About the role
As part of Anthropic's Compliance Team, you'll help build and scale our risk management function. This unique role requires taking well established risk frameworks and adapting them to manage security and compliance risks in the rapidly evolving AI landscape.You’ll be a key contributor in shaping how the organization evaluates and mitigates risks that evolve from industry leading research, products, and public policy. As our Risk Analyst reporting to the Head of Compliance, you'll be responsible for bringing clarity to complex risk scenarios, developing innovative assessment methodologies, and ensuring our risk management approach scales with our ambitious mission to ensure transformative AI helps people and society flourish.
Responsibilities:
- Triage and evaluate submitted risks through comprehensive assessment of inherent and residual risk scores, aligning with company policies, objectives, and our current control environment
- Drive collaborative engagement with stakeholders across the organization to develop effective risk treatment plans and establish robust mitigating controls
- Contribute to and maintain our Controls Portfolio by documenting mitigating controls and ensuring accurate mapping to relevant compliance frameworks
- Partner with the Risk Management Lead to analyze and report on key risk metrics and trends, providing actionable insights for executive decision-making and strategic planning
- Shape the evolution of our risk management program, helping build and refine processes that scale with our growing organization
- Ensure the effectiveness of risk management controls through rigorous monitoring and documentation support for both internal and external audits
You may be a good fit if you:
- Have 5-10 years of experience in governance, risk, and/or compliance roles, with a track record of adapting frameworks to evolving business needs
- Have navigated compliance challenges within high-growth organizations, particularly in heavily regulated environments
- Possess deep understanding of information security risks, controls, and threat models, with the ability to apply this knowledge to emerging technology challenges
- Bring hands-on experience with security frameworks such as SOC2, ISO 27001, FedRAMP, and HIPAA
- Excel at quantitative risk analysis and can adapt frameworks to novel use cases
- Can effectively translate complex security risks for diverse stakeholders, bridging technical details with business context to foster a risk-aware culture
Strong candidates may also have experience with:
- Hands-on experience with GRC platforms, project management tools, and service management systems, with a focus on scaling and automating risk processes
- Bring experience building or significantly improving risk management programs within high-growth technology organizations, particularly those dealing with emerging technologies
- Hold relevant certifications such as CRISC, ISC2 Risk Management, ISO 31000, or other information security risk credentials that demonstrate commitment to the craft
Deadline to apply: None. Applications will be reviewed on a rolling basis.
