Security Controls Assurance Lead

Details

Anthropic’s Security Governance, Risk, and Compliance (GRC) team builds controls, evidence, and assurance programs that translate regulatory, customer, and voluntary obligations into actionable controls and measurable evidence. The Security Controls Assurance Lead will define control requirements and acceptance criteria for global compliance obligations across the software development lifecycle, partner with engineering teams on design and implementation, and validate that shipped systems meet those requirements. The role focuses on technical controls assurance for AI systems and infrastructure, blending engineering fluency with compliance rigor.

Responsibilities

• Define the control framework and requirements for autonomous AI operators, including change review/approvals, human-in-the-loop thresholds, and evidence collection, and assess implementations against those requirements.
• Pressure-test major infrastructure, system, and agent framework changes for control impact during design to avoid expensive rework.
• Set the compliance bar for home-built systems: define required capabilities such as auditability, segregation of duties, and change control.
• Define criteria for where and when AI can operate, supplement, or replace manual processes or controls, including evidence documentation standards.
• Establish validation, evidence, and governance standards so AI-performed and AI-assisted processes withstand external audit and regulatory scrutiny.
• Assess the impact of new compliance frameworks, regulations, certifications, products, or entities on control design and engineering effort prior to commitments.
• Stand up or advise on audit workflows for the assurance team, including Claude-driven control testing, automated evidence collection, walkthrough preparation, and framework mapping against a common controls framework.

Minimum qualifications

• Experience supporting technology control programs with SOX readiness, public company control programs, or equivalent rigor (FedRAMP, multi-framework SOC 2/ISO portfolios).
• Genuine engineering fluency: able to read code and Terraform, follow a CI/CD pipeline end-to-end, and challenge technical designs.
• Programming skills in Python or a systems language such as Go, Rust, or C/C++.
• Deep familiarity with developer platform, release engineering, or infrastructure control domains.
• Strong collaboration and communication skills.
• Regular user of Claude and other LLMs, with grounded views on which audit and assurance workflows AI can run today and which it cannot.
• Ability to translate framework and regulatory language into acceptance criteria engineers can implement, and translate engineering realities back into assurance language auditors and leadership can rely on.
• Comfort working in a hypergrowth environment and making decisions with incomplete information.

Preferred qualifications

• Combination of audit/advisory experience (e.g., Big 4) and in-house experience at an AI-forward tech company.
• Experience defining or assessing controls for AI/ML systems or agents in production environments.
• Experience standing up continuous controls monitoring or automated evidence programs.

Compensation

• Annual Salary: $345,000 - $345,000 USD

Logistics

• Minimum education: Bachelor’s degree or equivalent combination of education, training, and/or experience.
• Location-based hybrid policy: expected to be in one of Anthropic's offices at least 25% of the time (hybrid expectation).
• Locations listed: San Francisco, CA; New York City, NY; Washington, DC.
• Visa sponsorship: Anthropic states they do sponsor visas and retain immigration counsel to assist where feasible.

How Anthropic works / Culture notes

• Anthropic emphasizes collaboration, research-focused work on a few large-scale efforts, and strong communication skills. The team uses Claude and other LLMs as daily tools and values diverse perspectives in AI safety and governance.