Risk Management, Compliance

at  Anthropic

As part of the Anthropic security department, the compliance team owns understanding security and AI safety expectations, as established by regulators, customers and (nascent) industry norms (which we also seek to influence). The compliance team uses this understanding to provide direction to internal partners on the priorities of security and safety requirements they must meet. The compliance team assures regulators and customers that those expectations are met by earning security credentials and responding to direct inquiry about Anthropic’s security program from auditors, customers and partners. This opportunity is unique, as we work to secure today’s most novel and valuable asset types, we must build a new kind of compliance program, assuring the safety of artificial intelligence capabilities.

• Understand the breadth of Anthropic’s security capabilities and how they align to common security frameworks
• Design, implement and manage an ISO 27001-compliant risk management program
• Identify design of controls and operational effectiveness gaps and drive remediation across the organization
• Contribute to review and presentation of security policies, audit findings, privacy policies, data protection agreements and other security and compliance program assets
• Use data to track security program maturity and drive improvements
• Deploy and maintain process and technology for risk submission, review, and tracking
• Establish means for engagement with senior management for governance of risk tolerance standards, risk acceptance and general awareness of the status of the compliance program