Cyber & AI Risk Specialist

About The Position

Requirements

• Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, or related field; or equivalent work experience
• 5–8 years in cybersecurity, IT risk, or technology governance
• 2–3 years of direct AI/ML security, AI governance, or AI platform administration experience
• Hands-on experience administering enterprise AI platforms (Claude Enterprise or Microsoft 365 Copilot) including SSO/SCIM/SAML configuration, RBAC, and user provisioning
• Prior exposure to DSPM, CASB, DLP, or agentic AI platforms preferred
• Familiarity with SIEM tooling and alert triage
• Working knowledge of AI/ML security risks: prompt injection, model poisoning, OWASP LLM Top 10, and data exposure in AI pipelines
• Familiarity with NIST AI RMF, NIST CSF 2.0, ISO/IEC 42001, GLBA, and CCPA; awareness of emerging AI regulatory requirements
• Experience maintaining risk registers, control documentation, and audit evidence packages
• Clear written and verbal communication skills; able to document technical findings for both technical and non-technical audiences

Nice To Haves

• Retail, financial services, specialty lending, or consumer-facing regulated industry experience preferred

Responsibilities

• Maintain and operationalize EZCORP’s AI security policies: acceptable use standards, model risk policies, agentic AI guardrails, and data handling requirements
• Support governance aligned to NIST AI RMF, NIST CSF 2.0, ISO/IEC 42001, GLBA, and CCPA; assist in translating requirements into documented controls
• Support the AI Governance Committee: prepare intake materials, document decisions, and track conditional approval follow-through
• Develop and maintain AI security best practices documentation; publish guidance for business units, developers, and end users on secure AI use
• Administer the security of enterprise AI platforms including Claude Enterprise and Microsoft 365 Copilot
• Administer AI platform access controls: SSO configuration (SCIM/SAML), user provisioning and de-provisioning, role-based permissions, and license governance
• Evaluate and recommend approval or rejection of AI features, agents, and integrations against CISO-approved security and data governance standards
• Define and enforce policies for AI connectors, APIs, and third-party integrations using least-privilege principles; maintain an approved integration registry
• Operate and administer Agent 365: configure agentic workflow policies, permission scopes, tool-use guardrails, and session monitoring per CISO-approved standards
• Operate DSPM for AI: run data classification scans, enforce data access policies, monitor for sensitive data exposure across AI pipelines (training, inference, retrieval), and track remediation to closure
• Maintain platform health across all managed AI tools: configurations, integrations, alert tuning, and vendor escalation as needed
• Document platform configurations, change logs, and operational procedures; maintain current runbook library for all managed platforms
• Stay current on AI platform updates, new features, vendor security advisories, and emerging tooling; evaluate changes against EZCORP security standards before adoption or rollout
• Implement and maintain security controls for agentic AI workflows, automation pipelines, and enterprise system integrations per CISO-approved design standards
• Define and enforce least-privilege access for AI agents interacting with EZCORP data, APIs, and business systems; review and recertify agent permissions on a defined cadence
• Build and execute runbooks for common agentic AI risk scenarios: prompt injection, data leakage, agent privilege escalation, unauthorized automation, and hallucination-driven decisions
• Collaborate with IT Security architecture on secure AI integration patterns and API gateway controls
• Configure and maintain monitoring and logging of AI platform activity across all managed tools; integrate AI telemetry with SIEM for detection, alerting, and incident response
• Monitor AI-specific threat telemetry from Agent 365, DSPM for AI, SIEM, and endpoint tooling; triage alerts and execute response per defined procedures
• Support AI threat modeling exercises: document attack surfaces, contribute to OWASP LLM Top 10 assessments, and help validate mitigations
• Support AI-related incident response: execute assigned IR playbook steps, document timelines and evidence, and assist in containment and remediation
• Develop and maintain AI-specific IR playbooks; integrate AI threat scenarios into EZCORP’s broader cyber IR framework and tabletop exercise program
• Identify and mitigate AI-specific risks including prompt injection, data leakage, model poisoning, unauthorized automation, and adversarial model attacks
• Maintain the enterprise AI risk register: update risk entries, track control owners, monitor remediation status, and flag overdue or escalating items
• Support security gate reviews across the AI model lifecycle by preparing risk assessment documentation, checklists, and findings summaries
• Maintain the AI model inventory: risk classification, data sensitivity, deployment environment, ownership, version history, and operational status
• Track and report AI security KRIs and metrics; prepare data inputs for CISO and ELT dashboards on a defined cadence
• Support the shadow AI detection program: review DLP, proxy, and endpoint telemetry for unauthorized AI tool usage; document findings and initiate remediation workflows
• Maintain the approved AI tool registry; process intake requests and flag unapproved tools for escalation prior to any security sign-off
• Assist in communicating shadow AI policies to business units; track acknowledgments and policy violation remediation status
• Assist in third-party AI vendor security assessments: complete questionnaires, review vendor documentation, and summarize findings for senior review
• Track vendor AI risk findings, remediation commitments, and reassessment schedules in the vendor risk register
• Monitor third-party AI vendors for ongoing risk changes: new model versions, changed data practices, security incidents, or regulatory actions
• Prepare AI control evidence packages for internal and external audits; collect documentation, validate completeness, and coordinate with control owners
• Maintain AI control documentation and policy attestations for SOC 2, PCI DSS, GLBA, CCPA, and applicable state-level AI regulations
• Monitor the regulatory landscape (NIST AI RMF updates, CFPB/FTC AI guidance) and summarize implications for team review
• Maintain and update the AI Security & Risk Dashboard: platform health (Agent 365, DSPM for AI, enterprise AI tools), risk posture, shadow AI trends, open findings, and compliance status
• Produce recurring AI risk status reports — open findings, platform health, shadow AI trends, compliance posture — ready for senior staff review and delivery
• Track AI security KPIs and KRIs against defined maturity targets; flag deviations and support root cause documentation
• Partner cross-functionally to review AI use cases, provide security guidance on new initiatives, and support business units in adopting AI within approved guardrails
• Support AI intake gate reviews in the EPMO process: prepare risk assessment inputs, document findings, and track approval status
• Collaborate with the AI Portfolio Lead and Sr. AI & Transformation Lead to ensure all AI tooling meets CISO-approved security standards
• Partner with the AI Change & Adoption Lead to embed security awareness and acceptable use guidance into AI enablement programs and user training

Benefits

• competitive compensation
• great benefits
• generous bonus potential from day one