Governance, Risk & Compliance Manager (Zürich)

As Lakera’s first Governance Risk & Compliance Manager, you’ll own and drive our compliance initiatives. This is a high-impact role with company-wide visibility and the chance to influence how AI security is operationalized across the industry. From customer trust to internal governance, you’ll be instrumental in setting the gold standard for how AI companies approach security and compliance.

About Lakera

Lakera is on a mission to ensure AI does what we want it to do. We are heading towards a future where AI agents run our businesses and personal lives. Here at Lakera, we're not just dreaming about the future; we're building the security foundation for it. We empower security teams and builders so that their businesses can adopt AI technologies and unleash the next phase of intelligent computing.

We work with Fortune 500 companies, startups, and foundation model providers to protect them and their users from adversarial misalignment. We are also the company behind Gandalf, the world’s most popular AI security game.

Lakera has offices in San Francisco and Zurich.

We move fast and work with intensity. We act as one team but expect everyone to take substantial ownership and accountability. We prioritize transparency at every level and are committed to always raising the bar in everything we do. We promote diversity of thought as we believe that creates the best outcomes.

What You’ll Do

Audit and Certification Leadership:

• Lead audits and audit preparations for SOC2, ISO27001, GDPR, CCPA, and other relevant regulations and certifications.

• Continuously ensure compliance by collecting and organizing compliance evidence, and interfacing with auditors.

Governance and Risk Management:

• Create, implement, and update compliance policies and procedures.

• Oversee our security third-party risk management processes.

• Conduct risk assessments, gap analyses, and report findings to inform strategic decisions.

• Identify and mitigate data security and compliance risks.

• Develop comprehensive risk management programs focusing on vulnerabilities, enterprise, vendor, and related areas.

Customer Assurance:

• Engage with customers to foster trust, highlighting our dedication to secure operations and adherence to AI best practices.

• Efficiently respond to security questionnaires and inquiries in collaboration with Sales and Engineering teams, accelerating the sales process.

• Develop or update internal processes and best practices, aligning with customer requirements.

• Maintain public-facing trust documentation, including our Trust Center, whitepapers, and other resources.

(Nice to have) Automation and Integration:

Automate vendor due diligence and streamline compliance workflows to minimize manual processes and enhance accuracy.

Champion "compliance as code" by integrating compliance monitoring and reporting into CI/CD pipelines.

What You’ll Bring

• 3-7 years of experience in a compliance centric role.

• Excellent communication skills, both verbal and written, enabling clear and effective interactions with internal stakeholders, auditors, and customers.

• Technical expertise in managing compliance with SOC2 and ISO27001 standards, with hands-on experience using compliance management tools such as Vanta or equivalent.

• Solid understanding of risk assessment frameworks, particularly NIST SP 800-37, along with demonstrated experience in documenting, analyzing, and reporting risks.

• Proven ability to successfully acquire, maintain, and demonstrate readiness for certifications such as SOC2, including direct experience in audit preparation and execution.

• Demonstrated ability to collaborate effectively with cross-functional teams (including Engineering, Sales, and Legal)

Nice to haves

• Proficiency in automation and scripting languages (Python, Bash) to scale compliance workflows, automate vendor due diligence, and streamline responses to client security questionnaires.

• Experience managing compliance in cloud environments (e.g., AWS)

• Familiarity with integrating compliance tools into continuous integration and continuous delivery (CI/CD) pipelines for automated monitoring and reporting.

• Industry Certifications: CISSP, CISM

👉 Let's stay connected! Follow us on LinkedIn, Twitter & Instagram to learn more about what is happening at Lakera.

ℹ️ Join us on Momentum, the slack community for AI Safety and Security everything.

❗To remove your information from our recruitment database, please email privacy@lakera.ai.