×
Register Here to Apply for Jobs or Post Jobs. X

AI Security Governance & Policy Specialist

Job in Kuwait City, Kuwait
Listing for: International Turnkey Systems - ITS
Full Time position
Listed on 2026-07-07
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security, Data Security, AI Evaluation
Salary/Wage Range or Industry Benchmark: 16740 - 22320 KWD Yearly KWD 16740.00 22320.00 YEAR
Job Description & How to Apply Below

For a well-known Islamic Bank in Kuwait
, we are hiring an AI Security Governance & Policy Specialist to build and operate security governance for LLM/ML/AI systems across the full lifecycle (use-case intake → design → build → test → deploy → monitor → retire).

This position focuses on delivering tangible governance outputs: writing and maintaining enforceable policies and standards, translating frameworks into practical control requirements, performing AI security risk assessments, reviewing solution designs and technical evidence, and ensuring required testing and monitoring are implemented and evidenced.

The role aligns AI governance and controls to recognized frameworks such as NIST AI RMF and ISO/IEC 42001, while ensuring consistency with existing enterprise security baselines (e.g., ISO/IEC 27001-style controls). The specialist partners with VMPT to ensure AI solutions undergo appropriate testing (including adversarial testing/red teaming), secure code practices, vulnerability management, and evidence-based exception handling where required.

Key Responsibilities AI Policies, Standards, and Control Requirements
  • Draft, maintain, and publish AI security policies, standards, and minimum baselines for LLM/ML/AI solutions.
  • Produce clear, testable requirements and guidance covering:
  • Model onboarding and approval (internal and third-party models, versioning, provenance, licensing/usage constraints)
  • Secure AI SDLC requirements (threat modeling, secure design, testing, change control, release gates)
  • AI data governance requirements (data classification, retention, data minimization, leakage prevention, approved sources for RAG)
  • Logging/telemetry requirements for AI apps and model endpoints (audit trails, redaction guidance, monitoring and alerting expectations)
  • Maintain reusable governance artifacts and templates: intake forms, control checklists, evidence packs, exception/waiver forms, and sign-off criteria.
AI Risk Assessments and Control Validation
  • Perform hands-on AI security risk assessments for new and changed use cases, documenting:
  • threat scenarios specific to AI and LLM integrations
  • required controls and compensating controls
  • residual risk and recommended risk treatment
  • Apply NIST AI RMF concepts to structure AI risks in a practical way that engineering teams can implement and test.
  • Maintain an AI security risk register with clear remediation actions, owners, dates, and closure evidence.
  • Validate control implementation by reviewing technical evidence (architecture diagrams, IAM role assignments, secrets handling approach, logging configuration, test results, monitoring dashboards), and track remediation through closure.
Testing, Assurance, and Evidence Requirements
  • Define and enforce minimum assurance requirements for AI solutions, including:
  • adversarial testing / AI red teaming minimum expectations (in coordination with VMPT)
  • secure code review expectations for AI application layers (prompt handling, retrieval logic, output handling, tool invocation)
  • pre-production and post-release monitoring requirements (abuse detection signals, data leakage indicators, model/API usage anomalies)
  • Review and validate the evidence that testing and monitoring were performed and met required outcomes (reports, findings, retest results, operational telemetry).
  • Ensure guidance remains aligned with industry references such as OWASP LLM Top 10, and translate that guidance into actionable requirements and developer-friendly mitigation checklists.
Cloud, Vendor, and Data Handling Governance
  • Maintain “secure-by-default” patterns for Azure-based GenAI deployments, including:
  • identity and access controls (least privilege, service identities, key rotation expectations)
  • network isolation and endpoint exposure controls
  • secrets management and encryption requirements
  • logging/telemetry baselines and retention requirements
  • environment separation and deployment guardrails
  • Define governance requirements for enterprise GenAI data handling (what data is permitted, what must be masked/redacted, what requires additional approvals, what must be logged).
  • Support onboarding of third-party AI services and vendors by defining security questionnaires, minimum…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary