Security Engineer - Governance Risk Compliance

ABOUT THE ROLE:

RESPONSIBILITIES:

• Execute security compliance implementation and audits (e.g., ISO 27001/42001, SOC2, FedRAMP HIGH, DoD Cloud Computing SRG IL5/IL6, NIST 800-53 rev 5, NIST 800-171/CMMC, Risk Management Framework).
• Work with 3PAOs (Third-Party Assessment Organizations) and federal government Authorizing Officials (AOs) to achieve compliance certifications, reports, and Authorized to Operate (ATO) status.
• Identify, assess, and prioritize risks related to AI operations, cybersecurity, regulatory compliance, intellectual property, and cloud deployments.
• Design and implement risk mitigation strategies, including monitoring systems, contingency plans, vulnerability scans, Plan of Action and Milestones (POAMs), and STIGs.
• Ensure the implementation, oversight, monitoring, and maintenance of security configurations, practices, and procedures throughout the project lifecycle.
• Serve as a liaison between system owners, security personnel, and cross-functional teams to facilitate effective communication, collaboration, and control implementation.
• Lead Risk Management Assessment and Authorization (A&A) processes, cloud system risk assessments, compliance reviews for new products/changes/features, and process enhancements.
• Conduct regular risk assessments, scenario analyses, and proactive evaluations of emerging threats, certifications, requirements, and technologies in the AI landscape.
• Oversee audits, certifications, third-party assessments, and vulnerability management to maintain compliance and operational credibility.
• Act as a subject matter expert, providing guidance on risk, compliance, and cybersecurity matters; translate business and technical risks for leadership.
• Create and present regular reports on GRC performance, risks, and compliance status to senior leadership and stakeholders.

BASIC QUALIFICATIONS:

• Bachelor’s degree in computer science, Information Security, Cybersecurity, or in an engineering/STEM field
• 3+ years of experience in governance, risk management, compliance, or technology audit roles.
• Experience with vulnerability management, POAMs, STIG implementation, and cloud security controls.

PREFERRED SKILLS AND EXPERIENCE:

• 5+ years of security compliance or technology audit-related.
• Previous systems engineering experience strongly preferred
• Ability to evaluate control objectives with IT configurations
• Experience in the tech or AI industry, particularly with startups, innovative organizations, or government/public sector engagements.
• Proven expertise in regulatory frameworks, data privacy, cybersecurity, and federal compliance standards, preferably in a technology, cloud, or AI-driven environment.
• Strong understanding of AI ethics, emerging technologies, Risk Management Framework (RMF), and their associated risks.
• Exceptional analytical, problem-solving, organizational, and project management skills, with the ability to balance innovation, oversight, and taking projects from conception to launch.
• Excellent communication, stakeholder management, and translation skills, with experience influencing cross-functional teams and communicating risks to leadership.
• Ability to thrive in a fast-paced, dynamic environment and adapt to evolving priorities.
• Certifications like CISA, CRISC, CGEIT, Security+, CASP+, or similar preferred.
• Deep expertise maintaining frameworks such as FedRAMP, DoD Cloud Computing SRG, NIST 800-171, NIST 800-53, CMMC, and STIG/RMF policies (including validation via ACAS and similar tools).
• Familiarity with ISO 27001, ISO 42001, NIST, SOC 2, or similar compliance frameworks.
• Background in managing third-party risk, vendor compliance programs, or federal assessments.
• Understanding of cybersecurity controls for cloud service providers.
• Knowledge of government cloud services and evolving certification programs.

COMPENSATION AND BENEFITS:

$100,000 - $228,000 USD

Base salary is just one part of our total rewards package at xAI, which also includes equity, comprehensive medical, vision, and dental coverage, access to a 401(k) retirement plan, short & long-term disability insurance, life insurance, and various other discounts and perks.

ITAR REQUIREMENTS:

• To conform to U.S. Government export regulations, applicant must be a (i) U.S. citizen or national, (ii) U.S. lawful, permanent resident (aka green card holder), (iii) Refugee under 8 U.S.C. § 1157, or (iv) Asylee under 8 U.S.C. § 1158, or be eligible to obtain the required authorizations from the U.S. Department of State. Learn more about the ITAR here.