# Security Controls Assurance Lead

**Company:** [Anthropic](https://hotfix.jobs/companies/anthropic)
**Location:** San Francisco, CA, New York, NY, Washington, DC
**Role:** Security Engineering
**Salary:** $345k – $345k/yr
**Experience:** 7+ years
**Skills:** Python, Go, Rust, C++, Terraform, CI/CD, SOC 2, ISO 27001, FedRAMP, Sox, HIPAA, Security Controls, Compliance Frameworks, Audit, Risk Management
**Posted:** 2026-06-08

> Lead security controls assurance for AI systems, defining control frameworks and requirements for autonomous AI operators while collaborating with engineering to validate implementations against compliance standards.

## Job Description

## Key Responsibilities
- Define the control framework and requirements for autonomous AI operators in collaboration with Security, Internal Audit, and Engineering, including change review and approvals, human-in-the-loop, and evidence collection. Assess implementations against those requirements.
- Pressure-test major infrastructure, system, and agent framework changes for control impact during design, before decisions become expensive rework.
- Set the compliance bar for home-built systems. Collaborate with teams to define what the internal system must provide from day one, such as auditability, segregation of duties, and change control over the tool itself.
- Define the criteria for where and when AI can operate, supplement, or replace a manual process or control, including the human-in-the-loop thresholds and evidence documentation.
- Establish the validation, evidence, and governance standards that allow AI-performed and AI-assisted processes and controls to withstand external audit and regulatory scrutiny.
- Assess the introduction of new compliance frameworks and changes in scope (new regulations, certifications, products, or entities), providing a sufficient technical and compliance lens on their impact to control design, evidence requirements, and engineering effort before commitments are made.
- Stand up or advise on audit workflows for the assurance team, including Claude-driven control testing, automated evidence collection, walkthrough preparation, and framework mapping against our common controls framework, materially raising automated evidence coverage and cutting audit prep time.

## Minimum Qualifications
- Thrive at the pace of a hypergrowth company. Comfortable making calls with incomplete information and reprioritizing as scope shifts.
- Have supported technology control programs through SOX readiness or as a public company or with equivalent rigor (FedRAMP, large multi-framework SOC 2/ISO portfolios).
- Have genuine engineering fluency: can read code and Terraform, follow a CI/CD pipeline end to end, and challenge a design on its technical merits.
- Have programming skills in Python or at least one systems language such as Go, Rust, or C/C++.
- Have deep familiarity with developer platform, release engineering, or infrastructure control domains.
- Are a strong collaborator and communicator.
- Use Claude and other LLMs as daily working tools, and have grounded, specific views on which audit and assurance workflows AI can run today and which it can't yet.
- Translate framework and regulatory language into acceptance criteria engineers can build against, and translate engineering reality back into assurance language auditors and leadership can rely on.
- Default to getting the requirement designed into the system rather than papering over the gap with procedure.

## Preferred Qualifications
- Have a combination of audit or advisory experience (Big 4 or equivalent) with in-house experience at an AI-forward tech company — in either order.
- Have defined or assessed controls for AI/ML systems or agents acting in production environments.
- Have stood up continuous controls monitoring or automated evidence programs.

## Education
- Bachelor’s degree or an equivalent combination of education, training, and/or experience in a field relevant to the role.

## Similar roles

- [Global Detection and Response Lead](https://hotfix.jobs/jobs/6d9a0a44-c862-4405-b033-2bdc3b6f9d67) - OpenAI - San Francisco, CA - $347k – $490k/yr
- [Threat Modeler, Preparedness](https://hotfix.jobs/jobs/a179d21d-c672-4486-86d9-fd85a7c889fb) - OpenAI - San Francisco, CA - $325k – $325k/yr
- [Platform Security Engineering, Auditor](https://hotfix.jobs/jobs/ee5121f3-cbff-45bf-9335-946d6eb1d61a) - Anthropic - San Francisco, CA - $320k – $405k/yr
- [Senior Software Security Engineer](https://hotfix.jobs/jobs/a0646fdd-a06a-40ae-a341-73b3d9b00c06) - Anthropic - San Francisco, CA - $320k – $405k/yr
- [Security Labs Engineer](https://hotfix.jobs/jobs/050b2e99-6587-48ba-8bcc-528c5cd11647) - Anthropic - San Francisco, CA - $320k – $405k/yr

**Apply:** https://hotfix.jobs/jobs/fbc8f677-a286-4849-b49c-3029aacd6110
**Canonical:** https://hotfix.jobs/jobs/fbc8f677-a286-4849-b49c-3029aacd6110