Principal – AI Technology Risk
About the role
Lead Artificial Intelligence Technology Risk 2LOD oversight and Challenge, with core accountability for AI Technology across EWS. This role operates under the Vice President of Technology Risk, and have responsibility for independent oversight, challenge, and governance of AI Technology Risk.
This role ensures that AI Systems used across the organization are governed consistently, responsibly, and in alignment with Technology policies and control expectations. It includes working closely with member teams to assess, approve, monitor, and continuously improve AI usage. This position supports the enterprise-wide Information Security program as a trusted technical advisor by empowering team members to make risk-aware decisions in accordance with Early Warning’s compliance, regulatory and departmental policy and procedures.
Responsibilities
- Provide oversight of AI risk assessments and governance decisions
- Identify, assess, and monitor IT and AI risks
- Review and challenge LLM usage and infrastructure
- Ensure AI Systems continue to meet internal and external regulatory expectations
- Support development and maintenance of IT AI policies
- Absorb and assess emerging AI technology prior to adoption
- Advise on AI technology Risk and adoption
- Support challenging of KPI’s and KRI’s for IT and AI governance
- Exercise judgment in risk classification ambiguity and escalation decisions
- Ensure appropriate risk governance
- Create and manage the operating model for identifying and resolving security risks and posture drift
- Lead initiatives and strategies in support of the Security Posture Management program
- Own ensuring that business goals and risks are adequately addressed; collaborate and consult with enterprise cross-functional teams to maintain continuous awareness of the enterprise’s Security Posture and identify improvement opportunities
- Establish effective working relationships across the enterprise to foster a strong risk culture by supporting stakeholders in owning and managing their risks and controls
- Ensure controls are successfully designed and implemented to meet Compliance requirements and business objectives
- Manage relationships cross-functionally to integrate alignment with organizational strategies while addressing risk management needs
- Review new processes from a control's perspective
- Consult with process owners to design and implement new controls
- Improve risk and control environment by providing subject matter technical expertise on enhancing the design and effectiveness of Security’s control program while aligning with compliance and technical needs
- Develop, execute, and present the risk reporting framework ensure risk mitigation activities are performed timely
- Select appropriate metrics (KRI/KPI’s) to monitor adequacy and effectiveness of the control environment
- Monitor remediation efforts to closure, including review of supporting evidence
- Develop and enhance documentation and reporting standards to support oversight of the enterprise’s Security Posture and ensure consistent execution and coverage across the enterprise supported through a stakeholder-approved policy-driven governance program
- Supports the company's commitment to risk management and protecting the integrity and confidentiality of systems and data
Requirements
Experience operating in regulated environments
Experience leveraging Technology such as Bedrock or others for compute of AI solutions
Understanding of AI Systems governance and technology risk
Bachelor’s degree in computer science, Information Technology, Cyber Security, or related field
15+ years of progressive related information technology or information security work experience with various types of information security-related technologies including firewalls, IDS, vulnerability management, anti-virus, data loss prevention, two factor authentication, and VPN
3+ years of experience with the security, regulatory, and privacy controls environment, and security governance, regulatory landscape, risk assessment, and risk management principles and techniques
Advanced level experience with network security design and protection, application development, application security issues, operating system security, hardening standards and protection mechanisms
Strong technical knowledge in the area of security tools, application security design and architecture; secure network design and architecture, server security, and workstation security
Demonstrated advanced level experience with network security design and protection, application development, application security issues, operating system security, hardening standards and protection mechanisms
Certification in one of CISA, CISM, CISSP, CCSP, CRISC, GSNA, CGIH, or equivalent
Expertise in ISO 27002, PCI DSS 3.2 or current, NIST 800-53a, SIG, FFIEC handbooks, SOC2 Type II, GLBA, FCRA, NYDFS, data privacy
Project or Process management experience
Qualifications
Expertise in ISO 27002, PCI DSS 3.2 or current, NIST 800-53a, SIG, FFIEC handbooks, SOC2 Type II, GLBA, FCRA, NYDFS, data privacy
Certification in one of CISA, CISM, CISSP, CCSP, CRISC, GSNA, CGIH, or equivalent
Project or Process management experience
Skills
Strong technical knowledge in the area of security tools, application security design and architecture; secure network design and architecture, server security, and workstation security
Advanced level experience with network security design and protection, application development, application security issues, operating system security, hardening standards and protection mechanisms
Certification in one of CISA, CISM, CISSP, CCSP, CRISC, GSNA, CGIH, or equivalent
Expertise in ISO 27002, PCI DSS 3.2 or current, NIST 800-53a, SIG, FFIEC handbooks, SOC2 Type II, GLBA, FCRA, NYDFS, data privacy
Project or Process management experience
Benefits
Healthcare Coverage – Competitive medical (PPO/HDHP), dental, and vision plans as well as company contributions to your Health Savings Account (HSA) or pre-tax savings through flexible spending accounts (FSA) for commuting, health & dependent care expenses.
401(k) Retirement Plan – Featuring a 100% Company Safe Harbor Match on your first 6% deferral immediately upon eligibility.
Paid Time Off – Flexible Time Off for Exempt (salaried) employees, as well as generous PTO for Non-Exempt (hourly) employees, plus 11 paid company holidays and a paid volunteer day.
12 weeks of Paid Parental Leave Maven Family Planning – provides support through your Parenting journey including egg freezing, fertility, adoption, surrogacy, pregnancy, postpartum, early pediatrics, and returning to work.
And SO much more!