GenAI Cloud Security Chief Architect

About The Position

Requirements

• 10+ years in Information Security with 4+ years in cloud security and 2+ years in AI/ML or LLMOps security.
• Hands‑on multi‑cloud expertise: AWS: IAM, KMS, PrivateLink, Bedrock, SageMaker, GuardDuty, CloudTrail. Azure: Entra ID, Key Vault, Private Endpoints, Azure OpenAI, ML, Defender for Cloud. GCP: IAM, KMS, VPC‑SC, Vertex AI, Cloud Armor, Audit Logs. OCI: IAM, Vault, Service Gateway, Data Science, Logging & Events.
• Security engineering proficiency: Zero Trust, policy‑as‑code (OPA/Conftest), secrets management (HashiCorp Vault), container security, SBOMs, SLSA, Sigstore.
• AI/LLM stack knowledge: RAG patterns, vector databases (Pinecone/Weaviate/FAISS), prompt engineering, guardrails (e.g., policy filtering), evaluation frameworks, agent orchestration (MCP/ACP/A2A, function/tool calling).
• Threat modeling and offensive testing for AI systems, including prompt injection and agent misuse.
• Strong understanding of privacy and compliance impacting AI (GDPR, CCPA, GLBA, sector‑specific regs).

Nice To Haves

• Experience deploying agentic AI in production with secure toolchains and runtime isolation.
• Familiarity with confidential computing (AMD SEV, Intel SGX, Azure Confidential Computing, Nitro Enclaves) and privacy‑preserving ML (differential privacy, federated learning, homomorphic encryption).
• Experience with model risk management and AI explainability/traceability (provenance, watermarking, evaluation pipelines).
• Background in financial services or other highly regulated industries.
• Expertise with data governance (catalogs, lineage, quality) and security posture management (CSPM/CNAPP) for AI workloads.
• Certifications (Nice to Have) CISSP, CCSP, CISM Certified Cloud Security Professional (CCSP) equivalents for AWS/Azure/GCP/OCI Machine Learning / AI certifications (e.g., AWS ML Specialty, Azure AI Engineer)

Responsibilities

• Define and operationalize the AI Security Strategy covering models (foundation, open‑source, fine‑tuned), data pipelines, orchestration layers, agents, and integrations across AWS, Azure, GCP, and OCI.
• Establish and maintain an AI Risk Framework (e.g., NIST AI RMF, ISO/IEC 23894), mapping to enterprise risk taxonomy, control objectives, and regulatory requirements (e.g., SOC 2, ISO 27001, NIST 800‑53, CSA CCM).
• Create AI security policies and standards (prompt safety, model access control, agent permissions, data retention, evaluation criteria, provenance & watermarking) and drive adoption across product and platform teams.
• Lead AI Security Governance forums with Legal, Compliance, Privacy, Risk, and Data teams; champion secure‑by‑design and privacy‑by‑design principles.
• Perform Security Architecture Reviews for AI systems: Models: hosted (Azure OpenAI, Bedrock, Vertex AI), self‑hosted (Open source, on‑prem GPUs), retrieval augmented generation (RAG). Agents: MCP servers, ACP patterns, A2A (Agent‑to‑Agent) communication, tool/plugin ecosystems, vector DBs, function calling. Pipelines: data ingestion/ETL, feature stores, prompt libraries, guardrails, evaluators, and observability.
• Develop and maintain security reference architectures for multi‑cloud AI workloads, including: Identity & Access (IAM, workload identity federation, secrets & key management). Network segmentation, private connectivity, service endpoints, API gateways. Data security (classification, tokenization, encryption, confidential computing, secure enclaves). Model security (supply chain, signing, attestation, integrity verification, model provenance).
• Design and implement agent safety controls: sandboxing, least‑privilege tooling, capability constraints, policy enforcement (RBAC/ABAC), prompt injection defenses, jailbreak & prompt‑leak mitigation, safe tool‑use patterns.
• Build secure AI agents and MCP/ACP/A2A integrations (e.g., tools for enterprise systems like ticketing, knowledge bases, DevOps, and cloud APIs), including: Runtime isolation (containers, microVMs), egress controls, command filtering, and audit trails. Safety guardrails: content filters, toxicity checks, output validation, semantic gateways. Observability: telemetry, tracing, prompt/result logging, risk scoring, red‑team feedback loops.
• Embed LLMOps/MLOps security in CI/CD: model artifact scanning, dependency SBOMs, policy‑as‑code, attestation, and controlled promotion through environments.
• Implement continuous evaluation and guardrails: adversarial prompts, scenario-based testing, safety & accuracy metrics, drift detection, hallucination tracking, bias & fairness assessments.
• Map AI controls to regulatory frameworks (e.g., financial sector, privacy laws including GDPR/CCPA/GLBA).
• Partner with Cloud Architecture, Data Science, and Cloud Platform teams to deliver secure AI features at speed without compromising risk posture.
• Educate and enable engineering teams: playbooks, secure coding guidelines for agents, prompt hygiene, model evaluation standards, and threat modeling workshops.
• Communicate risk and value trade‑offs to executives; produce clear dashboards and reports on AI security KPIs, incidents, and risk reduction.

Benefits

• Health & Wellness: Health care coverage designed for the mind and body.
• Flexible Downtime: Generous time off helps keep you energized for your time on.
• Continuous Learning: Access a wealth of resources to grow your career and learn valuable new skills.
• Invest in Your Future: Secure your financial future through competitive pay, retirement planning, a continuing education program with a company-matched student loan contribution, and financial wellness programs.
• Family Friendly Perks: It’s not just about you. S&P Global has perks for your partners and little ones, too, with some best-in class benefits for families.
• Beyond the Basics: From retail discounts to referral incentive awards—small perks can make a big difference.