Business Information Security Officer, AI

About The Position

Requirements

• Deep understanding of AI risk management frameworks (e.g., NIST AI Risk Management Framework, ISO/IEC 23894, ISO42001, OWASP, MITRE).
• Familiarity with financial services industry regulations and standards (e.g., FFIEC, GLBA, GDPR, PCI DSS, NYDFS Cybersecurity Regulation).
• Experience implementing AI governance and ethical guidelines in financial institutions.
• Ability to assess and mitigate risks associated with AI models, including bias, explainability, and robustness.
• Knowledge of secure AI development lifecycle and best practices for model validation and monitoring.
• Expertise integrating AI security controls into enterprise architecture and technology platforms.
• Awareness of emerging AI threats, adversarial attacks, and evolving regulatory requirements.
• Ability to communicate complex AI risk concepts to executive stakeholders and non-technical audiences.
• Experience with incident response and remediation for AI-related security events.
• Commitment to continuous learning and staying current with industry trends, frameworks, and best practices in AI and financial services.
• University degree required.
• 5-8 years of relevant experience.

Nice To Haves

• Information security certification or accreditation is an asset.

Responsibilities

• Provide technology risk advice and consultation to business partners.
• Enable businesses to effectively manage risk within their risk appetite and meet objectives.
• Facilitate communication and execution of enterprise-wide information security programs.
• Develop enterprise awareness training for AI.
• Conduct risk assessments on business applications, third parties, and infrastructure.
• Validate that security and technology controls are implemented to support business requirements.
• Lead development and implementation of technology controls and information security strategies, policies, and programs.
• Oversee control and governance activities, identifying and assessing potential security risks, breaches, and exposures.
• Provide technical leadership and expert consultation on technology controls, information security programs, policies, standards, and incidents.
• Lead project consulting on risk assessment, definition of required controls, vulnerability assessments, and control procedures.
• Conduct comprehensive risk and control design assessments for application portfolios.
• Document and articulate the impact of control gaps, develop risk mitigation and remediation plans, and provide information security solutions.
• Define, develop, and oversee a global security management strategy and framework.
• Ensure technology, processes, and governance are in place to monitor, detect, prevent, and react to security threats.
• Guide and lead ongoing technology risk reporting, monitor key trends, and define metrics to measure control effectiveness.
• Act as a primary technical expert, working with technology partners and service/platform owners to integrate security components into enterprise architecture.
• Consult on regulatory compliance requirements, reporting, and questions.
• Adhere to internal policies, procedures, technology control standards, and regulatory guidelines.
• Proactively review internal processes and identify opportunities for improvement.
• Advise on, oversee, monitor, and enforce enterprise frameworks and methodologies related to technology controls and information security.
• Influence behavior to reduce risk and foster a strong technology risk management culture.
• Remain informed of emerging issues, industry trends, and relevant changes.
• Define, develop, implement, and manage standards, policies, procedures, and solutions that mitigate risk and maximize security, service availability, efficiency, and effectiveness.
• Manage relationships with other technology areas, businesses, and control functions to ensure alignment with enterprise and regulatory requirements.
• Maintain a culture of risk management and control, supported by effective processes and sound infrastructure.
• Ensure business operations comply with internal and external requirements (e.g., financial controls, segregation of duties, transaction approvals, physical control of assets).
• Participate in cross-functional and enterprise initiatives as a subject matter expert.
• Lead governance meetings or committees and related deliverables/outcomes.
• Lead, facilitate, and implement action or remediation plans to address performance, risk, and governance issues.
• Develop, provide, or contribute to complex reporting, analysis, and assessments at the functional or enterprise level.
• Assess and identify key issues, escalating to appropriate stakeholders as needed.

Benefits

• health and well-being benefits
• savings and retirement programs
• paid time off
• banking benefits and discounts
• career development
• reward and recognition programs