Director, Information Security - AI Governance

HOW YOU'LL CONTRIBUTE

• Design and implement an AI security governance framework, aligned with enterprise GRC objectives and integrated into existing cybersecurity and compliance programs.
• Develop, maintain, and enforce AI-specific information security policies, standards, and procedures - covering secure model development, data integrity, model access, third-party use, and post-deployment monitoring.
• Lead AI-specific security risk assessments, including threat modeling, control gap analysis, and secure architecture reviews for internal and vendor-developed AI/ML systems.
• Document AI-related security risks, controls, and mitigation strategies, ensuring traceability and alignment with enterprise risk registers, control libraries, and regulatory expectations.
• Oversee AI-focused third-party risk assessments, evaluating external vendors' AI system design, privacy/security posture, data sourcing, and model behavior claims.
• Monitor the evolving AI threat landscape, including adversarial ML, data poisoning, model inversion, and misuse risks. Translate findings into actionable controls and security requirements.
• Collaborate with Legal, Privacy, Data Governance, IT, and Product teams to ensure AI systems comply with applicable regulations and guidance (e.g., NIST AI RMF, EU AI Act, FTC AI guidance, state legislation).
• Partner with technical security teams to Integrate AI capabilities into existing security infrastructure (e.g., SIEM, SOAR, EDR).
• Develop adversarial testing frameworks to validate model robustness and security.
• Provide leadership during AI-related security incidents, including investigation, root cause analysis, containment, and post-incident control design.
• Establish AI-related KPIs/KRIs, dashboards, and executive reporting that highlight risk posture, control coverage, and maturity of AI security governance.
• Serve as an internal advisor and thought leader on secure and responsible AI use, balancing innovation with risk reduction and regulatory alignment.
• Act as a key point of contact during regulatory exams, audits, and third-party reviews involving AI and model-related controls.
• Integrate AI governance processes and risk indicators into existing GRC tools (e.g., ServiceNow GRC, Archer, LogicGate) and enterprise control frameworks (NIST CSF, ISO 27001, SOC2, SOX, etc.).
• Partner with training and awareness team to develop and launch AI specific security trainings and awareness campaigns.

WHAT YOU'LL BRING

Required Education, Experience, Certification/Licensure

Leadership Responsibilities

• 10+ years of experience in information security or cybersecurity risk management
• 3-5 years leading governance or risk programs with AI/ML, model risk, or advanced analytics technologies
• Experience engaging with auditors, regulators, and legal teams in a cybersecurity context
• Manage and grow a team of GRC and AI security professionals; foster technical development, accountability, and delivery excellence.
• Lead cross-functional working groups and governance committees to define and drive AI security objectives.
• Represent the security function in enterprise AI steering forums, industry engagements, and regulatory collaborations.
• Contribute to long-term strategic planning for AI adoption and governance from a security lens.

In-depth understanding of:

• Information security frameworks (NIST, ISO 27001, CIS, FFIEC, etc.)
• AI governance models (NIST AI RMF, EU AI Act, OECD, ISO 42001)
• Cloud-native security, identity and access management (IAM), and data protection within AI/ML architectures
• Demonstrated success in:
  • AI/ML threat modeling and control design
  • Vendor risk assessments involving AI/ML components
  • Policy lifecycle management and regulatory mapping
• Experience with GRC tools and risk automation platforms (e.g., Archer, ServiceNow GRC)
• Excellent communication and executive presentation skills, with the ability to translate complex risks for varied audiences.
• Bachelor's degree in Information Security, Computer Science, Engineering, or a related field required.
• Advanced degree or formal training in AI security, data ethics, or regulatory compliance preferred.
• Preferred: CISM, CISSP, CRISC, or CGEIT
• Bonus: CIPP/US, CIPM, certifications in AI governance, responsible AI, or cloud security

Salary Range: $166,800.00 - $222,300.00

This hiring range is a reasonable estimate of the base pay range for this position at the time of posting. Pay is based on a number of factors which may include job-related knowledge, skills, experience, business requirements and geographic location