GRC AI Subject Matter Expert, Product

At Vanta, our mission is to help businesses earn and prove trust. We believe that security should be monitored and verified continuously, and we empower companies to practice better security and prove it with ease. Vanta has a kind and talented team, and while some have prior security experience, many have been successful at Vanta without it. 

As we scale AI across the Vanta platform, we’re building intelligent agents that power core GRC workflows — from Third-Party Risk and Customer Trust to Risk & Issue Management and Compliance Frameworks.

That’s where you come in. As a GRC AI Subject Matter Expert (AI SME), you’ll help make sure our AI features are accurate, auditable, and aligned with real-world compliance standards. You’ll bridge deep GRC knowledge with hands-on AI evaluation, ensuring that every model output we ship is trustworthy, explainable, and customer-ready.

You’ll sit in the Security (ESP) organization and collaborate closely with Product Management, AI Platform Engineering, Design, Security & Privacy, and GTM teams to build AI features customers can truly rely on.

What you’ll do as a GRC SME at Vanta:

• Design and test prompts: Work with engineers and PMs to shape AI behavior, define edge cases, and review outputs for accuracy and usefulness.

• Own the ground truth: Build and maintain the “truth layer” — datasets and rating guides that represent correct, real-world GRC answers.

• Evaluate and improve quality: Run side-by-side reviews, define launch-readiness criteria, and measure ongoing quality and drift after release.

• Ensure responsible AI use: Help design AI systems that respect privacy, minimize hallucinations, and produce explainable, auditable results.

• Document and teach: Write clear guides, checklists, and examples others can reuse; host short training sessions to raise the bar for AI quality across teams.

• Collaborate widely: Partner with Product, Eng, and GTM teams to connect AI improvements directly to customer trust and business impact.

How to be successful in this role:

• 5-7+ years of GRC or InfoSec experience across frameworks like SOC 2, ISO 27001, HIPAA, PCI DSS, or NIST.

• 1-3 years applying that expertise to AI-assisted workflows - building evaluation sets, reviewing AI outputs, or helping ship AI features.

• Strong understanding of evidence, controls, and compliance workflows (TPRM, risk, policy, customer trust).

• Skilled at writing clear instructions and evaluation guides others can follow consistently.

• Comfortable working with structured data (Sheets, logs, exports) and translating GRC artifacts into usable AI context.

• Curious, methodical, and motivated to build systems that make AI both smarter and safer.

• Certifications like CISA, CISSP, CCSK, or CIPM/CIPT are a plus.

• Open to using AI to amplify their skills and strengthen their work - demonstrating curiosity, a willingness to learn, and sound judgment in applying AI responsibly to improve efficiency and impact.

What you can expect as a Vanta'n:

• Industry-competitive salary and equity

• Comprehensive medical, dental, and vision coverage, with 100% of employee-only benefit premiums covered for most medical plans

• 16 weeks paid Parental Leave for all new parents

• Health & wellness stipend

• Remote workspace, internet, and cellphone stipend

• Commuter benefits for team members who report to the SF and NYC office

• Family planning benefits

• Matching 401(k) contribution with immediate vesting

• Flexible PTO policy, plus 80 hours of Sick Time

• 11 company-paid holidays

• Virtual team building activities, lunch and learns, and other company-wide events!

• Offices in SF, NYC, London, Dublin, Tel Aviv, and Sydney

To provide greater transparency to candidates, we share base pay ranges for all US-based job postings regardless of state. We set standard base pay ranges for all roles based on function, level, and country location, benchmarked against similar-stage growth companies. Final offer amounts are determined by multiple factors and may vary based on candidate location, skills, depth of work experience, and relevant licenses/credentials.

#LI-remote

At Vanta, we are committed to hiring diverse talent of different backgrounds and as such, it is important to us to provide an inclusive work environment for all. We do not discriminate on the basis of race, gender identity, age, religion, sexual orientation, veteran or disability status, or any other protected class. As an equal opportunity employer, we encourage and welcome people of all backgrounds to apply.

About Vanta

We started in 2018, in the wake of several high-profile data breaches. Online security was only becoming more important, but we knew firsthand how hard it could be for fast-growing companies to invest the time and manpower it takes to build a solid security foundation. Vanta was inspired by a vision to restore trust in internet businesses by enabling companies to improve and prove their security. From our early days automating security monitoring for compliance standards like SOC 2, HIPAA and ISO 27001 to creating the world's leading Trust Management Platform, our vision remains unchanged. 

Now more than ever, making security continuous—not just a point-in-time check— is essential. Thousands of companies rely on Vanta to build, maintain and demonstrate their trust— all in a way that's real-time and transparent.

Referral Instructions

If you are being referred for the role, please contact that person to apply on your behalf.