Full-Time Employees):
Generous PTO, plus company holidays
Comprehensive medical and dental insurance
Paid parental leave for all parents (12 weeks)
Fertility and family planning support
Early-detection cancer testing through Galleri
Competitive pension scheme and company contribution
Annual work-life stipends for:
Home office setup, cell phone, internet
Wellness stipend for gym, massage/chiropractor, personal training, etc.
Learning and development stipend
Company-wide off-sites and team off-sites
Competitive compensation and company stock options
If you're a passionate GRC professional ready to tackle the unique challenges and opportunities of AI governance, we encourage you to apply! Join us in building the future of safe and trusted AI.