Security Engineer (Governance Risk Compliance)

• We are seeking an experienced and strategic Governance, Risk, and Compliance (GRC) team member as we expand into government and public sector applications of AI • This critical role will ensure that xAI operates within regulatory, ethical, operational, and federal boundaries while fostering a culture of integrity and resilience • You will collaborate with cross-functional teams to safeguard our mission-driven work in AI development and deployment, including support for sensitive and classified environments • Execute security compliance implementation and audits (e.g., ISO 27001/42001, SOC2, FedRAMP HIGH, DoD Cloud Computing SRG IL5/IL6, NIST 800-53 rev 5, NIST 800-171/CMMC, Risk Management Framework) • Work with 3PAOs (Third-Party Assessment Organizations) and federal government Authorizing Officials (AOs) to achieve compliance certifications, reports, and Authorized to Operate (ATO) status • Identify, assess, and prioritize risks related to AI operations, cybersecurity, regulatory compliance, intellectual property, and cloud deployments • Design and implement risk mitigation strategies, including monitoring systems, contingency plans, vulnerability scans, Plan of Action and Milestones (POAMs), and STIGs • Ensure the implementation, oversight, monitoring, and maintenance of security configurations, practices, and procedures throughout the project lifecycle • Serve as a liaison between system owners, security personnel, and cross-functional teams to facilitate effective communication, collaboration, and control implementation • Lead Risk Management Assessment and Authorization (A&A) processes, cloud system risk assessments, compliance reviews for new products/changes/features, and process enhancements • Conduct regular risk assessments, scenario analyses, and proactive evaluations of emerging threats, certifications, requirements, and technologies in the AI landscape • Oversee audits, certifications, third-party assessments, and vulnerability management to maintain compliance and operational credibility • Act as a subject matter expert, providing guidance on risk, compliance, and cybersecurity matters; translate business and technical risks for leadership • Create and present regular reports on GRC performance, risks, and compliance status to senior leadership and stakeholders Benefits • Health and wellness: Comprehensive health insurance including medical, dental, vision, and disability coverage • Life and family: Life and AD&D insurance and fertility benefits to ensure our team’s well-being and peace of mind • Flexible vacation: We work hard but avoid burn out. Take time off when you need it • Visa sponsorship: We support international talent with visa sponsorship to join our team • 401(k) plan: Retirement savings plan to secure your financial future- Bachelor’s degree in Computer Science Information Security, Cybersecurity, or a related field • Certifications like CISA, CRISC, CGEIT, Security+, CASP+, or similar preferred • Previous systems engineering experience strongly preferred • Proven expertise in regulatory frameworks, data privacy, cybersecurity, and federal compliance standards, preferably in a technology, cloud, or AI-driven environment • 3+ years of experience in governance, risk management, compliance, or technology audit roles • Must have the ability to evaluate control objectives with IT configurations • Excellent communication, stakeholder management, and translation skills, with experience influencing cross-functional teams and communicating risks to leadership • Ability to thrive in a fast-paced, dynamic environment and adapt to evolving priorities • Strong understanding of AI ethics, emerging technologies, Risk Management Framework (RMF), and their associated risks • Experience with vulnerability management, POAMs, STIG implementation, and cloud security controls • Exceptional analytical, problem-solving, organizational, and project management skills, with the ability to balance innovation, oversight, and taking projects from conception to launch • Experience in the tech or AI industry, particularly with startups, innovative organizations, or government/public sector engagements • Familiarity with ISO 27001, ISO 42001, NIST, SOC 2, or similar compliance frameworks • Deep expertise maintaining frameworks such as FedRAMP, DoD Cloud Computing SRG, NIST 800-171, NIST 800-53, CMMC, and STIG/RMF policies (including validation via ACAS and similar tools) • Background in managing third-party risk, vendor compliance programs