Used Tools & Technologies
Not specified
Required Skills & Competences
Tag name is followed by "@" symbol and proficiency level value.
About proficiency levels:
- 1-2 β basic awareness. Minimal hands-on experience, and a rudimentary understanding of the technology's purpose;
- 3-6 β daily use. Comfortable and regular usage, capable of handling common tasks and challenges related to the technology;
- 7-9 β you are an expert, you can teach others, you know all the pitfalls and tricks;
- 10 β exceptional knowledge, comprehensive understanding, and adeptness in all aspects of the technology, including advanced problem-solving. Think twice before claiming or demanding such level.
Security @ 3
Leadership @ 3
Communication @ 3
Project Management @ 3
Audit @ 5
Compliance @ 3
Cloud Computing @ 3
AI @ 3
- 1-2 β basic awareness. Minimal hands-on experience, and a rudimentary understanding of the technology's purpose;
- 3-6 β daily use. Comfortable and regular usage, capable of handling common tasks and challenges related to the technology;
- 7-9 β you are an expert, you can teach others, you know all the pitfalls and tricks;
- 10 β exceptional knowledge, comprehensive understanding, and adeptness in all aspects of the technology, including advanced problem-solving. Think twice before claiming or demanding such level.
Details
We are seeking an experienced and strategic Governance, Risk, and Compliance (GRC) team member to support xAI's expansion into government and public sector applications of AI. This role will ensure xAI operates within regulatory, ethical, operational, and federal boundaries while supporting sensitive and classified environments. You will collaborate with cross-functional teams to safeguard AI development and deployment.
Responsibilities
- Execute security compliance implementation and audits (e.g., ISO 27001/42001, SOC 2, FedRAMP HIGH, DoD Cloud Computing SRG IL5/IL6, NIST 800-53 rev 5, NIST 800-171/CMMC, Risk Management Framework).
- Work with 3PAOs (Third-Party Assessment Organizations) and federal government Authorizing Officials (AOs) to achieve compliance certifications, reports, and Authorized to Operate (ATO) status.
- Identify, assess, and prioritize risks related to AI operations, cybersecurity, regulatory compliance, intellectual property, and cloud deployments.
- Design and implement risk mitigation strategies, including monitoring systems, contingency plans, vulnerability scans, Plan of Action and Milestones (POAMs), and STIGs.
- Ensure implementation, oversight, monitoring, and maintenance of security configurations, practices, and procedures throughout the project lifecycle.
- Serve as a liaison between system owners, security personnel, and cross-functional teams to facilitate effective communication and control implementation.
- Lead Risk Management Assessment and Authorization (A&A) processes, cloud system risk assessments, compliance reviews for new products/changes/features, and process enhancements.
- Conduct regular risk assessments, scenario analyses, and proactive evaluations of emerging threats, certifications, requirements, and technologies in the AI landscape.
- Oversee audits, certifications, third-party assessments, and vulnerability management to maintain compliance and operational credibility.
- Act as a subject matter expert, providing guidance on risk, compliance, and cybersecurity matters; translate business and technical risks for leadership.
- Create and present regular reports on GRC performance, risks, and compliance status to senior leadership and stakeholders.
Requirements
- Previous systems engineering experience strongly preferred.
- Ability to evaluate control objectives with IT configurations.
- Bachelorβs degree in Computer Science, Information Security, Cybersecurity, or a related field.
- Certifications like CISA, CRISC, CGEIT, Security+, CASP+, or similar preferred.
- 3+ years of experience in governance, risk management, compliance, or technology audit roles.
- Proven expertise in regulatory frameworks, data privacy, cybersecurity, and federal compliance standards, preferably in a technology, cloud, or AI-driven environment.
- Strong understanding of AI ethics, emerging technologies, Risk Management Framework (RMF), and their associated risks.
- Experience with vulnerability management, POAMs, STIG implementation, and cloud security controls.
- Exceptional analytical, problem-solving, organizational, and project management skills.
- Excellent communication and stakeholder management skills, with experience influencing cross-functional teams and communicating risks to leadership.
- Ability to thrive in a fast-paced, dynamic environment and adapt to evolving priorities.
Preferred Skills and Experience
- Experience in the tech or AI industry, particularly with startups, innovative organizations, or government/public sector engagements.
- Deep expertise maintaining frameworks such as FedRAMP, DoD Cloud Computing SRG, NIST 800-171, NIST 800-53, CMMC, and STIG/RMF policies (including validation via ACAS and similar tools).
- Familiarity with ISO 27001, ISO 42001, NIST, SOC 2, or similar compliance frameworks.
- Background in managing third-party risk, vendor compliance programs, or federal assessments.
- Understanding of cybersecurity controls for cloud service providers and knowledge of government cloud services and evolving certification programs.
- 5+ years of security compliance or technology audit-related experience.
Compensation and Benefits
- Base salary: $100,000 - $228,000 USD per year.
- Total rewards package includes equity, comprehensive medical, vision, and dental coverage, access to a 401(k) retirement plan, short & long-term disability insurance, life insurance, and other discounts and perks.