Head of AI Security Architecture

Who we are looking for

The Head of AI Security Architecture is a senior leadership role responsible for defining, governing, and scaling secure-by-design AI architectures across State Street's technology landscape. This role ensures that AI, machine learning, and generative AI capabilities are delivered safely, defensibly, and in alignment with regulatory expectations, while enabling innovation at enterprise scale.

This leader will be accountable for AI threat modeling, security architecture standards, control design, and integration of AI security into engineering workflows, ensuring that security accelerates-not constrains-business and technology outcomes. The role requires deep expertise in product security, cloud-native architectures, Dev Sec Ops , AI risk management, and regulated environments, with a proven ability to translate complex technical risks into actionable executive decisions.

What you will be responsible for

AI Security Architecture & Strategy

* Define and steward State Street's enterprise AI security architecture, including secure-by-default patterns for AI platforms, GenAI tooling, AI agents, and data pipelines.

* Establish architecture standards, guardrails, and reference designs for AI systems across cloud and on‑prem environments.

* Embed security, privacy, and compliance requirements directly into AI and software engineering lifecycle processes.

* Partner with Enterprise Architecture and Engineering to ensure AI security scales across product teams with minimal friction.

Threat Modeling & Defensible Design

* Establish and mature AI threat modeling practices, aligned to real-world attacker behavior and regulatory scrutiny.

* Lead identification and mitigation of AI‑specific risks including model abuse, data poisoning, OSS corruption, prompt injection, model inversion, and emerging adversarial AI threats.

* Drive defensible architecture decisions supported by measurable risk reduction and operational outcomes.

AI Enablement & Secure Delivery

* Integrate AI security into Dev Sec Ops  pipelines, automating preventative, detective, and responsive controls.

* Enable secure AI adoption through paved‑road platforms, automation, and architectural simplification.

* Partner with engineering teams to accelerate AI reviews and approvals through tooling and policy-as-code approaches.

Emerging Technology & Innovation

* Lead security architecture for emerging AI capabilities, including AI agents, automation frameworks, and developer assist tooling.

* Collaborate with crypto and platform teams on post‑quantum readiness considerations as they relate to AI systems and long-lived data.

* Continuously evaluate new AI security technologies and patterns to strengthen the firm's defensive posture.

Operational Excellence

* Drive data‑driven security architecture decisions, using metrics to identify risk concentration, architectural friction, and opportunities to reduce security burden.

* Ensure architecture standards align with and support regulatory expectations (FFIEC, NIST, ISO, NYDFS, GDPR, etc.).

* Contribute to incident response preparedness for AI‑related events, including misuse and systemic failures.

Executive & Stakeholder Engagement

* Serve as a trusted technical advisor to the CISO, CIO, architecture leadership, and senior engineering leaders.

* Deliver concise executive briefings on AI security posture, emerging risks, and architectural tradeoffs.

* Support regulatory, audit, and client discussions with credible, defensible technical narratives.

Team Leadership & Development

* Build and lead a high‑performing AI Security Architecture team.

* Act as a multiplier for security engineering, product security, and platform teams through coaching and architectural leadership.

* Foster a culture focused on customer trust, innovation, and continuous improvement.

What we value

These skills and traits will help you succeed in this role

* Deep technical credibility combined with executive‑ready communication skills.

* Strong bias toward automation, scale, and measurable outcomes.

* Ability to translate complex AI security risks into practical, business‑aligned decisions.

* Change agent mindset with a track record of…