Anthropic· Security· San Francisco, CA | New York City, NY | Seattle, WA
Engineering Manager, GRC
Classified Tasks (25)
Automate 0%Augment 84%Human-Only 16%
Augment (21)
AI assists, human decides
Establish foundational GRC processes and architecture.
operational
Design and build automated workflows for risk management and compliance to create scalable systems.
technical
Enable continuous monitoring of compliance posture through designed systems and workflows.
operational
Build data pipelines that aggregate risk, control, and asset information from across the technology stack.
technical
Map disparate schemas and resolve inconsistent data quality to create unified compliance datasets.
analytical
Create unified views of compliance posture through dashboards and reporting tools.
communication
Translate written policies and compliance requirements into policy-as-code.
technical
Work with Engineering and Security teams to express requirements as enforceable rules, automated checks, and continuous validation.
technical
Establish feedback loops between policy and implementation to surface where technical controls diverge from written requirements.
operational
Ensure compliance requirements are expressed in terms engineers can act on.
communication
Design and deploy agentic AI workflows using Claude to extend team capacity as a virtual GRC analyst.
technical
Automate evidence analysis using agentic AI workflows.
technical
Monitor control effectiveness using agentic AI workflows.
operational
Draft audit responses using agentic AI workflows.
communication
Interpret policy documents using agentic AI workflows.
analytical
Automate interpretation of unstructured information and triage compliance gaps using agentic AI.
analytical
Identify opportunities to apply agentic AI to accelerate evidence collection and augment human judgment in risk assessments.
analytical
Design and maintain integrations connecting GRC tooling with cloud infrastructure, identity management systems, HRIS platforms, ticketing systems, version control, and CI/CD pipelines.
technical
Collaborate with engineers to implement integrations between GRC tooling and other systems.
communication
Translate compliance and regulatory requirements into technical solutions that support audit programs (e.g., SOC 2, ISO, HIPAA, FedRAMP).
technical
Build systems that combine traditional automation with AI capabilities to achieve scalable compliance and risk management.
technical
Human-Only (4)
Requires human judgment
Lead the team that designs and implements automated workflows, data pipelines, and integrations for GRC.
leadership
Establish the GRC automation team, architecture, and integrations that define the organization’s approach to governance, risk, and compliance.
leadership
Inform GRC platform strategy and implementation by evaluating, selecting, and deploying tooling in partnership with other programs.
leadership
Identify where policies need to evolve based on infrastructure realities.
analytical
Job description
About Anthropic Anthropic’s mission is to create reliable, interpretable, and steerable AI systems. We want AI to be safe and beneficial for our users and for society as a whole. Our team is a quickly growing group of committed researchers, engineers, policy experts, and business leaders working together to build beneficial AI systems. About the Role We are seeking a GRC Automation Lead to join our GRC organization and build the technical foundation for how we scale our risk and compliance programs. In this role, you will lead the team that designs and implements automated workflows, data pipelines, and integrations that transform manual compliance processes into scalable engineering systems. This is a greenfield opportunity to establish the team, architecture, and integrations that will define how we approach governance, risk, and compliance at Anthropic. The core challenge is a data problem: compliance information lives across dozens of systems—cloud infrastructure, identity providers, HR platforms, ticketing tools, code repositories—and your job is to design systems that bring it together, normalize it, and make it actionable. Success in this role comes from understanding how systems connect and how data flows between them, not from writing code yourself. At Anthropic, you'll also have a unique advantage: the ability to design AI-powered workflows where Claude acts as an extension of your team, handling tasks that would traditionally require additional headcount or manual effort. You'll need ingenuity to identify where agentic AI can accelerate evidence collection, interpret unstructured data, triage compliance gaps, and augment human judgment in risk assessments. Working closely with Security, IT, and Engineering teams, you'll translate compliance and regulatory requirements into solutions that support audit programs including SOC 2, ISO, HIPAA, and FedRAMP, building systems that combine traditional automation with AI capabilities to achieve scale that wouldn't otherwise be possible. Responsibilities: Lead the team that establishes foundational GRC processes and architecture. Design and build automated workflows for risk management and compliance, creating scalable systems that enable continuous monitoring as Anthropic grows. Build data pipelines that aggregate risk, control, and asset information from across our technology stack. This means solving hard data integration problems: mapping disparate schemas, handling inconsistent data quality, and creating unified views of compliance posture through dashboards and reporting tools. Inform GRC platform strategy and implementation: in partnership with other programs, evaluate, select, and deploy tooling that meets our compliance requirements. Translate written policies and compliance requirements into policy-as-code—working with Engineering and Security teams to express requirements as enforceable rules, automated checks, and continuous validation rather than static documents. Establish feedback loops between policy and implementation: surface where technical controls diverge from written requirements, identify where policies need to evolve based on infrastructure realities, and ensure that compliance requirements are expressed in terms engineers can act on. Design and deploy agentic AI workflows that extend team capacity, using Claude to serve as a virtual GRC analyst to automate evidence analysis, monitor control effectiveness, draft audit responses, interpret policy documents, and handle other tasks that require reasoning over unstructured information. Design and maintain integrations connecting GRC tooling with cloud infrastructure, identity management systems, HRIS platforms, ticketing systems, version control, and CI/CD pipelines—working with engineers to implement integrations that enable autom