Principal Information Security Risk Management – AI

EEOC

Principal Information Security Risk Management role ensuring security of enterprise-wide Generative AI and ML systems. Responsible for governance and validation within a Three Lines of Defense model.

Posted 5/28/2026full-timeScottsdale • Arizona, California, Illinois, New York • 🇺🇸 United StatesLead💰 $184,000 - $276,000 per yearWebsite

About the role

Key responsibilities & impact

Provide independent challenge and oversight of GenAI and agentic AI systems across design, deployment, and operation
Define and maintain AI security policies, standards, and control requirements for LLMs, prompt-based systems, and autonomous agents
Perform control validation and effectiveness testing across: Prompt handling and injection resistance, Model outputs and hallucination risk controls, Agent autonomy, decision boundaries, and tool use, Data access, grounding, and retrieval-augmented generation (RAG) pipelines
Assess and challenge risks related to: Prompt injection and jailbreak attacks, Data leakage through prompts, outputs, or embeddings, Model misuse, abuse, and unintended actions by agents, Third-party models such as MCP, APIs, and supply chain dependencies
Deliver risk-based reporting and insights on GenAI/agentic risks, control gaps, and systemic weaknesses
Provide oversight of AI platforms, orchestration frameworks, and tooling to ensure secure configuration and governance
Partner with First Line teams, Risk, Compliance, Legal, and Audit to ensure alignment with internal policies and emerging regulatory expectations
Support regulatory exams and internal audits as the AI Security Second Line SME

Requirements

What you’ll need

Typically, 15+ years of progressive IT experience with 8+ years in Information Security
Experience securing GenAI, LLM-based systems, or AI-driven platforms
Strong understanding of: LLM architectures, prompt engineering, and RAG patterns
Agentic AI systems, orchestration frameworks, and tool integrations
Common GenAI risks (prompt injection, data exfiltration, hallucinations, model misuse)
Experience operating in a Three Lines of Defense model and/or regulated environment (financial services preferred)
Ability to translate complex technical risks into business impact and executive-level insights
Experience in fintech or highly regulated industries
Familiarity with frameworks such as NIST AI RMF, ISO/IEC 42001, and emerging GenAI guidance
Understanding of secure AI development practices and model governance
Background in risk management, audit, or control validation

Benefits

Comp & perks

Healthcare Coverage – Competitive medical (PPO/HDHP), dental, and vision plans as well as company contributions to your Health Savings Account (HSA) or pre-tax savings through flexible spending accounts (FSA) for commuting, health & dependent care expenses.
401(k) Retirement Plan – Featuring a 100% Company Safe Harbor Match on your first 6% deferral immediately upon eligibility.
Paid Time Off – Flexible Time Off for Exempt (salaried) employees, as well as generous PTO for Non-Exempt (hourly) employees, plus 11 paid company holidays and a paid volunteer day.
12 weeks of Paid Parental Leave
Maven Family Planning – provides support through your Parenting journey including egg freezing, fertility, adoption, surrogacy, pregnancy, postpartum, early pediatrics, and returning to work.

ATS Keywords

✓ Tailor your resume

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

GenAILLM architecturesprompt engineeringRAG patternscontrol validationrisk managementmodel governancedata exfiltrationprompt injectionhallucination risk controls

Soft Skills

ability to translate complex technical risksexecutive-level insightsoversightcollaborationcommunication

Certifications

NIST AI RMFISO/IEC 42001