Aura

Compensation

Full Description

Aura is on a mission to create a safer internet. In a world where our lives are increasingly online, Aura's category-defining suite of intelligent digital safety products help millions of customers protect themselves against digital threats, and that number is growing rapidly. This is an exciting phase at Aura, and our team of over 400 people worldwide is guided by a leadership slate that's successfully grown startups into multi-billion dollar organizations. Come build with us! Aura is on a mission to create a safer internet. In a world where our lives are increasingly online, Aura's category-defining suite of intelligent digital safety products help millions of customers protect themselves against digital threats, and that number is growing rapidly. Aura is in an exciting phase of hyper-growth, and our team of close to 700 people worldwide is guided by a leadership slate that's successfully grown startups into multi-billion dollar organizations. Come join us for the ride! About the Role: The GRC Engineer (AI & Privacy) is a deeply technical role responsible for engineering and implementing AI and Privacy controls across our systems. This position provides hands-on expertise in developing our AI governance program through policy-as-code, performing technical risk assessments, and advising engineering teams on secure architecture. This role is critical to ensuring our innovative technologies are built and deployed securely and ethically from the ground up. Day to Day: AI Governance & Risk Management: Design, build, and maintain a comprehensive AI GRC framework, leveraging industry standards such as ISO 27001 to inform our AI governance strategy and control implementation. Perform technical control assessments on new and existing AI systems to identify risks, evaluate effectiveness, and advise on secure architecture and design patterns. Work closely with Information Security teams to support regular security audits and vulnerability assessments of AI systems. Technical Implementation & Automation: Translate AI policies and privacy requirements into tangible, automated technical controls, using policy-as-code principles where possible. Partner with Engineering and Data teams to design and validate the implementation of privacy-enhancing technologies (PETs) and data governance controls for data within our cloud environments. Lead the selection and management of GRC tooling to continuously monitor AI systems, automate evidence collection, and report on compliance. Strategy & Collaboration: Serve as the subject matter expert and a key cross-functional partner on AI GRC. You will be expected to work closely with: Legal to intake and translate new privacy and regulatory requirements into technical solutions. Data Science & MLOps to review new AI models and integrate governance controls directly into the MLOps lifecycle. Data Governance to ensure security and privacy controls are consistently applied to data platforms. Information Security to align on technical security standards and support audits and vulnerability assessments of AI systems. Contribute to the overall security and data strategy, ensuring that AI governance capabilities align with business objectives. Stay abreast of industry trends in AI security and privacy, recommending and implementing new features and best practices. What you bring to the table: Bachelor's degree in Computer Science, Information Technology, or a related field. 3 - 5+ years of experience in a GRC, Information Security, or Cloud Security role. A self-starter mentality with the ability to work autonomously, manage competing priorities, and drive projects to completion in a fast-paced environment. Demonstrable experience implementing security controls for AI/ML systems and a strong understanding of privacy principles. Proficiency in a scripting language (e.g., Python) for automating compliance tasks. Experience with policy-as-code (PaC) concepts and tools (e.g., Open Policy Agent). Strong understanding of cloud infrastructure management (ie: AWS), including networking, security groups, and IAM roles. Proven track record of working with security and privacy frameworks such as ISO 27001, PCI DSS, SOC 2, or US Data Privacy laws. Excellent communication and interpersonal skills, with the ability to effectively communicate complex technical concepts to both technical and non-technical stakeholders. Experience with GRC and ticketing tools (Vanta, Jira) or Infrastructure-as-Code tools like Terraform is a plus. Aura is committed to offering a generous package to support our employees in all aspects of their life in and out of work. Our packages offer competitive pay, generous health and wellness benefits, retirement savings plans, parental leave and much more! Pay range for this position is $100,000-135,000, but may vary depending on job-related knowledge, skills, experience and location. #LI-Remote Aura is proud to be an equal employment workplace. All qualified applicants will be considered for employment without regard to, and will not be discriminated against based on race, color, ancestry, national origin, religion, age, sex, gender, marital status, sexual orientation, gender identity, disability status, veteran status, or any protected category. Beyond equal employment opportunity, Aura is committed to being an inclusive community where all feel welcome. Aura is dedicated to providing an accessible environment for all candidates during the application process and for employees during their employment. If you need accessibility assistance and/or a reasonable accommodation due to a disability, please let your Talent Acquisition Partner know. Important privacy information for United States based job applicants can be found here.