About the Team

Governance, Risk, and Compliance (GRC) is at the foundation of OpenAI’s mission to ensure that artificial general intelligence benefits all of humanity.  The GRC team provides security assurances and builds compliance for OpenAI’s technology, people, and products. We are technical in what we build but are operational in how we do our work, and are committed to supporting all products and research at OpenAI. Our team tenets include: prioritizing for impact; enabling sales, product, and research; preparing for future transformative technologies; and engaging a robust security and compliance culture.  

About the Role

As a Compliance Engineer, you will help our Engineering, HR, Legal, and Privacy teams implement security and compliance controls across our infrastructure, products, and organization. You’ll work closely with numerous teams to build these controls, ensuring they are minimally disruptive and support a robust and agile approach to risk management. In this role, you will navigate complex regulatory frameworks including ISO, SOC, DSA, FedRAMP, and more to provide practical guidance on technical architecture and process implementation/documentation. You will build practical compliance controls that are sustainable and ensure the rapid scalability that will allow us to continue to grow quickly and effectively.

We are looking for people who enjoy operating in a high accountability, high expectation environment where the goal is always to produce the best solution. Honesty, openness to new ideas, and willingness to accept and respond to feedback are critical. This position requires a combination of building compliance controls, managing audits, collaborating across the organization, process management, process optimization, and risk based decision making skills with a focus on execution.

This role is based in San Francisco, CA. We use a hybrid work model of 3 days in the office per week and offer relocation assistance to new employees.

In this role, you will:

• Partner with engineering teams to implement and audit OpenAI’s security controls across our products, infrastructure, and internal processes.
• Work closely with the teams at OpenAI to shape controls and enable an agile approach to Risk Management across the organization. 
• Directly facilitate operational, regulatory, and certification security requirements (e.g., SOC2, ISO, NIST 800-53, etc.) and manage audits to successful outcomes.
• Design and build automation for compliance and security controls.
• Design efficient organizational processes to enable compliance across the organization. 
• Align across departments on the roadmaps for implementation of processes and controls.

You might thrive in this role if you have:

• Experience leading 3rd party compliance audits and control implementation (SOC2, ISO, HIPAA, NIST, etc.).
• A robust understanding of security and privacy compliance and regulatory standards.
• Deep understanding of cloud infrastructure and security concepts, including experience with managing compliance requirements against distributed consumer and enterprise applications.
• Excellent project management skills, with a track record of having delivered on complex initiatives in a fast-moving environment.
• A strong technical background, with prior experience as a security, software, or IT engineer as a bonus.
• Ability to clearly distill compliance requirements into internal requirements for various teams including engineering, security, and legal. 
• Ability to empathize and collaborate with colleagues, independently manage and run projects, and prioritize efforts for risk reduction.
• Strong attention to detail.

We are an equal opportunity employer and do not discriminate on the basis of race, religion, national origin, gender, sexual orientation, age, veteran status, disability or any other legally protected status. Pursuant to the San Francisco Fair Chance Ordinance, we will consider qualified applicants with arrest and conviction records. 

We are committed to providing reasonable accommodations to applicants with disabilities, and requests can be made via this link.

OpenAI US Applicant Privacy Policy