Security GRC Specialist

About Anthropic

Anthropic’s mission is to create reliable, interpretable, and steerable AI systems. We want AI to be safe and beneficial for our users and for society as a whole. Our team is a quickly growing group of committed researchers, engineers, policy experts, and business leaders working together to build beneficial AI systems.

About the Team

As part of the Anthropic security department, the compliance team owns understanding security and AI safety expectations, as established by regulators, customers and (nascent) industry norms (which we also seek to influence). The compliance team uses this understanding to provide direction to internal partners on the priorities of security and safety requirements they must meet. The compliance team assures regulators and customers that those expectations are met by earning security credentials and responding to direct inquiry about Anthropics security program from auditors, customers and partners. This opportunity is unique, as we work to secure today’s most novel and valuable asset types, we must build a new kind of compliance program, assuring the safety of artificial intelligence capabilities.

Key Responsibilities

• Plan and lead engagements with independent assessors to earn security and privacy certifications and attestations important to Anthropic customers and enterprise partnerships, and to meet regulatory obligations.
• Understand how Anthropic’s security and privacy capabilities across major cloud platforms implement common frameworks (e.g., NIST 800-53, NIST 800-171, ISO 27001, ISO 27701, CSA CCM, and SOC 2).
• Build scalable audit management processes and documentation systems that will support future expansion to additional geographies and compliance frameworks.
• Write, update and enact policies capturing security, privacy, and AI safety requirements.
• Maintain and enhance Anthropic’s system of security controls through audit readiness, recordkeeping, and cross-functional communication.

Requirements

• Have 8+ years of progressive experience in audit and compliance roles, with direct ownership of certification/attestation projects.
• Have worked in cloud-native environments and understand security and privacy considerations for multi-cloud architectures.
• Can translate complex compliance requirements into actionable workstreams for technical and non-technical stakeholders.
• Have built common controls frameworks or GRC systems that scaled with organizational growth.
• Write clear and useful security and privacy documentation for both external and internal audiences.
• Thrive in ambiguous, fast-paced environments where you’ll need to build processes from scratch.
• Are comfortable organizing time-bounded task management of delegated work streams across a diverse organization.
• Are energized by being the subject matter expert who educates the organization on new compliance requirements.

Strong candidates may also

• Have worked in AI/ML companies and understand unique security considerations for model development.