[Remote] GRC AI Subject Matter Expert, Product at Vanta

United States

Apply Now

Not SpecifiedCompensation

N/AExperience Level

N/AJob Type

Not SpecifiedVisa

N/AIndustries

Requirements

5-7+ years of GRC or InfoSec experience across frameworks like SOC 2, ISO 27001, HIPAA, PCI DSS, or NIST
1-3 years applying GRC expertise to AI-assisted workflows
Strong understanding of evidence, controls, and compliance workflows (TPRM, risk, policy, customer trust)
Skilled at writing clear instructions and evaluation guides others can follow consistently
Comfortable working with structured data (Sheets, logs, exports) and translating GRC artifacts into usable AI context
Curious, methodical, and motivated to build systems that make AI both smarter and safer
Certifications like CISA, CISSP, CCSK, or CIPM/CIPT are a plus

Responsibilities

Design and test prompts to shape AI behavior, define edge cases, and review outputs for accuracy and usefulness
Own the ground truth by building and maintaining the “truth layer” — datasets and rating guides that represent correct, real-world GRC answers
Evaluate and improve quality by running side-by-side reviews, defining launch-readiness criteria, and measuring ongoing quality and drift after release
Ensure responsible AI use by helping design AI systems that respect privacy, minimize hallucinations, and produce explainable, auditable results
Document and teach by writing clear guides, checklists, and examples others can reuse; hosting short training sessions to raise the bar for AI quality across teams
Collaborate widely with Product, Eng, and GTM teams to connect AI improvements directly to customer trust and business impact

Skills

Vanta

Automates SOC 2 compliance for businesses

About Vanta

Vanta simplifies the process of obtaining and maintaining SOC 2 certification, which is essential for organizations that manage sensitive customer data. The company offers a software-as-a-service (SaaS) platform that automates numerous checks to ensure that security controls are effective and compliant with industry standards. This automation helps small to medium-sized enterprises (SMEs) and tech companies monitor risks and vulnerabilities continuously, significantly reducing the time and cost associated with achieving SOC 2 compliance. Vanta's subscription-based model provides clients with a more efficient and cost-effective way to maintain compliance compared to traditional methods. The goal of Vanta is to transform the compliance process, allowing organizations to focus on their core operations while enhancing their security posture.

San Francisco, CaliforniaHeadquarters

2018Year Founded

$343.4MTotal Funding

SERIES_CCompany Stage

Enterprise Software, CybersecurityIndustries

501-1,000Employees

Benefits

100% Benefits Coverage

Flexible & Remote Work

Paid Parental Leave

Unlimited PTO

Health & Wellness

401(k)

Risks

Emerging competitors like ComplyCube could challenge Vanta's market position.

Healthcare data breaches may increase demand for more robust security measures.

Reliance on partnerships like HITRUST poses risks if standards evolve significantly.

Differentiation

Vanta automates up to 90% of audit preparation, reducing compliance costs significantly.

The platform offers real-time insights, enhancing trust and streamlining security reviews.

Vanta's HITRUST e1 solution automates 80% of requirements, ensuring continuous compliance.

Upsides

Vanta secured $150M in Series C funding, boosting its growth potential.

Partnership with HITRUST enhances Vanta's credibility in the healthcare sector.

Rising demand for automated compliance solutions supports Vanta's market expansion.

Land your dream remote job 3x faster with AI

Try Jobo Free