Senior AI GRC Engineer

Vanta, Inc.

Job Overview

Location

Remote U.S.

Job Type

Full-time

Full Job Description

📋 Description

• Lead Vanta’s internal AI governance programs, including adoption and implementation of frameworks such as ISO 42001, AIUC-1, EU AI Act, NIST AI RMF, and UK AI Safety Framework, while evaluating new frameworks for potential adoption.
• Direct the cross-functional Hardening Enterprise AI Team—comprising GRC Engineering, Corporate Engineering, Product Engineering, and Security Engineering—to research, implement, and continuously monitor scalable, compliant AI guardrails that balance risk mitigation, regulatory compliance, and operational productivity.
• Integrate AI governance, risk management, and compliance requirements into Vanta’s programs, projects, and software development life cycles (SDLCs) to ensure alignment with GRC Engineering principles and best practices.
• Champion sustainable and responsible AI usage across Vanta by being an early adopter and expert user of internal AI tools and guardrails, regularly sharing best practices, use cases, and guidance to foster company-wide responsible AI adoption.
• Scale and streamline GRC programs by designing and deploying agentic AI systems and deterministic automation to reduce manual effort and improve consistency in compliance monitoring.
• Evangelize AI and GRC Engineering best practices through thought leadership, including publishing content on Vanta’s blog, contributing to social media, and speaking at virtual and in-person events.
• Partner closely with GRC SMEs and the Engineering/Product/Design (EPD) organization to improve Vanta’s platform, acting as Customer Zero to validate and refine product features related to AI governance and compliance.
• Apply GRC Engineering principles—including control monitoring automation, systems and design thinking, and threat-informed GRC—to build and maintain robust, scalable governance infrastructure.
• Utilize code and web APIs (especially in TypeScript, Go, and Python) to automate workflows, build internal tools, and enhance AI system monitoring and compliance enforcement.
• Maintain expertise in modern cloud-native web application development practices and associated security best practices, particularly within AWS, containerized workloads, serverless architectures, and frontier AI platforms.
• Demonstrate curiosity, a willingness to learn, and sound judgment in applying AI responsibly to amplify personal and team effectiveness while upholding ethical and compliance standards.

🎯 Requirements

• Strong experience using AI agents, tools, and platforms (e.g., Anthropic, OpenAI, LangChain, Cursor) to automate workflows and build tools.
• Experience using code and web APIs (especially TypeScript, Go, and/or Python) to automate workflows and build tools.
• Expertise in AI governance, risk, and compliance frameworks (e.g., ISO 42001, NIST AI RMF, EU AI Act, UK AI Safety Framework).
• Experience with compliance programs such as SOC 2, ISO 27001/17/18, ISO 27701, and GDPR.
• Experience implementing GRC Engineering principles, including control monitoring automation, systems & design thinking, and threat-informed GRC.
• Expertise in modern cloud-native web application development practices and security best practices in AWS, containerized workloads, serverless architectures, and frontier AI platforms.

🏖️ Benefits

• Industry-competitive salary and equity.
• Comprehensive medical, dental, and vision coverage with 100% of employee-only premium costs covered for most plans.
• 16 weeks paid parental leave for all new parents.
• Health & wellness stipend, remote workspace, internet, and cellphone stipend.
• Matching 401(k) contribution with immediate vesting.
• Flexible PTO policy plus 80 hours of Sick Time and 11 company-paid holidays.

Skills & Technologies

Python

TypeScript

AWS

REST

Senior

Remote

Ready to Apply?

Apply Externally

You will be redirected to an external site to apply.

Vanta, Inc.

Visit Website

About Vanta, Inc.

Vanta is a San Francisco-based compliance automation platform that helps businesses obtain and maintain SOC 2, ISO 27001, HIPAA, GDPR and other security certifications. Its cloud service continuously monitors infrastructure, collects audit evidence, runs automated tests and produces auditor-ready reports, reducing the manual effort and cost of demonstrating security posture to customers and regulators. Founded in 2017, the company primarily serves high-growth SaaS startups and mid-market technology firms.

View Company Profile

Get more remote jobs like this

Subscribe to the weekly newsletter for similar remote roles and curated hiring updates.

Weekly remote jobs and featured talent.

No spam. Only curated remote roles and product updates. You can unsubscribe anytime.