Security Risk & Compliance Lead

About Anthropic

Anthropic's mission is to create reliable, interpretable, and steerable AI systems. We want AI to be safe and beneficial for our users and for society as a whole. Our team is a quickly growing group of committed researchers, engineers, policy experts, and business leaders working together to build beneficial AI systems.

About The Team

As part of the Anthropic security department, the compliance team owns understanding security and AI safety expectations, as established by regulators, customers and (nascent) industry norms (which we also seek to influence). The compliance team uses this understanding to provide direction to internal partners on the priorities of security and safety requirements they must meet. The compliance team assures regulators and customers that those expectations are met by earning security credentials and responding to direct inquiry about Anthropic's security program from auditors, customers and partners.

This opportunity is unique, as we work to secure today’s most novel and valuable asset types, we must build a new kind of compliance program, assuring the safety of artificial intelligence capabilities.

Responsibilities of the Security Risk & Compliance Lead

• Understand how Anthropic's security and privacy capabilities across major cloud platforms implement common frameworks (e.g., NIST 800-53, NIST 800-171, ISO 27001, ISO 27701, CSA CCM, and SOC 2).
• Build scalable data center and cloud compliance processes and documentation systems that will support future expansion to additional geographies and compliance frameworks.
• Assess and mitigate security and operational risks, implementing corrective actions, and managing vendor compliance.
• Coordinate engagements with independent assessors to earn security and privacy certifications and attestations important to Anthropic customers and enterprise partnerships, and to meet regulatory obligations.
• Write, update and enact policies capturing security, privacy, and AI safety requirements.
• Maintain and enhance Anthropic's system of security controls through audit readiness, recordkeeping, and cross-functional communication.

You May Be a Good Fit If You

• Have 8+ years of progressive experience in audit and compliance roles, with direct ownership of certification/attestation projects.
• Have worked in cloud-native environments and understand security and privacy considerations for multi-cloud architectures.
• Can translate complex compliance requirements into actionable workstreams for technical and non-technical stakeholders.
• Have built common controls frameworks or GRC systems that scaled with organizational growth.
• Write clear and useful security and privacy documentation for both external and internal audiences.
• Thrive in ambiguous, fast-paced environments where you'll need to build processes from scratch.
• Are comfortable organizing time-bounded task management of delegated work streams across a diverse organization.
• Are energized by being the subject matter expert who educates the organization on new compliance requirements.

Strong Candidates May Also

• Have worked in AI/ML companies and understand unique security considerations for model development and deployment.
• Have worked with cloud companies and understand cloud security controls and physical security requirements.
• Bring experience from high-growth technology companies managing rapid compliance expansion.
• Have some experience implementing automated enforcement of security controls (i.e., compliance as code).
• Possess relevant certifications (CISA, CRISC, CISM, CISSP, or ISO 27001 Lead Auditor/Implementer).

Key skills/competency

• Security Compliance
• Risk Management
• Cloud Security
• Data Center Security
• NIST Frameworks
• ISO 27001
• SOC 2
• Audit Readiness
• Policy Development
• AI Safety