Job Responsibilities:
- Implement and manage security controls specifically designed for AI systems throughout their lifecycle (data collection, model training, deployment, monitoring).
- Address AI-specific security risks such as data poisoning, model inversion attacks, adversarial attacks, and prompt injection vulnerabilities.
- Lead or support the implementation and maintenance of our ISO 42001 (Artificial Intelligence Management System), ensuring compliance with its requirements for trustworthiness, robustness, and ethical considerations in AI systems.
- Conduct AI-specific risk assessments, identifying and mitigating risks related to AI bias, privacy, security, and societal impact.
- Develop, review, and refine comprehensive AI security, data governance, and information security policies, standards, and procedures, ensuring alignment with ISO 42001.
- Prepare for and support internal and external audits for ISO 42001 certification.
- Contribute to the design, implementation, and continuous improvement of our ISO 27001 (Information Security Management System), ensuring its relevance and effectiveness
- Support in audits, risk assessments, and gap analysis, ensuring adherence to compliance requirements.
- Assess organizational cybersecurity posture using the NIST Cybersecurity Framework (CSF).
- Identify and document gaps and provide recommendations of security measures aligned with NIST CSF. Prepare compliance status and risk reduction strategies.
- Assist in drafting and updating organizational policies and procedures for governance and compliance.
- Deliver complex projects in a fast-paced, team environment
Job Specifications:
1. Qualification:
- Bachelor's degree in Engineering or closely related coursework in technology development disciplines
- Certifications Security+, CEH, ISO 27001 Lead Implementer/Lead Auditor, ISO 42001 Lead Implementer, CISA, relevant certification in AI Security (good to have, but not mandatory)
2. Experience:
- Total Experience (2): 5-8 years
- Total Experience (1): 2-4 years
Knowledge and Experience:
- Demonstrable practical experience with ISO 27001 implementation, maintenance, or audit support.
- Strong understanding and practical application experience with the NIST Cybersecurity Framework (CSF).
- Familiarity with or emerging experience in AI security concepts (e.g., model security, data integrity for AI, bias mitigation).
- Awareness of or exposure to ISO 42001 principles and requirements for AI management systems is highly desirable.
- Good understanding of information security principles and related compliance controls. Ability to articulate the relevance of the security controls
- Experience in delivery of Information Security risk and compliance advisory services
- Experience in management consulting and information security audits
- Experience around technology risk assessments
- Ability to research and develop new risk-based security offerings
- Comfortable working in a project based / client serving model
Personal Attributes
- Self-starter and quick learner requiring minimal ramp-up
- Excellent written, oral, and interpersonal communication skills
- Highly self-motivated, self-directed, and attentive to detail
- Ability to effectively prioritize and execute tasks in a high-pressure environment
