Anthropic’s Security Governance, Risk, and Compliance (GRC) team translates regulatory, customer, and voluntary obligations into actionable controls. The Security Controls Assurance Lead defines control requirements, collaborates with engineering to design and implement controls, and validates compliance across global obligations such as SOC 2, ISO 27001/42001, HIPAA, and public sector regulations. The role focuses on ensuring AI systems meet control standards and supports automated evidence collection, audit workflows, and continuous monitoring.
Security Controls Assurance Lead at Anthropic
Hybrid - San Francisco, CA; New York City, NY; Washington, DC
More jobs at AnthropicSalary
USD 345,000 - 345,000
Requirements
Skills
- Thrive at the pace of a hypergrowth company
- Have supported technology control programs through SOX readiness or as a public company or with equivalent rigor (FedRAMP, large multi-framework SOC 2/ISO portfolios)
- Have genuine engineering fluency, possibly from an earlier engineering career: read code and Terraform, follow a CI/CD pipeline end to end, and challenge a design on its technical merits
- Have programming skills in Python or at least one systems language such as Go, Rust, or C/C++
- Have deep familiarity with developer platform, release engineering, or infrastructure control domains
- Are a strong collaborator and communicator
- Use Claude and other LLMs as daily working tools, and have grounded, specific views on which audit and assurance workflows AI can run today and which it can't yet
- Translate framework and regulatory language into acceptance criteria engineers can build against, and translate engineering reality back into assurance language auditors and leadership can rely on
- Default to getting the requirement designed into the system rather than papering over the gap with procedure
Responsibilities
- Define the control framework and requirements for autonomous AI operators in collaboration with Security, Internal Audit, and Engineering, including change review and approvals, human-in-the-loop, and evidence collection. Assess implementations against those requirements
- Pressure-test major infrastructure, system, and agent framework changes for control impact during design, before decisions become expensive rework
- Set the compliance bar for home-built systems. Collaborate with teams to define what the internal system must provide from day one, such as auditability, segregation of duties, and change control over the tool itself
- Define the criteria for where and when AI can operate, supplement, or replace a manual process or control, including the human-in-the-loop thresholds and evidence documentation
- Establish the validation, evidence, and governance standards that allow AI-performed and AI-assisted processes and controls to withstand external audit and regulatory scrutiny
- Assess the introduction of new compliance frameworks and changes in scope (new regulations, certifications, products, or entities), providing a sufficient technical and compliance lens on their impact to control design, evidence requirements, and engineering effort before commitments are made
- Stand up or advise on audit workflows for the assurance team, including Claude-driven control testing, automated evidence collection, walkthrough preparation, and framework mapping against our common controls framework, materially raising automated evidence coverage and cutting audit prep time
Technologies
PythonGoRustC/C++TerraformCI/CD pipelinesClaude (LLM)Other LLMsAI/ML systems and agentsInfrastructure control domains
See if your resume is ready for this job
See how our AI can optimize your resume and improve your chances for this role.