AI Security Governance Architect

This is a fully remote position, open to applicants in Spain.

📋 Description

• Assist in the client's AI Security Governance Program by establishing, implementing, and continually enhancing the cybersecurity control framework for AI, GenAI, and agentic AI applications.

• This role will collaborate with security, architecture, and business teams to ensure that AI initiatives are documented, evaluated, governed, and secured throughout their lifecycle.

• The individual will serve as the cybersecurity subject matter expert for AI governance, supporting the project manager in translating AI-related risks into actionable controls, processes, requirements, evidence, and decision criteria.

• Develop and improve the security governance model for AI systems, which includes intake, registration, risk classification, control mapping, approvals, exceptions, monitoring, and periodic reassessment.

• Ensure alignment of the governance model with established frameworks such as NIST AI RMF, NIST Generative AI Profile, ISO/IEC 42001, OWASP Top 10 for LLM Applications, and applicable local regulations like EU AI Act obligations.

• Evaluate AI and GenAI use cases from a cybersecurity standpoint, addressing various risks such as access control, logging, incident response, model exposure, data leakage, and security requirements.

• Convert risks into practical security controls, including policies, technical requirements, architecture patterns, guardrails, evidence requirements, control owners, and acceptance criteria.

• Utilize existing tools to ensure the governance model is practical, which involves mapping tool capabilities and defining necessary data fields.

⛳️ Requirements

• Over 8 years of experience in cybersecurity, with a strong background in security governance, security architecture, risk management, or AppSec/CloudSec.

• Deep understanding of AI/GenAI security risks, particularly those associated with LLM applications, including prompt injection, data leakage, model supply chain, AI agent permissions, RAG security, model/API exposure, and third-party AI usage.

• Capability to create governance that is operationally effective, beyond just policy documentation.

• Experience with enterprise control frameworks.

• Exceptional documentation and communication skills, with the ability to produce materials suitable for executive audiences and define technical controls.

• Strongly preferred: Experience in one or more of the following areas:

• - AI governance programs

• - AISPM experience

• - GenAI application security assessments

• - M365 Copilot / enterprise copilots

• - AI agent governance

• - ML/LLM model risk management

• - Data Security Posture Management

• - Cloud security architecture

• - Secure SDLC / DevSecOps

• - Third-party AI vendor risk

• - GRC tooling and control evidence automation

• - SOC monitoring for AI-related threats

• Familiarity with tools such as HiddenLayer, Sentra, Zenity, Wiz, Microsoft Purview, Defender, CSPM/CWPP, DLP, SIEM/SOAR, cloud-native security tools, or GRC platforms would be advantageous.

• Certifications / knowledge:

• Useful but not mandatory:

• - CISSP, CISM, CRISC, or equivalent

• - Cloud security certifications: AWS, Azure, GCP, CCSP

• - AI governance / AI risk training

• - Knowledge of privacy laws: GDPR, DPIA, data classification

• - Understanding of EU AI Act requirements for deployers of high-risk AI systems, including governance, monitoring, human oversight, and logging obligations where relevant.

🏝️ Benefits

• Salary based on market standards and your experience 🤑

• Flexible 35-hour work week 😎

• Optional fully remote work 🌍

• Flexible compensation options (restaurant, transport, and childcare) ✌

• Comprehensive health insurance with a co-payment for dental services 🚑

• Individual training or equipment budget, along with free Microsoft certifications 📚

• English language lessons 🗽

• Day off for your birthday 🌴🥳

• Monthly bonus for home electricity and Internet expenses 💻

• Discounts on gym memberships and sports activities 🔝

• Annual team-building event called Plain Camp 🎪

• Additional perks: attendance at events and speakers, welcome pack, baby basket, Christmas basket, employee discount portal ➕ Enjoy working with cutting-edge technological tools!