# Security Engineer - Governance Risk Compliance **Company**: xAI **Location**: New York, NY; Palo Alto, CA; Washington, D.C. **Work arrangement**: remote **Experience**: senior **Job type**: full-time **Salary**: $100,000 - $228,000 USD **Category**: Engineering **Industry**: Technology **Wikidata**: https://www.wikidata.org/wiki/Q120599684 **Apply**: https://job-boards.greenhouse.io/xai/jobs/5007261007?utm_source=yubhub.co&utm_medium=jobs_feed&utm_campaign=apply **Canonical**: https://yubhub.co/jobs/job_a4d67ad0-899 ## Description We are seeking an experienced and strategic Governance, Risk, and Compliance (GRC) team member as we expand into government and public sector applications of AI. This critical role will ensure that xAI operates within regulatory, ethical, operational, and federal boundaries while fostering a culture of integrity and resilience. Responsibilities: - Execute security compliance implementation and audits (e.g., ISO 27001/42001, SOC2, FedRAMP HIGH, DoD Cloud Computing SRG IL5/IL6, NIST 800-53 rev 5, NIST 800-171/CMMC, Risk Management Framework). - Work with 3PAOs (Third-Party Assessment Organizations) and federal government Authorizing Officials (AOs) to achieve compliance certifications, reports, and Authorized to Operate (ATO) status. - Identify, assess, and prioritize risks related to AI operations, cybersecurity, regulatory compliance, intellectual property, and cloud deployments. - Design and implement risk mitigation strategies, including monitoring systems, contingency plans, vulnerability scans, Plan of Action and Milestones (POAMs), and STIGs. - Ensure the implementation, oversight, monitoring, and maintenance of security configurations, practices, and procedures throughout the project lifecycle. - Serve as a liaison between system owners, security personnel, and cross-functional teams to facilitate effective communication, collaboration, and control implementation. - Lead Risk Management Assessment and Authorization (A&A) processes, cloud system risk assessments, compliance reviews for new products/changes/features, and process enhancements. - Conduct regular risk assessments, scenario analyses, and proactive evaluations of emerging threats, certifications, requirements, and technologies in the AI landscape. - Oversee audits, certifications, third-party assessments, and vulnerability management to maintain compliance and operational credibility. - Act as a subject matter expert, providing guidance on risk, compliance, and cybersecurity matters; translate business and technical risks for leadership. - Create and present regular reports on GRC performance, risks, and compliance status to senior leadership and stakeholders. ## Skills ### Required - Governance, Risk, and Compliance (GRC) - Security Compliance Implementation and Audits - Risk Management Framework - FedRAMP - DoD Cloud Computing SRG - NIST 800-53 - NIST 800-171 - CMMC - STIGs - Risk Mitigation Strategies - Monitoring Systems - Contingency Plans - Vulnerability Scans - Plan of Action and Milestones (POAMs) - Cloud System Risk Assessments - Compliance Reviews - Process Enhancements - Regular Risk Assessments - Scenario Analyses - Proactive Evaluations - Emerging Threats - Certifications - Requirements - Technologies - AI Landscape - Audits - Third-Party Assessments - Vulnerability Management - Compliance and Operational Credibility - Subject Matter Expertise - Risk, Compliance, and Cybersecurity Matters - Business and Technical Risks - Leadership - Regular Reports - GRC Performance - Risks - Compliance Status ### Nice to have - Experience in the tech or AI industry - Deep expertise maintaining frameworks such as FedRAMP, DoD Cloud Computing SRG, NIST 800-171, NIST 800-53, CMMC, and STIG/RMF policies - Familiarity with ISO 27001, ISO 42001, NIST, SOC 2, or similar compliance frameworks - Background in managing third-party risk, vendor compliance programs, or federal assessments - Understanding of cybersecurity controls for cloud service providers - Knowledge of government cloud services and evolving certification programs --- Source: [Apply at job-boards.greenhouse.io](https://job-boards.greenhouse.io/xai/jobs/5007261007?utm_source=yubhub.co&utm_medium=jobs_feed&utm_campaign=apply)