AI Security & Risk Analyst

Reporting to: Group Director of Information Security

Team: Information Security

Location: Hybrid

To own AI security and risk at Citation Group. Getting deep into how AI systems, integrations, and agentic workflows are built, connected, and exposed, and ensuring that what gets deployed is safe, understood, and controlled.

The successful candidate will have genuine technical curiosity about how AI systems work under the hood, the security instinct to identify what could go wrong, and the confidence to act on their findings with senior stakeholders.

This role sits at the frontier of an emerging discipline. It will suit someone who thrives on the pace of change, and who wants to build deep expertise in AI security as the field develops.

• Lead and perform security and risk assessments across all AI use cases, including new tools, workflows, agentic systems, and platform integrations, assessing each against the company's risk framework. Risk assessing AI integrations requires technical depth and will form the core of the role.
• Develop and maintain a deep working understanding of how MCP servers, API connections, permission scopes, and agentic frameworks function in practice, and what each means for data exposure, privilege escalation, and system integrity.
• Assess the attack surface introduced by AI integrations, including prompt injection vectors, tool misuse in agentic pipelines, and unintended data flows across connected systems.
• Work from minimal information provided by requesters, proactively identifying the right questions to ask and the right evidence to seek, to produce actionable, proportionate risk assessments.
• Read and interrogate vendor security documentation, API specifications, and integration architecture diagrams independently, without reliance on the requester to interpret them.
• Manage identified risks through to treatment, working with relevant teams to design and implement controls.

• Assess the specific risks introduced by large language models and agentic AI systems, including prompt injection, jail breaking, indirect prompt injection via external data sources, and unintended tool invocation.
• Evaluate agentic workflows for excessive permissions, insufficient human oversight, and potential for uncontrolled action chains.
• Stay current with the evolving LLM and agentic threat landscape, bringing emerging attack patterns into the risk assessment process as they develop.

• Maintain an accurate and current AI asset register, with clear visibility of what is deployed across the group, by whom, and for what purpose.
• Proactively identify shadow AI deployments and ungoverned integrations using available tooling and assess the risks they present.
• Recognise that the risk profile of deployed tools can change as vendors release updates and new capabilities, and ensure all new risks are reviewed and treated.

• Include operational readiness as a component of AI risk assessment, ensuring that the continued support, maintenance, monitoring, and ownership of new AI solutions are considered before deployment.
• Work with the AI team and IT Service Desk to ensure AI security and risk considerations are factored into service transition planning.

• Serve as the subject matter expert on AI security and risk within the AI Governance Committee, providing technical input and challenge to ensure decisions are grounded in an accurate understanding of risk.
• Translate technical findings into clear, actionable guidance that non-technical stakeholders can act on.
• Contribute to the AI policy, ensuring it reflects the current threat and integration landscape rather than theoretical risk.
• Support the translation of regulatory developments, including the EU AI Act, ICO guidance, and ISO 42001, into practical governance actions.

• Technical Security Background: A solid technical foundation with hands‑on experience assessing the security of systems, integrations, and APIs. Comfortable reading API documentation, vendor security disclosures, and integration architecture diagrams independently. Able to…