Security specialist, GRC (UK)

📋 Description

• • As a Security Specialist focusing on Governance, Risk, and Compliance (GRC) at WRITER, you will play a pivotal role in establishing and maturing the security and compliance posture of a rapidly growing enterprise AI company. This is a unique opportunity to build AI governance frameworks from the ground up, ensuring that WRITER's innovative platform earns and maintains the trust of the world's leading enterprises.
• • You will be instrumental in shaping the compliance infrastructure that allows WRITER to scale safely and securely, operating at the forefront of AI innovation. This role sits at the critical intersection of AI technology, robust security practices, and business enablement, defining what governance means for cutting-edge enterprise AI systems.
• • A core responsibility will be leading and managing critical audit engagements, including SOC 2 Type II and ISO 27001 certifications, and potentially expanding coverage to meet evolving customer demands in highly regulated sectors such as financial services and healthcare.
• • You will be the primary point of contact for customer assurance efforts, meticulously responding to security questionnaires, Due Diligence Questionnaires (DDQs), and Requests for Proposals (RFPs) from enterprise clients. This includes maintaining an up-to-date trust portal with comprehensive security documentation and collaborating closely with the Sales team to proactively address and remove security-related blockers that could impede major deal closures.
• • A significant part of your role will involve architecting and maintaining WRITER's security governance framework. This entails the creation and ongoing refinement of essential security policies, access control standards, vendor risk management procedures, incident response plans, and specialized AI governance documentation. This AI-specific documentation will address crucial areas such as model training protocols, sensitive data handling, and the responsible deployment of AI models.
• • You will implement continuous control monitoring and evidence collection processes, aiming to automate compliance workflows wherever possible. This includes tracking remediation activities across various teams, conducting regular control testing, and ensuring that audit-ready documentation is consistently maintained throughout the year, thereby avoiding last-minute rushes before audit periods.
• • The role requires driving comprehensive risk assessments and conducting thorough third-party vendor security reviews. You will evaluate the security controls of our suppliers, identify and quantify security risks across WRITER's AI platform and underlying infrastructure, and collaborate cross-functionally to prioritize and track the remediation of identified risks.
• • A key aspect of this position is partnering effectively with Engineering and Product teams to embed compliance and security considerations directly into the software development lifecycle. This involves reviewing architectural decisions for potential security and privacy implications, ensuring that secure-by-design principles are adhered to for all new AI features, and translating complex regulatory requirements into practical, implementable technical controls for developers.
• • You will act as the main liaison for external auditors and assessors, coordinating all aspects of audit engagements. This includes managing evidence collection, scheduling necessary interviews, addressing any audit findings, and ensuring that audit processes are conducted smoothly with minimal disruption to the wider organization.
• • This hybrid role, based in our London office, offers a direct reporting line to the Head of Security, providing a clear path for mentorship and strategic alignment. You will be empowered to make a tangible impact on WRITER's security posture and its ability to serve the most demanding enterprise clients globally.