Shape the Future of AI Governance as a GRC Specialist at WRITER
Are you a cybersecurity professional passionate about navigating the complexities of governance, risk, and compliance in the rapidly evolving world of AI? WRITER is seeking a talented GRC Specialist to lead our GRC strategy and ensure we build safe, compliant, and trusted AI systems.
As we pioneer cutting-edge AI/AGI technologies, we're committed to staying ahead of the curve in a dynamic regulatory landscape. This role offers the exciting challenge of balancing rigorous adherence to established compliance frameworks with the agility to support rapid innovation. You'll be at the forefront, researching emerging AI regulations, designing scalable compliance programs, and proactively managing risk to fuel our growth.
This is your opportunity to own the end-to-end compliance strategy for WRITER, covering established standards like SOC2, ISO (27001, 27701, 42001), and GDPR, as well as emerging AI governance requirements. You'll collaborate closely with our technical and legal teams to ensure effective implementation of controls and play a pivotal role in shaping the future of responsible AI development.
Your Mission:
Lead AI Regulatory Compliance: Research global AI regulations, develop cutting-edge compliance strategies, and ensure our AI development aligns with the highest standards of transparency, fairness, and safety.
Own and Manage Compliance Programs: Take ownership of key compliance programs, including SOC2, ISO 27001/27701/42001, GDPR, HIPAA, SOX readiness, and FedRAMP strategies.
Drive Enterprise Risk Management: Design and implement robust frameworks for assessing and mitigating both AI-specific and enterprise-wide risks.
Manage Third-Party Risk: Develop and maintain a comprehensive vendor risk management program for AI/ML suppliers, cloud providers, and data processors.
Champion Data Privacy: Lead our data privacy programs for AI training data and user information, ensuring compliance with GDPR, CCPA, and emerging privacy regulations.
Coordinate Audits and Certifications: Oversee internal and external audits, manage evidence collection, and drive the resolution of findings with minimal disruption to operations.
Enable Compliance Through Partnership: Define clear compliance requirements and collaborate effectively with security, engineering, and legal teams to ensure seamless control implementation.
What You'll Own:
Overall compliance program strategy and management
AI regulatory compliance research and implementation
Enterprise risk management framework
Third-party risk management program
Data privacy and governance programs
Audit coordination and management
What You Won't Own (Responsibilities of Others):
Technical implementation of security controls (handled by other security teams)
Operational security monitoring (handled by Detection & Response team)
Identity and access implementations (handled by Enterprise/Corporate and Cloud/Infrastructure teams)
Key Partnerships:
With All Security Teams: You define the compliance requirements; they implement the technical controls.
With AI Security: Collaborate on AI-specific regulatory requirements and comprehensive risk assessments.
With Enterprise/Corporate: They implement technical vendor assessments based on your defined requirements.
With Legal: Partner on regulatory interpretation and critical privacy matters.
Do You Have What It Takes?
We're looking for a GRC expert with a passion for cybersecurity and a deep understanding of the AI landscape. If you meet the following requirements, we encourage you to apply:
Required Experience:
8+ years of experience in governance, risk, and compliance for technology companies.
5+ years of experience managing compliance programs, with SOC2 and ISO certifications being essential.
Proven experience in emerging technology compliance, ideally with a focus on AI/ML governance.
Deep expertise in global privacy regulations and their practical implementation.
Exceptional program and stakeholder management skills.
Technical Expertise:
Expert-level knowledge of security frameworks, including SOC2, ISO (various standards), NIST, GDPR, HIPAA, and FedRAMP.
A solid understanding of AI/ML technologies and their associated unique risk profiles.
Proficiency in utilizing GRC platforms, automation tools, and risk assessment methodologies.
In-depth knowledge of cloud security compliance requirements.
Hands-on experience with data governance, classification, and privacy-by-design principles.
Execution & Impact:
A proven track record of building successful compliance programs from the ground up.
A consistent history of passing audits with minimal findings.
Demonstrated ability to translate complex regulations into actionable, business-aligned programs.
A strong analytical approach to risk and compliance metrics.
Preferred Qualifications:
Experience with established AI governance frameworks.
A background in technology or engineering.
Relevant certifications such as CISA, CRISC, or CIPP.
Experience with public company compliance requirements.
Knowledge of international data transfer mechanisms.
Benefits & Perks (US Full-time employees):
Generous PTO, plus company holidays
Medical, dental, and vision coverage for you and your family
Paid parental leave for all parents (12 weeks)
Fertility and family planning support
Early-detection cancer testing through Galleri
Flexible spending account and dependent FSA options
Health savings account for eligible plans with company contribution
Annual work-life stipends for:
Home office setup, cell phone, internet
Wellness stipend for gym, massage/chiropractor, personal training, etc.
Learning and development stipend
Company-wide off-sites and team off-sites
Competitive compensation, company stock options and 401k
WRITER is an equal-opportunity employer and is committed to diversity. We don't make hiring or employment decisions based on race, color, religion, creed, gender, national origin, age, disability, veteran status, marital status, pregnancy, sex, gender expression or identity, sexual orientation, citizenship, or any other basis protected by applicable local, state or federal law. Under the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.
By submitting your application on the application page, you acknowledge and agree to WRITER's Global Candidate Privacy Notice.