Define and operationalize the AI Security Strategy covering models (foundation, open‑source, fine‑tuned), data pipelines, orchestration layers, agents, and integrations across AWS, Azure, GCP, and OCI.
Establish and maintain an AI Risk Framework (e.g., NIST AI RMF, ISO/IEC 23894), mapping to enterprise risk taxonomy, control objectives, and regulatory requirements (e.g., SOC 2, ISO 27001, NIST 800‑53, CSA CCM).
Create AI security policies and standards (prompt safety, model access control, agent permissions, data retention, evaluation criteria, provenance & watermarking) and drive adoption across product and platform teams.
Lead AI Security Governance forums with Legal, Compliance, Privacy, Risk, and Data teams; champion secure‑by‑design and privacy‑by‑design principles.
Perform Security Architecture Reviews for AI systems: Models: hosted (Azure OpenAI, Bedrock, Vertex AI), self‑hosted (Open source, on‑prem GPUs), retrieval augmented generation (RAG).
Design and implement agent safety controls : sandboxing, least‑privilege tooling, capability constraints, policy enforcement (RBAC/ABAC), prompt injection defenses, jailbreak & prompt‑leak mitigation, safe tool‑use patterns.

Requirements

10+ years in Information Security with 4+ years in cloud security and 2+ years in AI/ML or LLMOps security.
Hands‑on multi‑cloud expertise: AWS: IAM, KMS, PrivateLink, Bedrock, SageMaker, GuardDuty, CloudTrail.
Azure: Entra ID, Key Vault, Private Endpoints, Azure OpenAI, ML, Defender for Cloud.
GCP: IAM, KMS, VPC‑SC, Vertex AI, Cloud Armor, Audit Logs.
OCI: IAM, Vault, Service Gateway, Data Science, Logging & Events.
Security engineering proficiency: Zero Trust, policy‑as‑code (OPA/Conftest), secrets management (HashiCorp Vault), container security, SBOMs, SLSA, Sigstore.
AI/LLM stack knowledge: RAG patterns, vector databases (Pinecone/Weaviate/FAISS), prompt engineering, guardrails (e.g., policy filtering), evaluation frameworks, agent orchestration (MCP/ACP/A2A, function/tool calling).
Threat modeling and offensive testing for AI systems, including prompt injection and agent misuse.
Strong understanding of privacy and compliance impacting AI (GDPR, CCPA, GLBA, sector‑specific regs).

Benefits

Health & Wellness: Health care coverage designed for the mind and body.
Flexible Downtime: Generous time off helps keep you energized for your time on.
Continuous Learning: Access a wealth of resources to grow your career and learn valuable new skills.
Invest in Your Future: Secure your financial future through competitive pay, retirement planning, a continuing education program with a company-matched student loan contribution, and financial wellness programs.
Family Friendly Perks: It’s not just about you. S&P Global has perks for your partners and little ones, too, with some best-in class benefits for families.
Beyond the Basics: From retail discounts to referral incentive awards—small perks can make a big difference.

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard skills

AI Security Strategycloud securityAI/ML securityZero Trustpolicy-as-codesecrets managementcontainer securityRAG patternsprompt engineeringthreat modeling

Soft skills

leadershipcommunicationcollaborationrisk managementpolicy development

Certifications

NIST AI RMFISO/IEC 23894SOC 2ISO 27001NIST 800-53