BISO - Enterprise AI & Data

About The Position

Requirements

• 10+ years of experience in information security positions.
• 5+ years’ experience overseeing an information security function and influencing senior business and IT stakeholders in complex global environments.
• Demonstrated experience supporting enterprise data, analytics, AI/ML, or digital platform functions.
• Ability to translate business and technical priorities into effective cybersecurity controls and risk decisions.
• Demonstrated ability to apply and govern security for AI/ML, Generative AI, and agentic automation use cases.
• Practical understanding of risks such as prompt injection, insecure tool use, data leakage, model manipulation, insecure retrieval, over-privileged agents, and supply chain exposure.
• Experience translating use cases into measurable business and cybersecurity outcomes.
• Familiarity with securing cloud-based data platforms and analytics environments, including identity and access models, encryption and key management, telemetry and logging, data flow protection, workload isolation, secrets management, and monitoring for misuse or exfiltration.
• Experience with platforms such as Databricks, hyperscaler-native data services, or equivalent enterprise data platforms is a strong differentiator.
• Experience with application security and integration security patterns relevant to modern data and AI ecosystems, including API security, OAuth/token hygiene, certificate lifecycle, service-to-service authentication, software supply chain considerations, and secure secrets handling.
• Experience working with engineering, platform, or product teams to integrate security controls into CI/CD pipelines, data pipelines, model delivery workflows, and infrastructure-as-code practices in cloud-native environments.
• Experience implementing and operationalizing controls defined by NIST CSF, ISO 27001/27002, and related cybersecurity frameworks, and applying them pragmatically to cloud, data, and AI environments.
• Ability to build meaningful risk dashboards and metrics using actionable data to prioritize remediation, demonstrate risk reduction, and support governance decisions across enterprise AI and data services.
• Understanding of vulnerability management and recurring hygiene efforts across cloud services, data platforms, applications, APIs, containers, and integrations.
• Familiarity with threat modeling, security testing, and penetration testing approaches relevant to web, API, cloud, and AI-enabled services.
• Understanding of global security operations and incident response processes, including scenarios such as data leakage, cloud compromise, exposed storage, pipeline compromise, model misuse, and third-party service incidents.
• Strong written and verbal communication skills, with proven ability to present complex technical information to both technical and non-technical audiences.
• Proven ability to manage competing priorities, operate under time constraints, and drive outcomes through influence across matrixed teams in a fast-evolving technology landscape.
• Bachelor's degree in science or relevant technical field of study.

Nice To Haves

• Master's degree preferred.
• Professional certifications such as CISSP, CCSP, CISM, or equivalent.
• Experience with enterprise AI and data tooling such as Databricks, Dataiku, Domino, Hugging Face, GitHub, AWS Bedrock, Google Vertex AI, and Microsoft Copilot services.
• Familiarity with AI-specific security and governance tools and cloud security posture management for data/AI estates.
• Experience establishing or chairing cross-functional governance forums for AI and data platforms.
• Background working in highly regulated or safety-critical environments and with privacy and data protection stakeholders.
• Proven track record of building global, high-performing cybersecurity teams and coaching senior individual contributors.
• Familiarity with emerging AI governance and assurance concepts is advantageous.

Responsibilities

• Act as the senior security partner to AI and data leadership, aligning enterprise cybersecurity strategy to business priorities.
• Chair or participate in governance forums to enable risk-based decisions and clear accountability across portfolios.
• Provide strategic guidance on risks across the data and AI lifecycle, including sensitive data exposure, excessive access, insecure model development, prompt/context leakage, model supply chain compromise, adversarial manipulation, insecure APIs, and third-party dependencies.
• Define practical control expectations, approved design patterns, and human-in-the-loop approaches for AI/ML, Generative AI, and agentic automation.
• Establish and evolve governance for data platforms, lakehouse environments, analytics workspaces, semantic layers, feature stores, model registries, vector stores, and cloud-native services.
• Drive vulnerability management, architecture review follow-through, audit and penetration test remediation, and maturity uplift against control frameworks.
• Set KPIs/OKRs and build feedback loops that demonstrate risk reduction and operational effectiveness.
• Strengthen readiness, playbooks, and crisis processes for incidents affecting data platforms and AI services.
• Lead post-incident learning and preventive improvements.
• Maintain deep understanding of threats to enterprise AI and data and convert insights into timely guidance for stakeholders.
• Build trusted relationships with senior leaders across various functions to embed security into planning and delivery.
• Champion a cybersecurity culture tailored to data engineers, platform engineers, architects, data scientists, analysts, AI product teams, and business users.
• Direct security engineers, specialists, and analysts to deliver posture reporting, risk management, remediation, and consulting for cloud-based data platforms and AI ecosystems.
• Set clear goals tied to measurable risk reduction, business enablement, and resilience.
• Navigate a fast-evolving global AI and data ecosystem across major clouds and enterprise tooling, ensuring observability, detection, and monitoring are built in while adoption remains safe and swift.

Benefits

• Short-term incentive bonus opportunity
• Equity-based long-term incentive program (salaried roles)
• Retirement contribution (hourly roles)
• Commission payment eligibility (sales roles)
• Qualified retirement program [401(k) plan]
• Paid vacation and holidays
• Paid leaves
• Health benefits including medical, prescription drug, dental, and vision coverage