About the job

The Risk, Compliance and Integrity organization (RCI) brings together critical compliance, assurance, risk, and governance functions across the company to help meet compliance needs and enable our businesses to innovate securely. Operating as a critical second line of defense, we manage our operations through risk-based prioritization, independent technical validation, oversight, and consistent engagement with product engineering and legal counsel.

In this role, you will drive key AI Security assurance testing programs. You will require a deep understanding of AI/ML architectures, offensive security testing methodologies, and threat modeling, coupled with the ability to independently test existing and emerging cybersecurity and AI controls. As a second-line leader, you will need the ability to collaborate effectively across the engineering organization, provide constructive challenges, and influence at all levels. You will have a bias toward action, exceptional communication skills, and a track record of building and managing robust, independent security testing programs.

In addition to a deep technical security foundation, you will require exceptional program management capabilities, and demonstrated ability to track, report on, and effectively manage complex technical assurance initiatives from inception to completion, which includes defining clear testing objectives, establishing metrics, monitoring the first line's remediation progress, and ensuring timely and accurate reporting to engineering stakeholders and risk committees.

Responsibilities

• Provide separate oversight and issues as a critical second line of defense function, establishing and maintaining technical assurance testing frameworks for AI/ML and traditional security ecosystems.
• Lead cross-functional security testing initiatives (such as AI red teaming and architecture reviews) and conduct in-depth assessments to proactively identify complex vulnerabilities like prompt injection or data poisoning.
• Lead AI security by effectively communicating testing results, control deficiencies, and mitigation strategies to technical leadership, legal counsel, and executive stakeholders.
• Translate testing insights into actionable engineering recommendations and partner with first-line research and product teams to continuously optimize privacy and security strategies for Generative AI and traditional ML models.
• Collaborate with the Legal department to evaluate the compliance implications of identified AI privacy and security risks, ensuring all assurance efforts align with internal policies and evolving global AI regulations.