Sr. Information Security Architect – AI & Cloud Security

Position Overview

The Sr. Information Security Architect – AI & Cloud Security is a senior member of the BISO Secure Solutions Design team responsible for defining secure architecture patterns, assessing emerging AI/ML solutions, and ensuring alignment with Global Information Security policies and enterprise architecture strategies.

• Develop and maintain secure design patterns and controls for AI/ML solutions, including LLMs, RAG architectures, vector databases, and enterprise AI agents.
• Define a secure operating environment and ensure alignment with enterprise architecture strategy and GIS standards.
• Evaluate system impacts, data flows, integration points, and non‑functional requirements such as security.
• Provide solution options to resolve architectural constraints and remove design impediments.
• Participate in design reviews, feature decomposition, and technical governance for AI‑enabled platforms and SDLC‑integrated developer tools.
• Conduct AI‑specific risk assessments using frameworks including MITRE ATLAS, OWASP Top 10 for LLMs/GenAI, and NIST AI RMF.
• Perform detailed threat modeling (STRIDE or equivalent) for cloud, application, data, and AI use cases.
• Identify risks such as prompt injection, model/data poisoning, data leakage, model theft, hallucinations, and supply‑chain risk across model, dataset, and embedding ecosystems.
• Define compensating controls and architectural safeguards for AI/ML pipelines, including input/output filtering, retrieval restrictions, data minimization, privacy controls, and identity boundaries.
• Work across lines of business, operations, enterprise architecture, data science, and development teams to ensure clear solution intent and secure‑by‑design outcomes.
• Translate policy and standards into actionable architecture guidance for delivery teams.
• Educate partners on architectural best practices, security control requirements, and evolving AI threat landscapes.
• Support technology stack evaluations and selection of secure tools, platforms, and third‑party integrations.
• Provide architecture review documentation, data flow diagrams, and risk summaries to support governance processes.

• 8+ years of experience in information security or enterprise architecture, with recent focus on AI/ML or Generative AI security.
• Proven experience performing secure architecture assessments, design reviews, and threat models for complex, integrated systems.
• Strong understanding of Generative AI, LLM risk, and security frameworks (MITRE ATLAS, OWASP LLM Top 10, NIST AI RMF).
• Broad experience across cloud platforms (AWS), identity, key management, secrets management, networking, containers, and API security.
• Expertise in interpreting and applying internal security policies, standards, and controls.
• Strong communication skills with the ability to convey complex technical concepts to technical and non technical audiences, including senior leadership.
• Demonstrated ability to drive decisions, collaborate across teams, and balance risk vs. business needs.
• Hands‑on experience preparing technical diagrams and threat models.

• Experience with advanced developer tools such as Git Hub Copilot, Microsoft Copilot Studio, or similar AI coding assistants.
• Certifications such as CISSP, CISM, CCSP, CCSK, CRISC, or cloud architecture/security certifications.
• Familiarity with agile methodologies, Dev Ops practices, CI/CD pipelines, and developer experience platforms.
• Experience in financial services or other regulated industries.

• Analytical Thinking
• Architecture
• Result Orientation
• Solution Design
• Technical Strategy Development
• Application Development
• Collaboration
• Data Management
• Dev Ops Practices
• Risk Management
• Agile Practices
• Automation
• Influence
• Solution Delivery Process
• Test Engineering

Shift: 1st shift (United States of America). Hours per week: 40.