Anthropic
Security Risk Analyst
Job Summary
This role is centered on building and scaling the risk management function within Anthropic's Compliance Team, focusing on evaluating and mitigating security and compliance risks in the AI industry. The candidate will analyze complex risk scenarios, develop assessment methodologies, and collaborate across teams to implement effective controls. Experience with security frameworks such as SOC2, ISO 27001, FedRAMP, or HIPAA is essential, along with strong quantitative risk analysis skills. The position requires engaging with stakeholders to foster a risk-aware culture and ensure the effectiveness of risk controls in a rapidly evolving technological environment.
Required Skills
Benefits
Job Description
About Anthropic
Anthropic’s mission is to create reliable, interpretable, and steerable AI systems. We want AI to be safe and beneficial for our users and for society as a whole. Our team is a quickly growing group of committed researchers, engineers, policy experts, and business leaders working together to build beneficial AI systems.
About the role
As part of Anthropic's Compliance Team, you'll help build and scale our risk management function. This unique role requires taking well established risk frameworks and adapting them to manage security and compliance risks in the rapidly evolving AI landscape.You’ll be a key contributor in shaping how the organization evaluates and mitigates risks that evolve from industry leading research, products, and public policy. As our Risk Analyst reporting to the Head of Compliance, you'll be responsible for bringing clarity to complex risk scenarios, developing innovative assessment methodologies, and ensuring our risk management approach scales with our ambitious mission to ensure transformative AI helps people and society flourish.
Responsibilities:
- Triage and evaluate submitted risks through comprehensive assessment of inherent and residual risk scores, aligning with company policies, objectives, and our current control environment
- Drive collaborative engagement with stakeholders across the organization to develop effective risk treatment plans and establish robust mitigating controls
- Contribute to and maintain our Controls Portfolio by documenting mitigating controls and ensuring accurate mapping to relevant compliance frameworks
- Partner with the Risk Management Lead to analyze and report on key risk metrics and trends, providing actionable insights for executive decision-making and strategic planning
- Shape the evolution of our risk management program, helping build and refine processes that scale with our growing organization
- Ensure the effectiveness of risk management controls through rigorous monitoring and documentation support for both internal and external audits
You may be a good fit if you:
- Have 5-10 years of experience in governance, risk, and/or compliance roles, with a track record of adapting frameworks to evolving business needs
- Have navigated compliance challenges within high-growth organizations, particularly in heavily regulated environments
- Possess deep understanding of information security risks, controls, and threat models, with the ability to apply this knowledge to emerging technology challenges
- Bring hands-on experience with security frameworks such as SOC2, ISO 27001, FedRAMP, and HIPAA
- Excel at quantitative risk analysis and can adapt frameworks to novel use cases
- Can effectively translate complex security risks for diverse stakeholders, bridging technical details with business context to foster a risk-aware culture
Strong candidates may also have experience with:
- Hands-on experience with GRC platforms, project management tools, and service management systems, with a focus on scaling and automating risk processes
- Bring experience building or significantly improving risk management programs within high-growth technology organizations, particularly those dealing with emerging technologies
- Hold relevant certifications such as CRISC, ISC2 Risk Management, ISO 31000, or other information security risk credentials that demonstrate commitment to the craft
Deadline to apply: None. Applications will be reviewed on a rolling basis.
The expected salary range for this position is:
Logistics
Education requirements: We require at least a Bachelor's degree in a related field or equivalent experience.
Location-based hybrid policy: Currently, we expect all staff to be in one of our offices at least 25% of the time. However, some roles may require more time in our offices.
Visa sponsorship: We do sponsor visas! However, we aren't able to successfully sponsor visas for every role and every candidate. But if we make you an offer, we will make every reasonable effort to get you a visa, and we retain an immigration lawyer to help with this.
We encourage you to apply even if you do not believe you meet every single qualification. Not all strong candidates will meet every single qualification as listed. Research shows that people who identify as being from underrepresented groups are more prone to experiencing imposter syndrome and doubting the strength of their candidacy, so we urge you not to exclude yourself prematurely and to submit an application if you're interested in this work. We think AI systems like the ones we're building have enormous social and ethical implications. We think this makes representation even more important, and we strive to include a range of diverse perspectives on our team.
How we're different
We believe that the highest-impact AI research will be big science. At Anthropic we work as a single cohesive team on just a few large-scale research efforts. And we value impact — advancing our long-term goals of steerable, trustworthy AI — rather than work on smaller and more specific puzzles. We view AI research as an empirical science, which has as much in common with physics and biology as with traditional efforts in computer science. We're an extremely collaborative group, and we host frequent research discussions to ensure that we are pursuing the highest-impact work at any given time. As such, we greatly value communication skills.
The easiest way to understand our research directions is to read our recent research. This research continues many of the directions our team worked on prior to Anthropic, including: GPT-3, Circuit-Based Interpretability, Multimodal Neurons, Scaling Laws, AI & Compute, Concrete Problems in AI Safety, and Learning from Human Preferences.
Come work with us!
Anthropic is a public benefit corporation headquartered in San Francisco. We offer competitive compensation and benefits, optional equity donation matching, generous vacation and parental leave, flexible working hours, and a lovely office space in which to collaborate with colleagues.
Anthropic
Anthropic is an AI safety and research company. We build reliable, interpretable, and steerable AI systems.
See more jobsSafe Remote Job Search Tips
Verify Employer Thoroughly
Research the company's identity thoroughly before applying. Check for a professional website with contacts, active social media, and LinkedIn profiles. Verify details across platforms and look for reviews on Glassdoor or Trustpilot to confirm legitimacy.
Never Pay to Get a Job
Legitimate employers never require payment for applications, training, background checks, or equipment. Always reject upfront payment requests or demands for bank details, even if they claim it's for purchasing necessary work gear on your behalf.
Safeguard Your Personal Information
Protect sensitive data like SSN, bank details, or ID copies. Share this only after accepting a formal, written job offer. Ensure it's submitted via a secure company system or portal, never through insecure channels like standard email attachments.
Scrutinize Communication & Interviews
Watch for communication red flags: poor grammar, generic emails (@gmail), vague details, or undue pressure. Be highly suspicious of interviews held only via text or chat apps; legitimate companies typically use video or phone calls.
Beware of Unrealistic Offers
If an offer's salary or benefits seem unrealistically high for the work involved, be cautious. Research standard pay for similar roles. Offers that appear 'too good to be true' are often scams designed to lure you into providing information or payment.
Insist on a Formal Contract
Always secure and review a formal, written job offer or employment contract before starting work or sharing final personal details. Ensure it clearly defines your role, compensation, key terms, and conditions to avoid misunderstandings or scams.