Member of GRC Staff

Runway
remote across the US / NYC, USA / San Francisco, USA2026-06-22Remote

About the job

As a member of the GRC staff at Runway, you will contribute to our governance, risk management, and compliance programs during a pivotal time in both our company's growth and the broader AI industry. This role combines traditional information security compliance with the unique challenges of ensuring safe and responsible AI system development. You will play a crucial role in ensuring our AI systems are developed and deployed responsibly, helping us maintain trust with customers, regulators, and the public while advancing the frontiers of artificial intelligence.

Responsibilities

Design and implement a comprehensive GRC framework that addresses both traditional security controls and novel AI safety considerations; Lead engagements with external auditors and assessors to obtain and maintain critical security certifications (SOC 2, ISO 27001/27701/42001, FedRAMP, etc.); Own and help fulfill GDPR data subject requests, including access (DSARs) and erasure/deletion requests that involve coordinating with Legal, Support, and engineering on data sourcing and response workflows; Review and redline the security and data protection terms of customer and vendor contracts (TOMs, DPAs, MSAs) in partnership with Legal; Partner with AI research teams to develop and implement appropriate safeguards and controls for machine learning systems; Create and maintain security policies, standards, and procedures that balance innovation with appropriate risk management; Maintain AI governance documentation and internal AI usage guidelines, monitoring changes from model and AI tool providers (e.g., retention and data-use terms) and reconciling them into company policy; Develop and oversee security awareness and training programs across the organization; Drive continuous improvement of security controls and risk management processes; Serve as a key advisor to leadership on security, privacy, and AI safety matters; Manage relationships with customers, auditors, and other external stakeholders

Qualifications

Minimum

7+ years of experience in information security, risk management, or compliance roles; Deep understanding of security frameworks and standards (NIST, ISO 27001, SOC 2); Hands-on experience running SOC 2 Type II and ISO 27001 audits; Experience building compliance programs in fast-paced technology environments; Strong knowledge of privacy regulations and requirements (GDPR, CCPA) including operational experience handling data subject access and deletion requests; Experience completing customer security questionnaires and supporting Sales on security due diligence; Excellent communication skills with ability to effectively engage technical and non-technical stakeholders; Experience with cloud security and modern development practices; Understanding of machine learning concepts and AI development workflows

Preferred

Experience in AI/ML company or research organization; Experience with AI safety and ethics frameworks; Background in implementing automated security controls