Security engineer, GRC

📐 About this role

WRITER is seeking a GRC Specialist to shape and lead our governance, risk, and compliance strategy for the AI era.

As we pioneer AI/AGI technologies, we face a fast-changing regulatory landscape alongside established compliance frameworks. This role calls for a compliance leader who can balance rigorous adherence to standards with the flexibility to support rapid innovation. You’ll research emerging AI regulations, design scalable compliance programs, and manage risk in a way that accelerates—rather than hinders—our growth.

You’ll own the end-to-end compliance strategy for WRITER, covering everything from SOC2, ISO, and GDPR to emerging AI governance requirements, while partnering with technical and legal teams to ensure controls are implemented effectively. If you can translate complex regulatory obligations into practical, business-aligned programs, you’ll have a profound impact on how WRITER builds safe, compliant, and trusted AI systems.

Role Boundaries & Collaboration

What You Own (Responsible)

• Overall compliance program strategy and management

• AI regulatory compliance research and implementation

• Enterprise risk management framework

• Third-party risk management program

• Data privacy and governance programs

• Audit coordination and management

What You Don't Own (Others Lead)

• Technical implementation of security controls (other security teams own)

• Operational security monitoring (Detection & Response owns)

• Identity and access implementations (Enterprise/Corporate and Cloud/Infrastructure own)

Key Partnerships

• With All Security Teams: You define compliance requirements; they implement technical controls

• With AI Security: Partner on AI-specific regulatory requirements and risk assessments

• With Enterprise/Corporate: They implement technical vendor assessments you define

• With Legal: Collaborate on regulatory interpretation and privacy matters

🦸🏻‍♀️ Your responsibilities

• Lead AI regulatory compliance — Research global AI regulations, develop compliance strategies, and align AI development with transparency, fairness, and safety requirements.

• Own compliance programs — Manage SOC2, ISO 27001/27701/42001, GDPR, HIPAA, SOX readiness, and FedRAMP strategies.

• Drive enterprise risk management — Design frameworks for assessing and mitigating AI-specific and enterprise-wide risks.

• Manage third-party risk — Build vendor risk programs for AI/ML suppliers, cloud providers, and data processors.

• Champion data privacy — Lead privacy programs for AI training data and user information, ensuring compliance with GDPR, CCPA, and emerging laws.

• Coordinate audits and certifications — Oversee internal and external audits, evidence collection, and resolution of findings with minimal disruption.

• Enable compliance through partnership — Define requirements and collaborate with security, engineering, and legal teams to implement controls.

⭐️ Is this you?

Required Experience

• 8+ years in governance, risk, and compliance for technology companies.

• 5+ years managing compliance programs (SOC2 and ISO certifications required).

• Proven experience in emerging technology compliance, ideally AI/ML governance.

• Deep expertise in global privacy regulations and implementation.

• Strong program and stakeholder management skills.

Technical Expertise

• Expert in security frameworks (SOC2, ISO, NIST, GDPR, HIPAA, FedRAMP).

• Understanding of AI/ML technologies and their unique risk profiles.

• Proficiency with GRC platforms, automation tools, and risk assessment methods.

• Knowledge of cloud security compliance requirements.

• Experience with data governance, classification, and privacy-by-design.

Execution & Impact

• Track record of building compliance programs from the ground up.

• History of passing audits with minimal findings.

• Proven ability to translate regulations into actionable, business-aligned programs.

• Strong analytical approach to risk and compliance metrics.

Preferred Qualifications

• Experience with AI governance frameworks.

• Background in technology or engineering.

• Certifications such as CISA, CRISC, CIPP.

• Experience with public company compliance requirements.

• Knowledge of international data transfer mechanisms.

🍩 Benefits & perks (US Full-time employees)

• Generous PTO, plus company holidays

• Medical, dental, and vision coverage for you and your family

• Paid parental leave for all parents (12 weeks)

• Fertility and family planning support

• Early-detection cancer testing through Galleri

• Flexible spending account and dependent FSA options

• Health savings account for eligible plans with company contribution

• Annual work-life stipends for:

  • Home office setup, cell phone, internet

  • Wellness stipend for gym, massage/chiropractor, personal training, etc.

  • Learning and development stipend

• Company-wide off-sites and team off-sites

• Competitive compensation, company stock options and 401k

WRITER is an equal-opportunity employer and is committed to diversity. We don't make hiring or employment decisions based on race, color, religion, creed, gender, national origin, age, disability, veteran status, marital status, pregnancy, sex, gender expression or identity, sexual orientation, citizenship, or any other basis protected by applicable local, state or federal law. Under the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.

By submitting your application on the application page, you acknowledge and agree to WRITER's Global Candidate Privacy Notice.