AI Security Architect

Establish consistent, secure-by-design AI architecture standards so business units can adopt AI faster with fewer security exceptions, less rework, and stronger audit evidence (data handling, access, connectors/plugins, and logging).
Scope / Outcomes

• Standardize the AI control baseline:
  Publish enterprise AI security reference architectures and minimum control requirements (identity/access, data classification/handling, encryption/key management, network controls, and logging/monitoring).
• Define enforceable guardrails:
  Establish auditable standards for approved AI tools and integrations (configuration baselines, connector/plugin approval, least privilege, DLP/output handling, retention, and acceptable use).
• Reduce design risk early:
  Lead architecture and threat-model reviews for priority AI use cases and vendors; embed requirements into delivery checkpoints and ensure CSOC/IR telemetry and response readiness.

• Publish the AI security reference architecture and minimum control standard with clear intake/review checkpoints used by delivery teams.
• Implement a repeatable connector/plugin/integration review process and configuration baseline for approved AI tools.
• Complete reviews for prioritized AI use cases/vendors and drive remediation of key gaps (logging, permissions, data handling).
• Maintain standards, review artifacts, logging requirements, and documented risk decisions to support audit and compliance needs.

Key Stakeholders / Dependencies
Enterprise Architecture (standards and patterns), ITSO and delivery teams (implementation and SDLC integration), Data Governance and Privacy (classification, retention, and sensitive data handling), IAM (access models and privileged pathways), Vendor Risk/TPRM and Procurement (AI vendor assessments and contracting requirements), CSOC/IR (telemetry and operational readiness), Legal/Compliance/Audit (regulatory and evidence needs), and business owners sponsoring AI use cases.
Key Skills

Security architecture leadership and governance experience establishing enterprise standards and driving adoption across delivery teams.
Deep IAM/data protection fundamentals with practical understanding of genAI components (tools, integrations/connectors, data sources, prompts/outputs) and associated risks.