Cloud & Data Center Security Risk and Compliance

About Anthropic

Anthropic’s mission is to create reliable, interpretable, and steerable AI systems. We want AI to be safe and beneficial for our users and for society as a whole. Our team is a quickly growing group of committed researchers, engineers, policy experts, and business leaders working together to build beneficial AI systems.

About The Team

As part of the Anthropic security department, the compliance team owns understanding security and AI safety expectations, as established by regulators, customers and (nascent) industry norms (which we also seek to influence). The compliance team uses this understanding to provide direction to internal partners on the priorities of security and safety requirements they must meet. The compliance team assures regulators and customers that those expectations are met by earning security credentials and responding to direct inquiry about Anthropic's security program from auditors, customers and partners.

This opportunity is unique, as we work to secure today’s most novel and valuable asset types, we must build a new kind of compliance program, assuring the safety of artificial intelligence capabilities.

Responsibilities

• Understand how Anthropic's security and privacy capabilities across major cloud platforms implement common frameworks (e.g., NIST 800-53, NIST 800-171, ISO 27001, ISO 27701, CSA CCM, and SOC 2).
• Build scalable data center and cloud compliance processes and documentation systems that will support future expansion to additional geographies and compliance frameworks.
• Assess and mitigate security and operational risks, implementing corrective actions, and managing vendor compliance.
• Coordinate engagements with independent assessors to earn security and privacy certifications and attestations important to Anthropic customers and enterprise partnerships, and to meet regulatory obligations.
• Write, update and enact policies capturing security, privacy, and AI safety requirements.
• Maintain and enhance Anthropic's system of security controls through audit readiness, recordkeeping, and cross-functional communication.

You May Be a Good Fit If You

• Have 8+ years of progressive experience in audit and compliance roles, with direct ownership of certification/attestation projects.
• Have worked in cloud-native environments and understand security and privacy considerations for multi-cloud architectures.
• Can translate complex compliance requirements into actionable workstreams for technical and non-technical stakeholders.
• Have built common controls frameworks or GRC systems that scaled with organizational growth.
• Write clear and useful security and privacy documentation for both external and internal audiences.
• Thrive in ambiguous, fast-paced environments where you'll need to build processes from scratch.
• Are comfortable organizing time-bounded task management of delegated work streams across a diverse organization.
• Are energized by being the subject matter expert who educates the organization on new compliance requirements.

Strong Candidates May Also

• Have worked in AI/ML companies and understand unique security considerations for model development and deployment.
• Have worked with cloud companies and understand cloud security controls and physical security requirements.
• Bring experience from high-growth technology companies managing rapid compliance expansion.
• Have some experience implementing automated enforcement of security controls (i.e., compliance as code).
• Possess relevant certifications (CISA, CRISC, CISM, CISSP, or ISO 27001 Lead Auditor/Implementer).

How We're Different

We believe that the highest-impact AI research will be big science. At Anthropic we work as a single cohesive team on just a few large-scale research efforts. And we value impact — advancing our long-term goals of steerable, trustworthy AI — rather than work on smaller and more specific puzzles. We view AI research as an empirical science, which has as much in common with physics and biology as with traditional efforts in computer science. We're an extremely collaborative group, and we host frequent research discussions to ensure that we are pursuing the highest-impact work at any given time. As such, we greatly value communication skills.

The easiest way to understand our research directions is to read our recent research. This research continues many of the directions our team worked on prior to Anthropic, including: GPT-3, Circuit-Based Interpretability, Multimodal Neurons, Scaling Laws, AI & Compute, Concrete Problems in AI Safety, and Learning from Human Preferences.

Anthropic is a public benefit corporation headquartered in San Francisco. We offer competitive compensation and benefits, optional equity donation matching, generous vacation and parental leave, flexible working hours, and a lovely office space in which to collaborate with colleagues.

Key skills/competency

• Security Compliance
• Risk Management
• Cloud Security
• Data Center Security
• NIST Frameworks
• ISO 27001
• SOC 2
• GRC Systems
• Policy Development
• Audit Readiness