AI Enablement & Governance - AI Security & Controls Lead

About The Position

Requirements

• 5+ years of relevant experience (or equivalent expertise) in information security, technology risk, AI governance, model risk management, privacy engineering, or related roles.
• Strong understanding of AI architectures, Machine learning pipelines, Retrieval-augmented generation (RAG), Agentic and tool-using AI patterns
• Demonstrated ability to translate technical AI and security concepts into clear control expectations and guidance.
• Experience working cross-functionally with engineering, security, privacy, and risk teams.
• Practical, risk-based mindset with strong judgment and attention to detail.
• Excellent written communication skills; ability to create clear, defensible documentation.
• Bachelor’s degree in Computer Science, Engineering, or related field, or equivalent practical experience

Nice To Haves

• Relevant certifications preferred (e.g., AAISM, CISSP, CISM, CRISC, AIGP, cloud security certifications).

Responsibilities

• Partnering directly with AI Engineers & Developers, Information Security and governance teams to define AI-specific security and risk management standards covering AI/ML models, RAG solutions, and agentic architectures.
• Translating enterprise security principles and risk frameworks into AI-appropriate guidance, addressing topics such as, model access control and abuse prevention, prompt and context security, data leakage, memorization, and inference risks, agent autonomy boundaries and safeguards
• Define AI runtime monitoring and incident response expectations, aligned to (and extending as needed) existing incident response playbooks.
• Ensuring AI security guidance remains aligned with evolving technology patterns, external expectations, and internal architectures, and external expectations (e.g. NIST AI RMF/CSF, NYDFS AI Cybersecurity, ISO/IEC 42001)
• Contributing to the broader AI policy hierarchy by ensuring security requirements are clearly mapped to AI governance policies, controls and standards.
• Partnering with third-party risk and supplier governance teams to Identify AI-specific risks introduced by vendors, models, platforms, and APIs.
• Defining AI security control expectations for vendors and managed services
• Supporting evaluation of vendor AI security posture, including training data handling, model protections, monitoring, and incident response capabilities.
• Contributing AI-specific input to due diligence, onboarding, and ongoing vendor risk assessments.
• Acting as a trusted advisor to AI engineering, product, privacy, and security teams on how to safely design and deploy AI systems.
• Providing practical guidance that balances security rigor with business velocity.
• Helping teams understand what “secure by design” means for AI, without imposing unnecessary friction.

Benefits

• health, dental and vision coverages starting Day One
• wellbeing programs
• retirement plans with contribution matching
• generous time off
• parental leave
• continuing education
• career growth opportunities
• competitive total rewards package