Director, AI & Technology Risk

Levi Strauss•San Francisco, CA

5d•$167,000 - $245,000•Hybrid

About The Position

The Director of AI & Technology Risk serves as the enterprise security authority for artificial intelligence (including generative and agentic AI), automation, and latest technology risk across Levi Strauss & Co. You will partner with retail, digital, supply chain, corporate, and regional departments to embed security into strategy, procurement, technology adoption, and operational transformation projects. You will establish governance frameworks, risk standards, and secure enablement guardrails to ensure AI systems - particularly generative AI models, agentic workflows, and autonomous automation capabilities - are adopted responsibly, securely, and in alignment with enterprise risk tolerance. This Director-level role reports to the Senior Director of Cyber Risk & Strategy. You will provide leadership and oversight to Business Information Security Officers (BISOs) in Europe and Asia. Additionally, you will ensure a global risk posture and harmonized security engagement model.

Requirements

BA/BS in Business, Computer Science, Information Security, Engineering, or related field.
10+ years of progressive experience in cybersecurity, risk management, or technology governance; 5+ years influencing senior business leaders.
Expertise leading security programs in complex global, matrixed organizations.
Experience managing distributed or regional security leaders.
Quantify risk and communicate trade-offs in business terms.
Experience with enterprise risk frameworks (NIST CSF, ISO/IEC 27001, FAIR), regulatory regimes (GDPR, PCI-DSS), and third-party risk management.
Working knowledge of generative AI and agentic AI risk domains, including model lifecycle governance, prompt security, agent autonomy controls, and vendor AI oversight.
Translate security goals into business-aligned execution roadmaps and measurable outcomes.
Ability to challenge assumptions constructively and lead accountability across global teams.

Nice To Haves

Advanced degree desirable but not required.

Responsibilities

Serve as subject matter expert between cybersecurity and global teams on generative AI, agentic AI, automation, and latest technology risk.
Establish and maintain the enterprise AI & Technology Risk framework, including standards and guardrails for generative and agent-based AI systems.
Define AI use case intake, review, and risk tiering processes for model deployment, prompt-based systems, and autonomous agents.
Develop security requirements addressing model abuse, prompt injection, data leakage, excessive autonomy, tool invocation risk, and third-party AI integration.
Partner with Procurement, Legal, Privacy, Data, and Enterprise Architecture to embed security requirements into AI vendor selection, contracts, and governance models.
Provide architectural risk guidance for AI integrations, APIs, RAG implementations, agent orchestration layers, automation workflows, and data usage patterns.
Lead BISOs in Europe and Asia, ensuring AI and technology risk management best practices and reporting across regions.
Guide measurable reduction of AI-related risk exposure through improved governance, control maturity, and executive visibility.
Participate in enterprise risk councils and executive forums to communicate generative and agentic AI risk posture and new threat trends.
Collaborate with Detection Engineering, Cloud Security, and AppSec teams to investigate and improve AI-related security incidents.
Monitor global regulatory developments (e.g., EU AI Act, GDPR) and assess impact to enterprise generative and agentic AI strategy.