Lead - Cybersecurity Risk & Compliance

<p>The Cybersecurity Risk &amp; Compliance function is responsible for evaluating security and compliance risks within the organization. We set up security benchmarks, verify adherence to these standards across all internal sectors, and promote a culture of information security throughout the company. As a key member of our team, you will play a pivotal role in fortifying our security measures, leveraging your expertise in regulatory frameworks, cloud technologies, and emerging domains such as Artificial Intelligence (AI).</p><p><strong>Impact You Can Create</strong></p><p>You will be the vanguard of our organization's security posture, ensuring we safely navigate the complex intersection of traditional cybersecurity and cutting-edge AI technologies. By championing a culture of information security and proactive risk management, you will directly safeguard our products, data, and business functions. Your leadership in AI governance—covering everything from model risk management to prompt injection safeguards—will empower the business to innovate rapidly and responsibly without compromising on security, compliance, or trust.</p><p><strong>Roles and Responsibilities</strong></p><ul><li><strong>Risk Management &amp; Collaboration:</strong> Enumerate and manage cybersecurity and compliance risks across products and business functions, specifically including risks arising from AI/ML systems, GenAI integrations, third-party AI services, and agentic workflows. Partner with Product/Functional teams to ensure prudent risk ownership.</li><li><strong>Policy &amp; AI Governance:</strong> Drive day-to-day policy and control governance initiatives. Design and oversee the enforcement of policies based on industry best practices, heavily emphasizing AI governance (model lifecycle management, AI data handling, secure AI deployment).</li><li><strong>Framework Readiness &amp; Certification:</strong> Certify the readiness of identified security frameworks by operationalizing control requirements. This includes AI-specific frameworks like ISO 42001, NIST AI RMF, and applicable AI regulations (e.g., EU AI Act).</li><li><strong>Monitoring &amp; Reporting:</strong> Review and report on the operating effectiveness of controls and risk/loss exposure (including AI model security, data privacy in AI, and third-party AI usage). Develop metrics, dashboards, and evidence artifacts to present AI risk posture and governance maturity to Leadership.</li><li><strong>Internal Consulting:</strong> Provide contextual guidance to internal teams regarding processes and controls to continuously improve the organization's information security and AI compliance posture.</li><li><strong>Security Awareness:</strong> Drive a year-round security awareness program. Conduct training and workshops to motivate desired behaviors, specifically focusing on the responsible and secure use of AI tools.</li><li><strong>Team Leadership:</strong> Act as a role model, providing a healthy platform for the team to learn and grow, particularly in building awareness around emerging AI security trends.</li><li><strong>Continuous Learning:</strong> Stay abreast of developing regulatory concerns, changing information security trends, and evolving global AI compliance requirements.</li></ul><p><strong>Skills</strong></p><ul><li><strong>Cloud &amp; AI Security:</strong> Strong conceptual understanding of the AWS cloud platform to define controls for cloud environments and AI/ML workloads. Deep understanding of AI/ML risk domains, including data leakage, prompt injection, model misuse, hallucination risks, bias/fairness, and SaaS AI integrations.</li><li><strong>Risk Assessment Methodologies:</strong> Working experience or conceptual understanding of quantified risk assessments, specifically the FAIR methodology, and its application to AI-related risks.</li><li><strong>Communication &amp; Reporting:</strong> Exceptional ability to gather, analyze, and evaluate facts to prepare and present concise, ... (truncated, view full listing at source)