runway-ml - Member of GRC Staff
Requirements
• 7+ years of experience in information security, risk management, or compliance roles • Deep understanding of security frameworks and standards (NIST, ISO 27001, SOC 2) • Hands-on experience running SOC 2 Type II and ISO 27001 audits • Experience building compliance programs in fast-paced technology environments • Strong knowledge of privacy regulations and requirements (GDPR, CCPA) including operational experience handling data subject access and deletion requests • Experience completing customer security questionnaires and supporting Sales on security due diligence • Excellent communication skills with ability to effectively engage technical and non-technical stakeholders • Experience with cloud security and modern development practices • Understanding of machine learning concepts and AI development workflows • Experience in AI/ML company or research organization • Experience with AI safety and ethics frameworks • Background in implementing automated security controls • Runway strives to recruit and retain exceptional talent from diverse backgrounds while ensuring pay equity for our team. Our salary ranges are based on competitive market rates for our size, stage and industry, and salary is just one part of the overall compensation package we provide. • There are many factors that go into salary determinations, including relevant experience, skill level and qualifications assessed during the interview process, and maintaining internal equity with peers on the team. The range shared below is a general expectation for the function as posted, but we are also open to considering candidates who may be more or less experienced than outlined in the job description. In this case, we will communicate any updates in the expected salary range. • Lastly, the provided range is the expected salary for candidates in the U.S. Outside of those regions, there may be a change in the range, which again, will be communicated to candidates. • WORKING AT RUNWAY • Great things come from great teams. https://www.youtube.com/watch?v=kwmj4ato2kw&ab_channel=Runway We’d love to hear from you. • We’re committed to creating a space where our employees can bring their full selves to work and have equal opportunity to succeed. So regardless of race, gender identity or expression, sexual orientation, religion, origin, ability, age, veteran status, if joining this mission speaks to you, we encourage you to apply.
Responsibilities
• Design and implement a comprehensive GRC framework that addresses both traditional security controls and novel AI safety considerations • Lead engagements with external auditors and assessors to obtain and maintain critical security certifications (SOC 2, ISO 27001/27701/42001, FedRAMP, etc.) • Own and help fulfill GDPR data subject requests, including access (DSARs) and erasure/deletion requests that involve coordinating with Legal, Support, and engineering on data sourcing and response workflows • Review and redline the security and data protection terms of customer and vendor contracts (TOMs, DPAs, MSAs) in partnership with Legal • Partner with AI research teams to develop and implement appropriate safeguards and controls for machine learning systems • Create and maintain security policies, standards, and procedures that balance innovation with appropriate risk management • Maintain AI governance documentation and internal AI usage guidelines, monitoring changes from model and AI tool providers (e.g., retention and data-use terms) and reconciling them into company policy • Develop and oversee security awareness and training programs across the organization • Drive continuous improvement of security controls and risk management processes • Serve as a key advisor to leadership on security, privacy, and AI safety matters • Manage relationships with customers, auditors, and other external stakeholders
Apply in one click
Upload My Resume
Drop here or click to browse · Tap to choose · PDF, DOCX, DOC, RTF, TXT