Staff GRC Engineer (AI Research)

Why Zania

Every enterprise spends millions of dollars on Governance, Risk, and Compliance (GRC). It's one of the most critical, yet universally painful, parts of running a business. For decades, this industry has been dominated by legacy systems with notoriously low NPS scores, making it totally ripe for disruption.

Zania is building agentic AI for Governance, Risk, and Compliance (GRC) to solve this massive problem. We are on a rocketship trajectory, creating intelligent agents that automate and augment the most complex risk and compliance workflows. We have found exceptional product-market fit and are scaling our team very quickly. Some reasons to join Zania are:

• Dream Customers: Our customers are the most notable enterprises in the world, including FAANG, Big 4 firms and a portfolio of top customers.

• Tier 1 Backing: Funded by a leading Tier 1 venture capital fund, giving us the resources to build a generational company.

• World-Class Team: Zania is hiring the best. Our team includes AI and Security leaders from Airbnb, Microsoft, Bain & Company, Deloitte, PwC, Brex, and Instacart.

• Pioneering Technology: Our engineers and GRC experts work at the absolute forefront of applied AI, building the next generation of agentic systems that will define the future of compliance.

• Hyper-Growth: We have seen 10x ARR growth in the last year and are rapidly expanding.

• Competitive Compensation & Equity.

Role Overview

As a Staff GRC Engineer, you are the subject matter expert at the heart of our mission to build the world's most intelligent GRC AI. This is a rare opportunity for a top-tier GRC professional to not only practice compliance but to build the technology that will define its future, establishing yourself as a genuine thought leader in an industry on the brink of transformation. Your expertise is the critical ingredient. You will work hands-on with our AI team to train and build agents designed to outperform the best human experts, codifying your deep knowledge of GRC to teach our AI how to reason with the precision of a world-class GRC leader.

This role is based in our Palo Alto, CA office. We use an in-person work model and offer relocation assistance.

What You'll Do

• Train the World's Best GRC AI: Serve as the primary expert for our AI team. You will create high-quality training data, perform expert evaluation of AI outputs, and provide the critical feedback needed to build agents that achieve superhuman performance. This may optionally include writing prompts and designing tests for agentic workflows.

• Codify Expert Methodologies: Deconstruct complex GRC tasks (like risk assessments, control testing, or audit preparation) into their fundamental steps. You will build the methodologies and "expert playbooks"—mimicking how a human expert would reason—that our AI will learn and eventually surpass.

• Develop Rigorous Evaluations: Design and implement sophisticated evaluation frameworks to measure the accuracy, reliability, and explainability of our AI agents. You will be the ultimate arbiter of whether an agent meets the impossibly high standards required by our customers.

• Shape the Product: Partner directly with Product Management and Engineering to define product functionality and user workflows. Your deep understanding of GRC pain points will ensure we are building a product that solves real-world problems.

• Engage with Industry Leaders: Work directly with the top GRC teams in the world—from Fortune 500 enterprises to the Big Four advisory firms—to understand their challenges, validate our AI's capabilities, and ensure our solutions are aligned with the highest industry standards.

Representative Projects

• Lead the development of the "NIST CSF Agent" by breaking down the entire framework into a structured, learnable process and creating a golden dataset for training and evaluation.

• Design a comprehensive evaluation to test an AI agent's ability to perform a third-party risk assessment, measuring its accuracy against a panel of human experts.

• Create a novel methodology for testing the "explainability" of an AI's control mapping decisions, ensuring its reasoning is transparent and defensible to auditors.

• Partner with a Fortune 100 CISO during a pilot to fine-tune a risk quantification agent, ensuring it aligns with their specific risk appetite and methodologies.

What You Have

• Deep GRC Expertise: 8+ years of hands-on experience in GRC, IT audit, or security compliance roles at a top-tier company (e.g., Top GRC teams, Fortune 50, Big Four advisory). You have lived and breathed frameworks like SOC 2, ISO 27001, NIST, and PCI.

• A Builder's Mindset: You are not content with just executing existing processes. You have a passion for thinking from first principles and a desire to build new, better ways of doing things.

• Technical Aptitude: You are technically curious and comfortable working closely with engineers and AI researchers. You can grasp technical concepts quickly and are eager to learn how AI systems work.

• Passion for AI's Potential: You are genuinely excited by the prospect of AI transforming the GRC landscape and are eager to be at the forefront of that change.

• Exceptionally High Standards: You have an obsessive attention to detail and an analytical, systematic approach to your work. You understand what "excellence" looks like in a high-stakes compliance environment.

• World-Class Communication: You have the unique ability to communicate complex GRC concepts to a wide range of audiences—from technical AI researchers and engineers to non-technical customers and executive leaders.

Final offer amounts are determined by multiple factors, including, experience and expertise, and may vary from the amounts listed above.

Equity: In addition to the base salary, equity may be part of the total compensation package.

Zania is an equal opportunity employer and does not discriminate on the basis of race, gender, sexual orientation, gender identity/expression, national origin, disability, age, genetic information, veteran status, marital status, pregnancy or related condition, or any other basis protected by law.