GRC Engineer (AI & Privacy)

About the Role:

The GRC Engineer (AI & Privacy) is a deeply technical role responsible for engineering and implementing AI and Privacy controls across our systems. This position provides hands-on expertise in developing our AI governance program through policy-as-code, performing technical risk assessments, and advising engineering teams on secure architecture. This role is critical to ensuring our innovative technologies are built and deployed securely and ethically from the ground up.

Day to Day:

AI Governance & Risk Management:

• Design, build, and maintain a comprehensive AI GRC framework, leveraging industry standards such as ISO 27001 to inform our AI governance strategy and control implementation.
• Perform technical control assessments on new and existing AI systems to identify risks, evaluate effectiveness, and advise on secure architecture and design patterns.
• Work closely with Information Security teams to support regular security audits and vulnerability assessments of AI systems.

Technical Implementation & Automation:

• Translate AI policies and privacy requirements into tangible, automated technical controls, using policy-as-code principles where possible.
• Partner with Engineering and Data teams to design and validate the implementation of privacy-enhancing technologies (PETs) and data governance controls for data within our cloud environments.
• Lead the selection and management of GRC tooling to continuously monitor AI systems, automate evidence collection, and report on compliance.

Strategy & Collaboration:

• Serve as the subject matter expert and a key cross-functional partner on AI GRC. You will be expected to work closely with:
• Legal to intake and translate new privacy and regulatory requirements into technical solutions.
• Data Science & MLOps to review new AI models and integrate governance controls directly into the MLOps lifecycle.
• Data Governance to ensure security and privacy controls are consistently applied to data platforms.
• Information Security to align on technical security standards and support audits and vulnerability assessments of AI systems.
• Contribute to the overall security and data strategy, ensuring that AI governance capabilities align with business objectives.
• Stay abreast of industry trends in AI security and privacy, recommending and implementing new features and best practices.

What you bring to the table:

• Bachelor's degree in Computer Science, Information Technology, or a related field.
• 3 - 5+ years of experience in a GRC, Information Security, or Cloud Security role.
• A self-starter mentality with the ability to work autonomously, manage competing priorities, and drive projects to completion in a fast-paced environment.
• Demonstrable experience implementing security controls for AI/ML systems and a strong understanding of privacy principles.
• Proficiency in a scripting language (e.g., Python) for automating compliance tasks.
• Experience with policy-as-code (PaC) concepts and tools (e.g., Open Policy Agent).
• Strong understanding of cloud infrastructure management (ie: AWS), including networking, security groups, and IAM roles.
• Proven track record of working with security and privacy frameworks such as ISO 27001, PCI DSS, SOC 2, or US Data Privacy laws.
• Excellent communication and interpersonal skills, with the ability to effectively communicate complex technical concepts to both technical and non-technical stakeholders.
• Experience with GRC and ticketing tools (Vanta, Jira) or Infrastructure-as-Code tools like Terraform is a plus.

Aura is committed to offering a generous package to support our employees in all aspects of their life in and out of work. Our packages offer competitive pay, generous health and wellness benefits, retirement savings plans, parental leave and much more! Pay range for this position is $100,000-135,000, but may vary depending on job-related knowledge, skills, experience and location. 

#LI-Remote