Compliance Engineer

About the Team

Governance, Risk, and Compliance (GRC) is at the foundation of OpenAI’s mission to ensure that artificial general intelligence benefits all of humanity.  The GRC team provides security assurances and builds compliance for OpenAI’s technology, people, and products. We are technical in what we build but are operational in how we do our work, and are committed to supporting all products and research at OpenAI. Our team tenets include: prioritizing for impact; building automation into compliance; continuous monitoring; enabling partner teams; preparing for future transformative technologies; and creating a robust security and compliance culture.   

About the Role

As a Compliance Engineer, you will be responsible for building automation and monitoring for OpenAI’s compliance controls, as well as representing these controls in internal and external audits. The Compliance Engineering team is responsible for building the technical architecture that will ensure OpenAI’s continuous compliance programs. You’ll work closely with teams such as Security, IT, HR, Product, Legal, and Product Engineering to build compliance controls that can be automated and scaled across our infrastructure and products. You will navigate complex compliance frameworks including ISO, SOC2, DSA, etc. to provide technical expertise to teams implementing security, privacy, and other compliance controls. You will be responsible for ensuring these controls can scale rapidly in order to allow us to continue to grow quickly and effectively. 

We are looking for people who enjoy operating in a high accountability, high expectation environment where the goal is always to produce the best solution. Honesty, openness to new ideas, and willingness to accept and respond to feedback are critical. This position requires a combination of basic coding skills, technical problem solving, managing audits, collaborating across the organization, process management, process optimization, and risk based decision making skills with a focus on execution.

This role is based in San Francisco, CA. We use a hybrid work model of 3 days in the office per week and offer relocation assistance to new employees.

In this role, you will:

• Partner with engineering teams to implement and audit OpenAI’s security controls across our products, infrastructure, and internal processes.
• Utilize your coding skills to build compliance controls that generate machine readable data points and monitor that data for continuous assurance.
• Work closely with the teams at OpenAI to shape controls and enable an agile approach to Risk Management across the organization. 
• Directly facilitate operational, regulatory, and certification security requirements (e.g., SOC2, ISO, NIST 800-53, etc.) and manage audits to successful outcomes.
• Design and build automation for compliance and security controls.
• Design efficient organizational processes to enable compliance across the organization. 
• Align across departments on the roadmaps for implementation of processes and controls.

You might thrive in this role if you have:

• A strong technical background, with prior experience automating processes through scripting and experience as a security, software, or IT engineer as a bonus.
• Experience with Python and SQL or a background in writing code for monitoring processes.  
• Experience participating in 3rd party compliance audits and control implementation (SOC2, ISO, HIPAA, NIST, etc.).
• An understanding of security and privacy compliance and regulatory standards.
• Deep understanding of cloud infrastructure and security concepts, including experience with managing compliance requirements against distributed consumer and enterprise applications.
• Excellent project management skills, with a track record of having delivered on complex initiatives in a fast-moving environment.
• Ability to clearly distill organizational compliance requirements into internal engineering requirements for various teams including engineering and security. 
• Ability to empathize and collaborate with colleagues, independently manage and run projects, and prioritize efforts for risk reduction.
• Strong attention to detail. 

About OpenAI

OpenAI is an AI research and deployment company dedicated to ensuring that general-purpose artificial intelligence benefits all of humanity. We push the boundaries of the capabilities of AI systems and seek to safely deploy them to the world through our products. AI is an extremely powerful tool that must be created with safety and human needs at its core, and to achieve our mission, we must encompass and value the many different perspectives, voices, and experiences that form the full spectrum of humanity. 

We are an equal opportunity employer and do not discriminate on the basis of race, religion, national origin, gender, sexual orientation, age, veteran status, disability or any other legally protected status. 

For US Based Candidates: Pursuant to the San Francisco Fair Chance Ordinance, we will consider qualified applicants with arrest and conviction records.

We are committed to providing reasonable accommodations to applicants with disabilities, and requests can be made via this link.

OpenAI Global Applicant Privacy Policy

At OpenAI, we believe artificial intelligence has the potential to help people solve immense global challenges, and we want the upside of AI to be widely shared. Join us in shaping the future of technology.