Apply on Employer Site

xAI · 6 hours ago

Member of Technical Staff, Governance Risk Compliance

Washington, DC

Full-time

Onsite

Mid, Senior Level

$180K/yr - $440K/yr

3+ years exp

xAI is a company on a mission to create AI systems that accurately understand the universe and aid humanity. They are seeking an experienced Governance, Risk, and Compliance (GRC) Lead to design, implement, and oversee their GRC framework, particularly as they expand into government and public sector applications of AI.

Artificial Intelligence (AI)Foundational AIGenerative AIInformation TechnologyMachine Learning

Growth Opportunities

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Develop and maintain a robust governance framework to support xAI’s strategic objectives and ensure alignment with industry best practices, including federal and DoD standards

Establish policies, procedures, and controls to guide ethical AI development, data usage, corporate decision-making, and security configurations

Partner with leadership, product, engineering, security, operations, people operations, and legal teams to integrate governance principles into product development, operational processes, and the implementation of new technical, administrative, and operational controls

Lead security compliance implementation and audits (e.g., ISO 27001/42001, SOC2, FedRAMP HIGH, DoD Cloud Computing SRG IL5/IL6, NIST 800-53 rev 5, NIST 800-171/CMMC, Risk Management Framework)

Work with 3PAOs (Third-Party Assessment Organizations) and federal government Authorizing Officials (AOs) to achieve compliance certifications, reports, and Authorized to Operate (ATO) status

Identify, assess, and prioritize risks related to AI operations, cybersecurity, regulatory compliance, intellectual property, and cloud deployments

Design and implement risk mitigation strategies, including monitoring systems, contingency plans, vulnerability scans, Plan of Action and Milestones (POAMs), and STIGs

Ensure the implementation, oversight, monitoring, and maintenance of security configurations, practices, and procedures throughout the project lifecycle

Serve as a liaison between system owners, security personnel, and cross-functional teams to facilitate effective communication, collaboration, and control implementation

Lead Risk Management Assessment and Authorization (A&A) processes, cloud system risk assessments, compliance reviews for new products/changes/features, and process enhancements

Conduct regular risk assessments, scenario analyses, and proactive evaluations of emerging threats, certifications, requirements, and technologies in the AI landscape

Monitor regulatory developments and advise leadership on their impact on xAI’s operations and product roadmap

Oversee audits, certifications, third-party assessments, and vulnerability management to maintain compliance and operational credibility

Act as a subject matter expert, providing guidance on risk, compliance, and cybersecurity matters; translate business and technical risks for leadership

Create and present regular reports on GRC performance, risks, and compliance status to senior leadership and stakeholders

Qualification

Governance Risk ComplianceRegulatory frameworksCybersecurityRisk Management FrameworkVulnerability managementCloud security controlsCertifications CISACertifications CRISCAnalytical skillsStakeholder managementProblem-solving skillsProject management skillsCommunication skills

Required

Previous systems engineering experience strongly preferred

Must have the ability to evaluate control objectives with IT configurations

Bachelor's degree in Computer Science Information Security, Cybersecurity, or a related field

Certifications like CISA, CRISC, CGEIT, Security+, CASP+, or similar preferred

3+ years of experience in governance, risk management, compliance, or technology audit roles

Proven expertise in regulatory frameworks, data privacy, cybersecurity, and federal compliance standards, preferably in a technology, cloud, or AI-driven environment

Strong understanding of AI ethics, emerging technologies, Risk Management Framework (RMF), and their associated risks

Experience with vulnerability management, POAMs, STIG implementation, and cloud security controls

Exceptional analytical, problem-solving, organizational, and project management skills, with the ability to balance innovation, oversight, and taking projects from conception to launch

Excellent communication, stakeholder management, and translation skills, with experience influencing cross-functional teams and communicating risks to leadership

Ability to thrive in a fast-paced, dynamic environment and adapt to evolving priorities

Preferred

Experience in the tech or AI industry, particularly with startups, innovative organizations, or government/public sector engagements

Deep expertise implementing and maintaining frameworks such as FedRAMP, DoD Cloud Computing SRG, NIST 800-171, NIST 800-53, CMMC, and STIG/RMF policies (including validation via ACAS and similar tools)

Familiarity with ISO 27001, ISO 42001, NIST, SOC 2, or similar compliance frameworks

Background in managing third-party risk, vendor compliance programs, or federal assessments

Understanding of cybersecurity controls for cloud service providers

Knowledge of government cloud services and evolving certification programs

Active security clearance with IAT Level 2 certification (e.g., Security+, CASP+)

5+ years of security compliance or technology audit-related