AI Compliance Engineer – Responsible AI

📋 Description

• Develop and implement SnowHeap’s AI governance framework, including policies, control libraries, risk registries, exception management, and approvals from inception to deployment.

• Align legal requirements and frameworks (such as the EU AI Act, GDPR/PDPL/DIFC DPL, NIST AI RMF, ISO/IEC 42001 & 27001, SOC 2) with specific technical controls in our products and client initiatives.

• Create an evaluation framework for LLMs/agents, encompassing golden sets, scenario testing, adversarial assessments, offline evaluations, and online A/B tests; monitor for hallucinations, safety, bias, privacy breaches, robustness, costs, and latency.

• Establish protective measures (such as PII detection, jailbreak/prompt-injection defenses, output filters, content safety) and integrate them into workflows (LangChain/LangGraph, CrewAI/Agno).

• Set up audit-compliant telemetry, including data lineage, prompt/response logging with redaction, model cards, decision traces, and approval processes (LangSmith/observability tools).

• Collaborate with Security/Privacy teams on DPIAs/TRA, data retention, DLP, key management, access controls, and vendor risk (OpenAI/Anthropic terms, Azure/GCP/AWS).

• Lead red-teaming initiatives; coordinate incident response plans for model failures and safety regressions.

• Evaluate prompts, fine-tunes, and datasets for adherence to policies; curate evaluation datasets and define “go/no-go” acceptance standards.

• Mentor engineers, sales teams, and clients; prepare clear documentation and checklists; conduct internal training sessions and readiness assessments.

• Contribute to proposals and client audits; leverage compliance as a competitive edge.

⛳️ Requirements

• A minimum of 4 years of experience in Security/Privacy/Compliance, ML governance, or safety engineering, with at least 2 years focused on LLM products.

• Strong understanding of LLM technology stacks: OpenAI & Azure OpenAI, Claude, Agno, CrewAI, LangChain/LangGraph/LangSmith.

• Practical experience in model evaluation: creating test sets, scoring based on rubrics, conducting offline and online assessments, and performing statistical analyses; familiarity with tools or libraries for evaluations/observability.

• Knowledge of privacy and AI risk (including GDPR/PDPL/DIFC DPL, EU AI Act concepts, NIST AI RMF) and the ability to transform them into protective measures, SOPs, and controls.

• Expertise in context engineering: capable of designing, testing, and auditing prompt sequences, context windows, and memory structures for compliance, safety, and explainability.

• Proficient in scripting with Python/Pydantic (TypeScript is a plus); able to review pull requests and incorporate compliance checks into CI/CD processes.

• Familiarity with Cloud/MLOps, specifically in one of AWS/GCP/Azure; knowledge of containers, secrets management, monitoring, and access controls.

• Strong writing and stakeholder engagement skills; able to communicate “no” with justification and facilitate a safer “yes.”

• Preferred qualifications include experience in ISO 27001/ISO 42001/SOC 2 implementation or audits.

• Previous experience in red-teaming LLMs (including prompt-injection, data exfiltration, and harmful content detection).

• Background in regulated industries (such as financial services, healthcare, or public sectors).

• Proficiency in Arabic or familiarity with the UAE market is a plus.

🏝️ Benefits

• A high-ownership position that shapes SnowHeap’s AI governance and product strategy.

• Remote-first work environment across MENA/EU time zones with flexible working hours.

• Competitive salary complemented by performance bonuses.

• Opportunities for rapid career advancement, with the chance to build and lead the function.