Security Risk & Compliance (AI)

TL;DR

Security Risk & Compliance (AI): Building and maintaining a new kind of compliance program for AI safety, ensuring security and AI safety expectations are met for regulators and customers. Focus on scaling compliance processes across cloud platforms and data centers, coordinating with independent assessors, and implementing security controls.

Location: Currently, all staff are expected to be in one of our offices (San Francisco, CA | New York City, NY | Seattle, WA; Washington, DC) at least 25% of the time.

Salary: $255,000 - $345,000 USD

Company

hirify.global’s mission is to create reliable, interpretable, and steerable AI systems, ensuring AI is safe and beneficial for users and society.

What you will do

• Understand hirify.global's security and privacy capabilities across major cloud platforms, implementing common frameworks.
• Build scalable data center and cloud compliance processes and documentation systems to support future expansion.
• Assess and mitigate security and operational risks, implementing corrective actions, and managing vendor compliance.
• Coordinate engagements with independent assessors to earn security and privacy certifications and attestations.
• Write, update, and enact policies capturing security, privacy, and AI safety requirements.
• Maintain and enhance hirify.global's system of security controls through audit readiness, recordkeeping, and cross-functional communication.

Requirements

• 8+ years of progressive experience in audit and compliance roles, with direct ownership of certification/attestation projects
• Experience working in cloud-native environments and understanding security and privacy considerations for multi-cloud architectures
• Ability to translate complex compliance requirements into actionable workstreams for technical and non-technical stakeholders
• Experience building common controls frameworks or GRC systems that scaled with organizational growth
• Ability to write clear and useful security and privacy documentation for both external and internal audiences.
• Comfortable thriving in ambiguous, fast-paced environments where you'll need to build processes from scratch

Nice to have

• Experience working in AI/ML companies and understanding unique security considerations for model development and deployment
• Experience working with cloud companies and understanding cloud security controls and physical security requirements
• Experience from high-growth technology companies managing rapid compliance expansion
• Experience implementing automated enforcement of security controls (i.e., compliance as code)
• Possess relevant certifications (CISA, CRISC, CISM, CISSP, or ISO 27001 Lead Auditor/Implementer)

Culture & Benefits

• Competitive compensation and benefits.
• Optional equity donation matching.
• Generous vacation and parental leave.
• Flexible working hours.
• Lovely office space in which to collaborate with colleagues.

Hiring process

• Applications will be received on a rolling basis.