Member of GRC Staff
Contribute to governance, risk, and compliance programs for an AI company, combining traditional security compliance with AI safety. Lead audits, manage privacy requests, and partner with research teams on responsible AI development.
What you’ll do
- Design and implement a comprehensive GRC framework that addresses both traditional security controls and novel AI safety considerations
- Lead engagements with external auditors and assessors to obtain and maintain critical security certifications (SOC 2, ISO 27001/27701/42001, FedRAMP, etc.)
- Own and help fulfill GDPR data subject requests, including access (DSARs) and erasure/deletion requests that involve coordinating with Legal, Support, and engineering on data sourcing and response workflows
- Review and redline the security and data protection terms of customer and vendor contracts (TOMs, DPAs, MSAs) in partnership with Legal
- Partner with AI research teams to develop and implement appropriate safeguards and controls for machine learning systems
- Create and maintain security policies, standards, and procedures that balance innovation with appropriate risk management
- Maintain AI governance documentation and internal AI usage guidelines, monitoring changes from model and AI tool providers (e.g., retention and data-use terms) and reconciling them into company policy
- Develop and oversee security awareness and training programs across the organization
- Drive continuous improvement of security controls and risk management processes
- Serve as a key advisor to leadership on security, privacy, and AI safety matters
- Manage relationships with customers, auditors, and other external stakeholders
What you’ll need
- 7+ years of experience in information security, risk management, or compliance roles
- Deep understanding of security frameworks and standards (NIST, ISO 27001, SOC 2)
- Hands-on experience running SOC 2 Type II and ISO 27001 audits
- Experience building compliance programs in fast-paced technology environments
- Strong knowledge of privacy regulations and requirements (GDPR, CCPA) including operational experience handling data subject access and deletion requests
- Experience completing customer security questionnaires and supporting Sales on security due diligence
- Excellent communication skills with ability to effectively engage technical and non-technical stakeholders
- Experience with cloud security and modern development practices
- Understanding of machine learning concepts and AI development workflows
Preferred Qualifications
- Experience in AI/ML company or research organization
- Experience with AI safety and ethics frameworks
- Background in implementing automated security controls
Director of Compliance
Hands-on compliance leader managing trade surveillance, CFTC regulatory inquiries, and cross-functional compliance operations at a CFTC-regulated DCM/DCO exchange. Requires 8-12 years of experience with CFTC-regulated entities and strong knowledge of Parts 38, 39, 16, and 17.
Product Counsel
Product Counsel providing day-to-day legal guidance on U.S. payments and regulatory matters for a payouts platform, partnering with Product, Engineering, and Compliance teams. Requires 4-6 years of legal experience with fintech/payments regulatory knowledge.
Senior Employment Counsel - Americas
Senior employment attorney advising on all employment matters across the Americas while supporting commercial and IP legal work. Requires 8+ years focused on U.S. employment law and New York Bar admission.