Senior AI GRC Engineer
Vanta · Remote
From the company's job description
At Vanta, our mission is to help businesses earn and prove trust. We believe that security should be monitored and verified continuously, and we empower companies to practice better security and prove it with ease. Vanta has a kind and talented team, and while some have prior security experience, many have been successful at Vanta without it.
As a Senior AI GRC Engineer at Vanta, you’ll own and lead governance, risk, and compliance initiatives related to Vanta’s internal AI adoption and customer-facing AI products. You’ll apply deep expertise about AI governance and compliance frameworks and partner closely with various engineering teams (Security, Product, Corporate) to build and monitor scalable guardrails that sustainably and responsibly maximize our productivity and velocity. You’ll incorporate GRC Engineering principles, values, and best practices https://grc.engineering every step of the way and help us become the leader in GRC Engineering.
Vanta’s GRC Engineering team enables Vanta’ns to make smart risk decisions so we can reliably achieve our objectives, operate with integrity, and bolster customer trust. We treat our internal GRC program as a product that serves our internal and external customers’ needs. We are also Customer Zero of Vanta’s platform and work closely with our GRC SME team and Engineering/Product/Design (EPD) organization to help improve our products.
What you’ll do as a Senior AI GRC Engineer at Vanta:
- Drive Vanta’s internal AI governance programs (e.g., ISO 42001) while also evaluating new frameworks for Vanta to adopt
- Lead our cross-functional Hardening Enterprise AI Team (GRC Engineering, Corporate Engineering, Product Engineering, Security Engineering) in researching, implementing, and continuously monitoring scalable & compliant AI guardrails that optimally balance risk mitigation, compliance, and productivity
- Partner closely with the rest of GRC Engineering and other Vanta’ns to ensure AI governance, risk management, and compliance are baked into Vanta’s programs, projects, and SDLCs
- Champion sustainable AI usage across Vanta by being an early adopter and expert user of our AI tools and guardrails, regularly sharing best practices and use cases to foster responsible AI adoption across the company
- Scale & streamline our GRC programs by building agentic AI & deterministic automation
- Evangelize AI & GRC Engineering best practices and solutions through thought leadership on Vanta’s blog, social media, and virtual/in-person events
How to be successful in this role:
- Strong experience inside and outside of work using AI agents, tools, and platforms to automate workflows and build tools, especially Anthropic products, OpenAI products, LangChain products, and/or Cursor
- Experience using code and web APIs to automate workflows and build tools, especially with TypeScript, Go, and/or Python
- Expertise in modern cloud-native web application development practices and related security best practices, especially in the context of AWS, containerized workloads, serverless architectures, and frontier AI platforms
- Expertise in AI governance, risk, and compliance frameworks, such as ISO 42001, AIUC-1, EU AI Act, NIST AI RMF, UK AI Safety Framework, etc.
- Experience with compliance programs for SOC 2, ISO 27001/17/18, ISO 27701, GDPR, etc.
- Experience putting GRC Engineering principles and values https://grc.engineering into practice, especially control monitoring automation, systems & design thinking, and threat-informed GRC
- Open to using AI to amplify their skills and strengthen their work - demonstrating curiosity, a willingness to learn, and sound judgment in applying AI responsibly to improve efficiency and impact.
What you can expect as a Vanta’n:
- Industry-competitive salary and equity
- Comprehensive medical, dental, and vision coverage, with 100% of employee-only benefit premiums covered for most medical plans
- 16 weeks paid Parental Leave for all new parents
- Health & wellness stipend
- Remote workspace, internet, and cellphone stipend
- Commuter benefits for team members who report to the SF and NYC office
- Family planning benefits
- Matching 401(k) contribution with immediate vesting
- Flexible PTO policy, plus 80 hours of Sick Time
- 11 company-paid holidays
- Virtual team building activities, lunch and learns, and other company-wide events!
- Offices in SF, NYC, London, Dublin, Tel Aviv, and Sydney
To provide greater transparency to candidates, we share base pay ranges for all US-based job postings regardless of state. We set standard base pay ranges for all roles based on function, level, and country location, benchmarked against similar-stage growth companies. Final offer amounts are determined by multiple factors and may vary based on candidate location, skills, depth of work experience, and relevant licenses/credentials.
#LI-remote
At Vanta, we are committed to hiring diverse talent of different backgrounds and as such, it is important to us to provide an inclusive work environment for all. We do not discriminate on the basis of race, gender identity, age, religion, sexual orientation, veteran or disability status, or any other protected class. As an equal opportunity employer, we encourage and welcome people of all backgrounds to apply.
About Vanta
We started in 2018, in the wake of several high-profile data breaches. Online security was only becoming more important, but we knew firsthand how hard it could be for fast-growing companies to invest the time and manpower it takes to build a solid security foundation. Vanta was inspired by a vision to restore trust in internet businesses by enabling companies to improve and prove their security. From our early days automating security monitoring for compliance standards like SOC 2, HIPAA and ISO 27001 to creating the world's leading Trust Management Platform, our vision remains unchanged.
Now more than ever, making security continuous—not just a point-in-time check— is essential. Thousands of companies rely on Vanta to build, maintain and demonstrate their trust— all in a way that's real-time and transparent.
Referral Instructions
If you are being referred for the role, please contact that person to apply on your behalf.