Director, AI Governance, Automation & Analytics

About The Position

Requirements

• 8+ years in security, with 3+ years in leadership roles spanning AI/ML security, security automation, or security analytics.
• Deep understanding of AI/ML architectures: LLMs, transformer models, fine-tuning pipelines, RAG systems, embeddings, and associated attack surfaces (prompt injection, training data poisoning, model extraction, adversarial inputs).
• Hands-on experience building or leading security automation programs—SOAR playbooks, automated detection pipelines, evidence collection systems, or AI-driven alert triage.
• Working knowledge of AI governance frameworks: ISO 42001, NIST AI RMF, EU AI Act risk classification, or equivalent enterprise AI governance programs.
• Experience with non-human identity governance: service accounts, API keys, OAuth tokens, agent credentials—and the security challenges of machine-to-machine communication at scale.
• Demonstrated ability to build and operationalize security tooling integrations across a modern cloud security stack (CSPM, EDR, SIEM/SOAR, DLP, identity).
• Experience with cyber risk quantification and translating technical risk into business and financial terms for executive and board audiences.
• Strong cross-functional collaboration skills—proven ability to partner with Engineering, Product, Legal, and ML teams in a fast-paced SaaS environment.
• Proficiency in building analytics and dashboards from security telemetry—SQL, Python, or BI tools to generate insights from large-scale security data.

Nice To Haves

• Experience leading or contributing to ISO 42001 certification, EU AI Act compliance programs, or formal AI risk management implementations.
• Background in securing agentic AI systems: agent registries, MCP security, tool-use governance, agent-to-agent communication controls, and runtime action attribution.
• Experience with AI Security Posture Management (AI-SPM) or building AI asset inventories (AIBOM) in enterprise environments.
• Familiarity with shadow AI discovery and containment—including CASB/SWG-based real-time detection, OAuth audit, and browser extension monitoring.
• Experience deploying AI/ML within security workflows: NLP-driven log analysis, ML-based anomaly detection, LLM-powered security automation.
• Professional certifications such as CISSP, CISM, CCSP, or AI-specific credentials.
• Contributions to AI security research, standards bodies (OWASP AI, NIST, ISO), or industry publications.
• Experience supporting IPO readiness, SOX, or investor due diligence from a security analytics and risk quantification perspective.

Responsibilities

• Build and operate a centralized AI agent registry—every autonomous agent, bot, MCP connector, and AI-powered workflow across the enterprise is inventoried, owned, and monitored. Use next-gen tools as the discovery engine and extend coverage to API-level and browser-extension agents.
• Lead shadow AI containment: detect, classify, and govern unauthorized AI deployments across business units. Turn the current reactive posture into proactive continuous discovery with real-time alerting.
• Enforce agent identity governance—treat AI agents as first-class security principals with their own identities, least-privilege access controls, credential rotation, and lifecycle management. Partner with Identity to extend Zero Trust to non-human identities.
• Build incident response playbooks specifically for agent-induced incidents: goal hijacking, unauthorized data access, privilege escalation through AI tool chains, and MCP-based credential exposure.
• Define and enforce agent deployment gates—no AI agent goes to production without security review, risk classification, and registration in the central registry.
• Own AlphaSense’s AI governance program end-to-end: policy frameworks, risk classification tiers, AI impact assessments, and the cross-functional governance council (Security, Legal, Product, Engineering, HR).
• Drive ISO 42001 (AI Management System) certification—define scope, build the AIMS, lead the audit. This is a near-term strategic priority.
• Build and maintain the AI risk taxonomy covering bias, explainability, data quality, model drift, adversarial attacks, and societal impact—mapped to EU AI Act risk tiers, NIST AI RMF, and internal product requirements.
• Monitor and prepare for emerging regulatory requirements: EU AI Act enforcement timelines, DORA’s AI-related incident reporting obligations, U.S. state-level AI legislation, and sector-specific AI guidance.
• Establish AI-specific cyber risk quantification (CRQ) models that translate AI risk into financial impact for board-level reporting and investment prioritization.
• Architect and deploy AI-powered security automation—targeting high-toil workflows like alert triage, evidence collection, vendor risk questionnaires, and incident enrichment.
• Build analytics pipelines that generate actionable intelligence from security telemetry across the security stack —turning raw data into risk signals, trend detection, and efficiency metrics.
• Work with teams to deploy and tune AI-driven detection capabilities: behavioral anomaly detection, insider risk correlation, and automated threat hunting across endpoints and cloud.
• Drive continuous control monitoring for AI-specific controls—automated validation that AI governance policies are being enforced, not just documented.
• Own security program metrics, KPIs, and KRIs: build dashboards and reporting that communicate risk posture, automation coverage, and governance maturity to executive leadership and the board.
• Partner with Engineering and AI/ML teams to embed security controls directly into AI development, training, and deployment pipelines—shifting governance left into the build process.
• Collaborate with Product Security to ensure customer-facing AI features meet governance requirements and can withstand adversarial use cases (prompt injection, data extraction, jailbreaking).
• Work with Legal and Privacy to align AI governance policies with data protection requirements across jurisdictions (GDPR, CCPA, China DSL/PIPL).
• Build, mentor, and grow a team of AI governance and security automation specialists—people who understand both the regulatory landscape and the technical architecture of modern AI systems.
• Represent AlphaSense at industry forums, standards bodies, and customer conversations related to AI governance, AI security, and responsible AI practices.

Benefits

• Competitive compensation, equity, and benefits in a high-growth company with strong market position.
• You may also be offered a performance-based bonus, equity, and a generous benefits program.