Responsibilities
- Design and test prompts: Work with engineers and PMs to shape AI behavior, define edge cases, and review outputs for accuracy and usefulness.
- Own the ground truth: Build and maintain the βtruth layerβ β datasets and rating guides that represent correct, real-world GRC answers.
- Evaluate and improve quality: Run side-by-side reviews, define launch-readiness criteria, and measure ongoing quality and drift after release.
- Ensure responsible AI use: Help design AI systems that respect privacy, minimize hallucinations, and produce explainable, auditable results.
- Document and teach: Write clear guides, checklists, and examples others can reuse; host short training sessions to raise the bar for AI quality across teams.
- Collaborate widely: Partner with Product, Eng, and GTM teams to connect AI improvements directly to customer trust and business impact.
Requirements
- 5-7+ years of GRC or InfoSec experience across frameworks like SOC 2, ISO 27001, HIPAA, PCI DSS, or NIST.
- 1-3 years applying that expertise to AI-assisted workflows - building evaluation sets, reviewing AI outputs, or helping ship AI features.
- Strong understanding of evidence, controls, and compliance workflows (TPRM, risk, policy, customer trust).
- Skilled at writing clear instructions and evaluation guides others can follow consistently.
- Comfortable working with structured data (Sheets, logs, exports) and translating GRC artifacts into usable AI context.
- Curious, methodical, and motivated to build systems that make AI both smarter and safer.
- Certifications like CISA, CISSP, CCSK, or CIPM/CIPT are a plus.