Security specialist, GRC

📋 Description

• • As a Security Specialist focusing on Governance, Risk, and Compliance (GRC) at WRITER, you will play a pivotal role in establishing and fortifying the security and trust foundations for our cutting-edge AI platform. This is a unique opportunity to architect and implement the compliance frameworks that will enable WRITER to scale securely and maintain the confidence of the world's most discerning enterprises.
• • You will be instrumental in shaping AI governance from its inception within a rapidly growing company, operating at the critical intersection of artificial intelligence, robust security practices, and business enablement. Your work will directly influence how enterprise AI systems, many of which are novel, are governed and trusted.
• • A core responsibility will be to lead and manage critical audit engagements, including SOC 2 Type II, ISO 27001, and other vital certifications. This involves overseeing the entire audit lifecycle, from planning and preparation to evidence collection and remediation of findings, ensuring WRITER meets and exceeds industry standards.
• • You will be the frontline for customer assurance, meticulously responding to a wide array of security questionnaires, Due Diligence Questionnaires (DDQs), and Requests for Proposals (RFPs) from enterprise clients. This requires maintaining an up-to-date trust portal with comprehensive security documentation and collaborating closely with the Sales team to proactively address and remove any security-related obstacles that could impede major deal closures.
• • A significant part of your role will involve building and continuously enhancing WRITER's security governance framework. This includes the development and maintenance of comprehensive security policies, robust access control standards, effective vendor risk management procedures, detailed incident response plans, and specialized AI governance documentation. The AI-specific documentation will address crucial areas such as model training protocols, sensitive data handling practices, and the responsible deployment of AI models.
• • You will implement and manage continuous control monitoring processes, leveraging automation where possible to streamline evidence collection and track remediation activities across various teams. Performing regular control testing and ensuring that audit-ready documentation is maintained throughout the year will be key to avoiding last-minute scrambles.
• • Driving comprehensive risk assessments will be another key function, including conducting thorough third-party vendor security reviews. This involves evaluating the control environments of our suppliers, identifying and quantifying security risks across WRITER's AI platform and underlying infrastructure, and collaborating cross-functionally to prioritize and track the remediation of identified risks.
• • A crucial aspect of this role is partnering proactively with Engineering and Product teams to embed security and compliance considerations directly into the software development lifecycle (SDLC). This includes reviewing architectural decisions for potential security and privacy implications, ensuring that secure-by-design principles are rigorously applied to all new AI features, and effectively translating complex regulatory requirements into practical, implementable technical controls for developers.
• • You will act as the primary liaison and point of contact for all external auditors and assessors. This involves coordinating all aspects of the audit process, including evidence gathering, scheduling necessary interviews, addressing any audit findings promptly, and ensuring that audit processes are conducted smoothly with minimal disruption to the broader team's operations.
• • This role offers an exceptional opportunity to define the future of AI governance in a dynamic and fast-paced environment, contributing directly to WRITER's mission of expanding human capacity through trustworthy AI.