Principal – AI Technology Risk
Early Warning · Chicago, IL · 6 days ago
EducationFull-time
About the role
Lead Artificial Intelligence Technology Risk 2LOD oversight and Challenge, with core accountability for AI Technology across EWS. This role operates under the Vice President of Technology Risk, and have responsibility for independent oversight, challenge, and governance of AI Technology Risk. The role is responsible for ensuring that AI Systems used across the organizations are governed consistently, responsibly, and in alignment with Technology policies and control expectations.
Responsibilities
- Provide oversight of AI risk assessments and governance decisions
- Identify, assess, and monitor IT and AI risks
- Review and challenge LLM usage and infrastructure
- Ensure AI Systems continue to meet internal and external regulatory expectations
- Support development and maintenance of IT AI policies
- Assess emerging AI technology prior to adoption
- Provide advisory on AI technology Risk and adoption
- Support challenging of KPI’s and KRI’s for IT and AI governance
- Exercise judgment in risk classification ambiguity and escalation decisions
- Ensure appropriate risk governance
- Create and manage the operating model for identifying and resolving security risks and posture drift
- Lead initiatives and strategies in support of the Security Posture Management program
- Own ensuring that business goals and risks are adequately addressed; collaborate and consult with enterprise cross-functional teams to maintain continuous awareness of the enterprise’s Security Posture and identify improvement opportunities
- Establish effective working relationships across the enterprise to foster a strong risk culture by supporting stakeholders in owning and managing their risks and controls
- Ensure controls are successfully designed and implemented to meet Compliance requirements and business objectives
- Manage relationships cross-functionally to integrate alignment with organizational strategies while addressing risk management needs
- Review new processes from a control's perspective
- Consult with process owners to design and implement new controls
- Improve risk and control environment by providing subject matter technical expertise on enhancing the design and effectiveness of Security’s control program while aligning with compliance and technical needs
- Develop, execute, and present the risk reporting framework ensure risk mitigation activities are performed timely
- Select appropriate metrics (KRI/KPI’s) to monitor adequacy and effectiveness of the control environment
- Monitor remediation efforts to closure, including review of supporting evidence
- Develop and enhance documentation and reporting standards to support oversight of the enterprise’s Security Posture and ensure consistent execution and coverage across the enterprise supported through a stakeholder-approved policy-driven governance program
- Supports the company's commitment to risk management and protecting the integrity and confidentiality of systems and data
Qualifications
- Experience operating in regulated environments
- Experience leveraging Technology such as Bedrock or others for compute of AI solutions
- Understanding of AI Systems governance and technology risk
- Experience with the security, regulatory, and privacy controls environment, and security governance, regulatory landscape, risk assessment, and risk management principles and techniques
- Advanced level experience with network security design and protection, application development, application security issues, operating system security, hardening standards and protection mechanisms
- Strong technical knowledge in the area of security tools, application security design and architecture; secure network design and architecture, server security, and workstation security
- Demonstrated advanced level experience with network security design and protection, application development, application security issues, operating system security, hardening standards and protection mechanisms
- Strong understanding and experience with Information technology systems and processes, network infrastructure, data architecture, data processes, protocols, and auditing and monitoring processes
- Strong understanding and experience with Cyber and cloud security standard frameworks, architecture, design, operations, controls, technology, solutions, and service orchestration
- Experience evaluating process and configurations for compliance with policies and regulations
- Respected subject matter expert with high level of integrity, effective interpersonal and communication skills, and executive presence
- Strong experience developing and tracking information security related KPIs and KRIs