GRC AI Subject Matter Expert, Product
Company:Vanta
Location:United States
Languages:English
Seniority level:Senior, 5-7+ years
Experience:5-7+ years
Skills:
Artificial IntelligenceCybersecurityData AnalysisMachine LearningComplianceRisk Management
Requirements:
5-7+ years of GRC or InfoSec experience across frameworks like SOC 2, ISO 27001, HIPAA, PCI DSS, or NIST. 1-3 years applying GRC expertise to AI-assisted workflows (building evaluation sets, reviewing AI outputs, or helping ship AI features). Strong understanding of evidence, controls, and compliance workflows (TPRM, risk, policy, customer trust). Skilled at writing clear instructions and evaluation guides. Comfortable working with structured data and translating GRC artifacts into usable AI context. Curious, methodical, and motivated to build systems that make AI both smarter and safer. Certifications like CISA, CISSP, CCSK, or CIPM/CIPT are a plus.
Responsibilities:
Design and test prompts to shape AI behavior and review outputs. Build and maintain the 'truth layer' (datasets and rating guides) for GRC answers. Evaluate and improve AI quality through side-by-side reviews and defining launch-readiness criteria. Design AI systems that respect privacy, minimize hallucinations, and produce explainable results. Write guides and host training sessions to improve AI quality. Partner with Product, Eng, and GTM teams to connect AI improvements to customer trust and business impact.
