The organization is accelerating the adoption of AI (including GenAI and LLM-enabled capabilities) across products, platforms, and internal operations. This creates new opportunities as well as security, privacy, compliance, and operational risks that must be governed consistently at enterprise scale.
The AI Security & Governance Lead will establish and drive an enterprise AI security, governance, and risk management program. The role partners with Cloud Security, Application Security, GRC, SOC, Engineering, Data Privacy, Enterprise Architecture, Legal, and business teams to enable secure and responsible AI adoption and to ensure AI initiatives align with enterprise cybersecurity, privacy, and compliance requirements.
Key Responsibilities
AI Security Governance & Strategy
- Define and drive enterprise AI security strategy and roadmap.
- Establish AI governance framework, standards, and security guardrails for AI development and consumption.
- Develop AI acceptable use policies and secure AI adoption guidelines for employees and vendors/partners.
- Define AI risk classification and review mechanisms, including intake, exception handling, and approvals.
- Establish AI security review and approval processes for new AI use cases, models, and integrations.
AI Risk Management & Compliance
- Conduct AI security and risk assessments for enterprise AI initiatives and high-impact use cases.
- Assess risks related to GenAI, LLMs, APIs, plugins, agents, and AI integrations (including third-party AI services).
- Identify and manage risks such as data leakage, prompt injection, insecure output handling, model misuse, and shadow AI adoption.
- Align AI controls with enterprise security, privacy, and compliance requirements.
- Support compliance alignment with ISO 27001, PCI DSS, privacy regulations, and emerging AI regulations.
Security Architecture & Engineering Oversight
- Review AI solution architectures from a security perspective and provide actionable design recommendations.
- Assess security of AI platforms, cloud AI services, and integrations; define security baselines for AI workloads and AI-enabled applications.
- Review identity, access management, and Zero Trust controls for AI platforms (including service identities, secrets, and privileged access).
- Collaborate with Engineering and Application teams to integrate AI security controls into SDLC and DevSecOps processes.
AI Monitoring & Operational Governance
- Establish AI security monitoring and reporting requirements, including telemetry for AI services and AI-enabled applications.
- Define AI-related KPIs/KRIs and governance dashboards; track remediation and closure of AI security findings.
- Coordinate with SOC and Security Operations for AI threat monitoring, detection engineering, and incident handling.
- Monitor AI adoption trends, shadow AI usage, and enterprise AI risk exposure; drive risk-informed mitigations.
Stakeholder Engagement & Awareness
- Partner with business, engineering, cloud, legal, privacy, and risk teams to enable secure AI adoption.
- Conduct awareness and training sessions on secure AI usage and AI governance requirements.
- Provide guidance to business and technology teams on AI security best practices and secure solution patterns.
- Support leadership with AI security posture reporting and strategic recommendations.
Team Size
- Direct Team: AI security / governance resources (as applicable) and dotted-line governance participants
- Indirect Team: Cloud Security, AppSec/DevSecOps, GRC, SOC, Data Privacy, Enterprise Architecture, Engineering, and Business stakeholders
Skills & Experience Required
- 8–12 years of experience in cybersecurity, security architecture, cloud security, application security, GRC, or related domains.
- Strong experience in cybersecurity governance and risk management, including security reviews, control design, and policy/standards development.
- Working understanding of AI/GenAI concepts, LLMs, and AI security risks (e.g., data leakage, prompt injection, insecure output handling, model misuse, and shadow AI).
- Experience with cloud security and modern application architectures; familiarity with cloud AI services and AI platform integrations.
- Strong understanding of Zero Trust principles, IAM, API security, data protection/DLP, and threat modeling.
- Experience partnering with engineering, cloud, product, and business teams to implement scalable security governance and controls.
- Strong communication, stakeholder management, and program coordination skills; ability to translate risk into business impact.
Preferred Technical Areas
- AI/GenAI security and governance
- Cloud security
- Application security / DevSecOps
- API security
- Data security & DLP
- Security architecture
- Identity & Access Management
- Threat modeling and security assessments
- Security governance & risk management
Qualification:
- Bachelor's degree in Computer Science, Information Technology, Engineering, or a related field. Master's degree is a plus.
Certifications (Mandatory – at least one from each category preferred)
Security / Governance Certifications
Cloud Security Certifications
- AWS Security – Specialty
- Azure Security Engineer Associate
- Google Professional Cloud Security Engineer
- CCSK (Cloud Security Alliance)