AI Enablement & Governance - AI Security & Controls Lead

About The Position

Requirements

• 5+ years of relevant experience (or equivalent expertise) in information security, technology risk, AI governance, model risk management, privacy engineering, or related roles.
• Strong understanding of AI architectures, Machine learning pipelines, Retrieval‑augmented generation (RAG), Agentic and tool‑using AI patterns
• Demonstrated ability to translate technical AI and security concepts into clear control expectations and guidance.
• Experience working cross‑functionally with engineering, security, privacy, and risk teams.
• Practical, risk‑based mindset with strong judgment and attention to detail.
• Excellent written communication skills; ability to create clear, defensible documentation.
• Bachelor’s degree in Computer Science, Engineering, or related field, or equivalent practical experience

Nice To Haves

• Relevant certifications preferred (e.g., AAISM, CISSP, CISM, CRISC, AIGP, cloud security certifications).

Responsibilities

• Partnering directly with AI Engineers & Developers, Information Security and governance teams to define AI-specific security and risk management standards covering AI/ML models, RAG solutions, and agentic architectures.
• Translating enterprise security principles and risk frameworks into AI‑appropriate guidance, addressing topics such as, model access control and abuse prevention, prompt and context security, data leakage, memorization, and inference risks, agent autonomy boundaries and safeguards
• Define AI runtime monitoring and incident response expectations, aligned to (and extending as needed) existing incident response playbooks.
• Ensuring AI security guidance remains aligned with evolving technology patterns, external expectations, and internal architectures, and external expectations (e.g. NIST AI RMF/CSF, NYDFS AI Cybersecurity, ISO/IEC 42001)
• Contributing to the broader AI policy hierarchy by ensuring security requirements are clearly mapped to AI governance policies, controls and standards.
• Partnering with third‑party risk and supplier governance teams to Identify AI‑specific risks introduced by vendors, models, platforms, and APIs.
• Defining AI security control expectations for vendors and managed services
• Supporting evaluation of vendor AI security posture, including training data handling, model protections, monitoring, and incident response capabilities.
• Contributing AI‑specific input to due diligence, onboarding, and ongoing vendor risk assessments.
• Acting as a trusted advisor to AI engineering, product, privacy, and security teams on how to safely design and deploy AI systems.
• Providing practical guidance that balances security rigor with business velocity.
• Helping teams understand what “secure by design” means for AI, without imposing unnecessary friction.

Benefits

• health, dental and vision coverages starting Day One.
• wellbeing programs
• retirement plans with contribution matching
• generous time off
• parental leave
• continuing education
• career growth opportunities
• competitive total rewards package
• continuing education & training
• tremendous potential with a growing worldwide organization.