GRC Automation Engineering Lead

Details

About Anthropic

Anthropic’s mission is to create reliable, interpretable, and steerable AI systems. The team includes researchers, engineers, policy experts, and business leaders working together to build beneficial AI systems.

Role overview

We are seeking a GRC Automation Lead to join the GRC organization and build the technical foundation for scaling risk and compliance programs. You will lead a team that designs and implements automated workflows, data pipelines, and integrations to transform manual compliance processes into scalable engineering systems. This is a greenfield opportunity to establish team, architecture, and integrations for governance, risk, and compliance. The role focuses on understanding how systems connect and how data flows between them rather than primarily writing code yourself. You will have the opportunity to design AI-powered workflows (including using Claude) to accelerate evidence collection, interpret unstructured data, triage compliance gaps, and augment human judgment in risk assessments.

Success metrics include designing systems that aggregate and normalize compliance information across many systems (cloud infrastructure, identity providers, HR platforms, ticketing tools, code repositories) and making it actionable for audit programs including SOC 2, ISO, HIPAA, and FedRAMP.

Responsibilities

• Lead the team that establishes foundational GRC processes and architecture; design and build automated workflows for risk management and compliance enabling continuous monitoring.
• Build data pipelines that aggregate risk, control, and asset information across the technology stack: map disparate schemas, handle inconsistent data quality, and create unified views of compliance posture with dashboards and reporting tools.
• Inform GRC platform strategy and implementation: evaluate, select, and deploy tooling in partnership with other programs.
• Translate written policies and compliance requirements into policy-as-code—express requirements as enforceable rules, automated checks, and continuous validation.
• Establish feedback loops between policy and implementation: surface divergences between technical controls and written requirements and identify where policies need to evolve.
• Design and deploy agentic AI workflows using Claude to automate evidence analysis, monitor control effectiveness, draft audit responses, interpret policy documents, and handle tasks that require reasoning over unstructured information.
• Design and maintain integrations connecting GRC tooling with cloud infrastructure, identity management systems, HRIS platforms, ticketing systems, version control, and CI/CD pipelines to enable automated evidence collection and continuous compliance validation.
• Build and lead the GRC Automation function as it scales: hiring, establishing practices, and defining the technical roadmap for governance and compliance automation.

Requirements

• 3-4+ years of experience managing technical individual contributors or systems-focused teams (proven track record building or scaling small teams of ~2-5 people) in security, compliance, automation, or operations functions.
• 5+ years of experience designing automated workflows, data pipelines, or system integrations (via traditional development, low-code platforms, GRC tools, or process automation).
• Systems thinker: strong understanding of how data flows between systems and where integration points exist; strength in architecture and environment design for security monitoring.
• Proficiency to write production-level code in at least one language (examples: Python, Rust, Go).
• Strong focus on data integration: ability to pull data from multiple sources, normalize and join it, and surface insights; comfortable handling messy/inconsistent data and edge cases.
• Conceptual understanding of APIs and integration patterns: REST APIs, webhooks, authentication flows, polling vs. push architectures, and ability to evaluate systems based on data exposure and automation support.
• Ability to work independently from design through implementation while managing ambiguity in early-stage programs.
• Strong analytical and problem-solving skills with attention to detail and pragmatism about risk-based prioritization.

Strong candidates may have

• Experience designing or implementing AI-powered automation, agentic workflows, or LLM-based tooling in operational contexts.
• Experience with GRC platforms such as ServiceNow GRC, Vanta, Drata, OneTrust, RSA Archer (configuration, customization, integration).
• Familiarity with scripting languages (Python or similar) for automation tasks, API interactions, and data transformation.
• Prior experience in high-growth startup environments and building scalable processes.
• Familiarity with Infrastructure as Code tools (Terraform, CloudFormation, Ansible) and DevSecOps practices including CI/CD pipeline integration and policy-as-code implementations.
• Familiarity with cloud platforms (AWS, GCP, Azure) and extracting compliance-relevant data from their APIs and logging systems.

Logistics

• Education requirements: Bachelor's degree in a related field or equivalent experience.
• Location-based hybrid policy: staff are expected to be in one of Anthropic's offices at least 25% of the time (some roles may require more office time).
• Locations listed: San Francisco, CA; New York City, NY; Seattle, WA.
• Visa sponsorship: Anthropic states they sponsor visas and retain an immigration lawyer, though sponsorship may not be successful for every role/candidate; they will make reasonable efforts if an offer is made.
• Deadline to apply: None (applications received on a rolling basis).

Compensation

Annual Salary: $405,000 - $405,000 USD

Benefits & other notes

Anthropic offers competitive compensation and benefits, optional equity donation matching, generous vacation and parental leave, flexible working hours, and office space for collaboration. They also provide guidance on candidate AI usage for the application process.