Security specialist, GRC (UK) in London

About WRITER

WRITER is where the world's leading enterprises orchestrate AI-powered work. Our vision is to expand human capacity through superintelligence. We are proving it is possible through powerful, trustworthy AI that unites IT and business teams together to unlock enterprise-wide transformation.

About the role

This is your chance to shape AI governance from the ground up at one of the fastest-growing companies in enterprise AI. As a security specialist, GRC at WRITER, you will be building the frameworks that ensure our AI platform earns and keeps the trust of the world's most demanding enterprises. You are not just checking boxes—you are creating the compliance infrastructure that enables WRITER to scale safely and securely while moving at the speed of innovation.

The opportunity here is extraordinary: you will work at the intersection of AI, security, and business enablement, helping define what governance looks like for enterprise AI systems that did not exist a few years ago. You will lead audit engagements for SOC 2, ISO 27001, and other critical certifications, respond to customer security assessments that directly impact major deals, and build the policies and controls that protect both our AI models and the sensitive data flowing through them.

What you will do

• Own and drive WRITER's security compliance program end-to-end including managing SOC 2 Type II audits, ISO Triad (27001/27701/42001) certification, and expanding our compliance coverage to meet emerging customer requirements in regulated industries like financial services and healthcare.
• Lead customer assurance efforts by responding to security questionnaires, DDQs, and RFPs from enterprise customers, maintaining our trust portal with up-to-date security documentation, and partnering with Sales to remove security blockers that could delay major deals.
• Build and maintain WRITER's security governance framework including creating and updating security policies, access control standards, vendor risk procedures, incident response plans, and AI-specific governance documentation that addresses model training, data handling, and responsible AI deployment.
• Conduct continuous control monitoring and evidence collection by implementing automated compliance workflows, tracking remediation activities across teams, performing control testing, and ensuring we maintain audit-ready documentation throughout the year instead of scrambling before audits.
• Drive risk assessments and third-party vendor security reviews by evaluating supplier controls, identifying and quantifying security risks across our AI platform and infrastructure, and working cross-functionally to prioritize and track remediation efforts.
• Partner with Engineering and Product teams to embed compliance into the development lifecycle by reviewing architecture decisions for security and privacy implications, ensuring secure-by-design principles are followed for new AI features, and translating regulatory requirements into technical controls that developers can actually implement.
• Serve as the primary point of contact for external auditors and assessors, coordinating evidence collection, scheduling interviews, addressing findings, and ensuring audit processes run smoothly while minimizing disruption to the broader team.

What you need

• 2+ years of hands-on experience in GRC, security compliance, or audit roles within fast-paced tech companies or startups.
• Deep working knowledge of security frameworks and certifications including SOC 2 Type II, ISO 27001, GDPR, CCPA, and familiarity with emerging AI governance requirements.
• Strong technical literacy that allows you to evaluate cloud security architectures, understand API security, review access control implementations, and have credible conversations with engineers about security controls.
• Excellent project management abilities with the skill to juggle multiple audits, customer questionnaires, policy updates, and remediation initiatives simultaneously.
• Outstanding communication skills that enable you to explain complex compliance requirements in clear, actionable language to technical and non-technical audiences alike.
• Natural curiosity about AI governance and emerging regulatory landscape including AI-specific frameworks, model risk management, data privacy implications of AI training, and responsible AI principles.
• Alignment with WRITER's values of Connect, Challenge, and Own.

Benefits & perks (UK full-time employees):

• Generous PTO, plus company holidays.
• Comprehensive medical and dental insurance.
• Paid parental leave for all parents (12 weeks).
• Fertility and family planning support.
• Early-detection cancer testing through Galleri.
• Competitive pension scheme and company contribution.
• Annual work-life stipends for wellness, learning and development.
• Company-wide off-sites and team off-sites.
• Competitive compensation and company stock options.