Overview
This senior leadership role is responsible for building, leading, and maturing the organization's AI security function, setting the direction for securing AI systems throughout their lifecycle.
Key Responsibilities
- Define, own, and mature the AI security strategy and program roadmap.
- Establish and maintain the organization-wide AI agent registry.
- Develop and publish secure-by-default standards, frameworks, and reference architectures for internal AI agent development.
- Create and enforce AI security policies.
- Report AI security risk posture, program progress, and emerging threats.
- Coordinate and perform GIS security reviews within the organization's AI governance framework.
- Partner with AI Governance, Privacy, Legal, and Technology stakeholders.
- Perform security risk assessments and classify AI platforms, agents, and use cases.
- Conduct a structured controls assessment for every use case.
- Issue formal, documented approval decisions for every reviewed use case.
- Manage defined SLA timelines for all reviews.
- Conduct periodic reassessments of all active agents.
- Monitor the evolving AI threat landscape.
- Lead post-incident reassessments for any active agent involved in a security incident.
- Evaluate third-party AI tools, models, and platforms for security risk.
- Maintain a risk register specific to AI systems.
- Report aggregate review metrics to the CISO.
- Define technical security requirements for AI agents.
- Build, lead, and develop a team of AI security engineers.
- Own and resource red team and adversarial testing programs targeting AI systems.
- Drive adoption of secure coding practices and security tooling within AI development workflows.
- Establish governance frameworks with the IAM team.
- Set data security standards with the ML/Data Security Analyst.
- Define data classification requirements for information flowing through AI systems.
- Develop and maintain AI-specific incident response runbooks.
- Serve as executive sponsor and escalation point for significant AI-related security incidents.
- Conduct post-incident reviews and drive lessons learned back into the AI security program.
- Serve as the organization's primary subject matter expert on AI-specific regulatory requirements.
- Partner with the GRC team to map AI security controls to compliance obligations.
- Monitor the evolving AI regulatory landscape.
- Recruit, hire, onboard, and develop a high-performing AI security team.
- Set clear team goals, conduct regular performance reviews, and create development plans.
- Foster a team culture of continuous learning.
- Lead vendor evaluation and selection for AI security tooling.
- Develop a multi-year AI security roadmap.
Required Experience
10+ years of experience in information security, with at least 4-5 years in a people management or senior security leadership role. Demonstrated hands-on experience securing AI/ML systems, LLM-based applications, or agentic AI workflows. Proven experience conducting threat modeling, security architecture reviews, and risk assessments for complex, distributed systems. Experience building and leading security teams, including hiring, developing, and retaining talent. Track record of working cross-functionally with engineering, product, legal, and compliance teams; experience owning and managing a security budget. Prior experience with incident response and managing security incidents involving automated or AI-driven systems is strongly preferred. Demonstrated experience managing and developing a team of security professionals.
Qualifications
Bachelor's degree in Computer Science, Information Security, Cybersecurity, or a related technical field. Advanced degree (Master's or equivalent) preferred but not required where experience is demonstrably strong.