Skip to content
RunwayRunwayUnited States

Member of GRC Staff

Contribute to governance, risk, and compliance programs for an AI company, combining traditional security compliance with AI safety. Lead audits, manage privacy requests, and partner with research teams on responsible AI development.

150k – 210k/yr
Remote7+ YOELegal

About the role

What you’ll do

  • Design and implement a comprehensive GRC framework that addresses both traditional security controls and novel AI safety considerations
  • Lead engagements with external auditors and assessors to obtain and maintain critical security certifications (SOC 2, ISO 27001/27701/42001, FedRAMP, etc.)
  • Own and help fulfill GDPR data subject requests, including access (DSARs) and erasure/deletion requests that involve coordinating with Legal, Support, and engineering on data sourcing and response workflows
  • Review and redline the security and data protection terms of customer and vendor contracts (TOMs, DPAs, MSAs) in partnership with Legal
  • Partner with AI research teams to develop and implement appropriate safeguards and controls for machine learning systems
  • Create and maintain security policies, standards, and procedures that balance innovation with appropriate risk management
  • Maintain AI governance documentation and internal AI usage guidelines, monitoring changes from model and AI tool providers (e.g., retention and data-use terms) and reconciling them into company policy
  • Develop and oversee security awareness and training programs across the organization
  • Drive continuous improvement of security controls and risk management processes
  • Serve as a key advisor to leadership on security, privacy, and AI safety matters
  • Manage relationships with customers, auditors, and other external stakeholders

What you’ll need

  • 7+ years of experience in information security, risk management, or compliance roles
  • Deep understanding of security frameworks and standards (NIST, ISO 27001, SOC 2)
  • Hands-on experience running SOC 2 Type II and ISO 27001 audits
  • Experience building compliance programs in fast-paced technology environments
  • Strong knowledge of privacy regulations and requirements (GDPR, CCPA) including operational experience handling data subject access and deletion requests
  • Experience completing customer security questionnaires and supporting Sales on security due diligence
  • Excellent communication skills with ability to effectively engage technical and non-technical stakeholders
  • Experience with cloud security and modern development practices
  • Understanding of machine learning concepts and AI development workflows

Preferred Qualifications

  • Experience in AI/ML company or research organization
  • Experience with AI safety and ethics frameworks
  • Background in implementing automated security controls

Skills

NistISO 27001SOC 2GDPRCCPAFedRAMPCloud SecurityMachine LearningAi SafetyRisk Management

Similar roles

Legal jobs
Rokt

Staff Attorney

RoktNew York, NY

Staff Attorney advising commercial and operational teams on contract drafting, negotiation, and legal risk for a global ecommerce platform. Requires JD, US bar admission, and strong AI/tooling fluency.

153k – 174k/yr
On-siteLegal
Upstart

Assistant General Counsel

UpstartUnited States

Serve as primary legal partner for Upstart's HELOC product, providing strategic counsel on consumer lending laws, mortgage regulations, product development, and regulatory risk to support launch, scaling, and transition to national bank partnership. Requires JD, 10+ years experience in real estate secured lending, and deep expertise in TILA/RESPA/ECOA and related laws.

239k – 331k/yr
Remote10+ YOELegal
OpenAI

Counsel, AI Product

OpenAISan Francisco, CA

Provides legal counsel to AI product teams on regulatory, copyright, privacy, and commerce risks for advanced models like ChatGPT and agentic systems. Requires 10+ years experience, JD with CA bar, and strong judgment in ambiguous tech scenarios.

248k – 330k/yr
Hybrid10+ YOELegal
OpenAI

Business Affairs Manager

OpenAISan Francisco, CA

Own Business Affairs workstreams for OpenAI Hardware marketing projects, managing rights, clearances, contracts, and risk from concept through launch. Requires 12+ years of BA experience in fast-paced advertising/marketing environments.

266k – 295k/yr
Hybrid12+ YOELegal
Anthropic

Legal Program Manager, Compute & Infrastructure

AnthropicSan Francisco, CA +1

Manage high-volume procurement and vendor contracting for compute and infrastructure, owning CLM systems, intake workflows, templates, and metrics to scale contracting throughput.

285k – 340k/yr
Hybrid10+ YOELegal