Description

We are seeking an experienced and strategic Governance, Risk, and Compliance (GRC) team member as we expand into government and public sector applications of AI. This critical role will ensure that xAI operates within regulatory, ethical, operational, and federal boundaries while fostering a culture of integrity and resilience.

Responsibilities:

Execute security compliance implementation and audits (e.g., ISO 27001/42001, SOC2, FedRAMP HIGH, DoD Cloud Computing SRG IL5/IL6, NIST 800-53 rev 5, NIST 800-171/CMMC, Risk Management Framework).
Work with 3PAOs (Third-Party Assessment Organizations) and federal government Authorizing Officials (AOs) to achieve compliance certifications, reports, and Authorized to Operate (ATO) status.
Identify, assess, and prioritize risks related to AI operations, cybersecurity, regulatory compliance, intellectual property, and cloud deployments.
Design and implement risk mitigation strategies, including monitoring systems, contingency plans, vulnerability scans, Plan of Action and Milestones (POAMs), and STIGs.
Ensure the implementation, oversight, monitoring, and maintenance of security configurations, practices, and procedures throughout the project lifecycle.
Serve as a liaison between system owners, security personnel, and cross-functional teams to facilitate effective communication, collaboration, and control implementation.
Lead Risk Management Assessment and Authorization (A&A) processes, cloud system risk assessments, compliance reviews for new products/changes/features, and process enhancements.
Conduct regular risk assessments, scenario analyses, and proactive evaluations of emerging threats, certifications, requirements, and technologies in the AI landscape.
Oversee audits, certifications, third-party assessments, and vulnerability management to maintain compliance and operational credibility.
Act as a subject matter expert, providing guidance on risk, compliance, and cybersecurity matters; translate business and technical risks for leadership.
Create and present regular reports on GRC performance, risks, and compliance status to senior leadership and stakeholders.

This listing is enriched and indexed by YubHub. To apply, use the employer's original posting: https://job-boards.greenhouse.io/xai/jobs/5007261007

Skills

Required

Governance, Risk, and Compliance (GRC)

Security Compliance Implementation and Audits

Risk Management Framework

FedRAMP

DoD Cloud Computing SRG

NIST 800-53

NIST 800-171

CMMC

STIGs

Risk Mitigation Strategies

Monitoring Systems

Contingency Plans

Vulnerability Scans

Plan of Action and Milestones (POAMs)

Cloud System Risk Assessments

Compliance Reviews

Process Enhancements

Regular Risk Assessments

Scenario Analyses

Proactive Evaluations

Emerging Threats

Certifications

Requirements

Technologies

AI Landscape

Audits

Third-Party Assessments

Vulnerability Management

Compliance and Operational Credibility

Subject Matter Expertise

Risk, Compliance, and Cybersecurity Matters

Business and Technical Risks

Leadership

Regular Reports

GRC Performance

Risks

Compliance Status

Nice to have

Experience in the tech or AI industry

Deep expertise maintaining frameworks such as FedRAMP, DoD Cloud Computing SRG, NIST 800-171, NIST 800-53, CMMC, and STIG/RMF policies

Familiarity with ISO 27001, ISO 42001, NIST, SOC 2, or similar compliance frameworks

Background in managing third-party risk, vendor compliance programs, or federal assessments

Understanding of cybersecurity controls for cloud service providers

Knowledge of government cloud services and evolving certification programs