GRC Leader

Artlist is a leading creative technology company on a mission to empower creators and brands to bring their vision to life with video. Offering cutting-edge AI tools and models for image, video, and voiceover creation, alongside high-quality creative assets and powerful editing tools, Artlist enables creators to stay on trend, and achieve their creative goals. Trusted by over 30 million creators worldwide and top brands including Google, Amazon, Microsoft, and Versace, Artlist provides a seamless, subscription-based platform with a global license, giving creators everything they need to produce professional video content efficiently. For more information, visit artlist.io.

We’re seeking a GRC (Governance, Risk & Compliance) Lead to join our Security & IT team- a strategic role at the crossroads of cloud security, AI governance, and compliance management.

As GRC Lead, you’ll own Artlist’s governance and risk strategy across our cloud-native and AI-driven environments, ensuring alignment with frameworks such as SOC 2, ISO 27001, and GDPR. You’ll work closely with Product, R&D, Legal, and IT leadership to build scalable policies, oversee audits, and support the secure growth of our technology platforms and AI initiatives.

This is a key position for someone who can translate security and compliance principles into business value, helping Artlist innovate securely at global scale.

Responsibilities

Governance & Policy Management

• Develop, maintain, and communicate information security and AI governance policies, standards, and procedures.
• Establish clear guidelines for the secure use and development of AI tools and data-driven products.
• Collaborate with IT, DevOps, and Legal to ensure compliance alignment across GCP-based infrastructure and global operations.

Risk Management & Compliance

• Lead Artlist’s governance and risk program- identifying, assessing, and tracking security and compliance risks across cloud and AI systems.
• Drive and coordinate all external audits and certifications (SOC 2, ISO 27001, GDPR, etc.).
• Conduct internal control testing and readiness assessments to ensure a strong compliance posture.
• Oversee vendor and third-party risk management, including SaaS platforms and AI technology providers.

Security Program & Cross-Functional Collaboration

• Partner with Product and Engineering teams to embed “security and privacy by design” practices into product workflows.
• Support the secure adoption and monitoring of AI systems, ensuring compliance with privacy, data residency, and model governance standards.
• Collaborate with IT and DevOps on business continuity, disaster recovery, and incident response readiness.

Reporting & Continuous Improvement

• Deliver management reports, dashboards, and risk summaries with actionable insights.
• Identify opportunities to automate compliance evidence collection and risk assessments across GCP and SaaS environments.
• Continuously track new regulatory, AI, and security frameworks to future-proof Artlist’s compliance strategy.

• 5+ years of experience in information security governance, risk, and compliance (GRC) roles.
• Proven experience in cloud-native environments (preferably GCP or AWS).
• Strong understanding of SOC 2, ISO 27001, GDPR, NIST, and related frameworks.
• Experience managing external audits and certification processes from end to end.
• Familiarity with AI governance, data protection, and ethical AI frameworks.
• Hands-on experience with GRC automation tools (e.g., Whistic, Vanta, Rescana, Drata).
• Excellent communication and collaboration skills — able to bridge technical and non-technical teams.
• Strong project management and documentation skills across multiple global stakeholders.
• Fluent English (verbal and written).

Nice to Have

• Experience in a SaaS or product company, especially supporting creative or AI-driven platforms.
• Understanding of security architecture and controls in AWS/GCP/Azure (IAM, VPCs, encryption, logging).
• Knowledge in AI model security, data governance, and compliance for ML pipelines.