Principal Information Security Risk Management - AI
About the role
The Principal Information Security Risk Management, AI role at Early Warning is responsible for ensuring enterprise-wide GenAI, Agentic AI, LLMs, and ML security programs are effective, risk-aligned, and defensible. This role provides independent risk-based governance within a Three Lines of Defense (3LOD) model, ensuring GenAI and agent-based systems are secure, trustworthy, and aligned to risk appetite and regulatory expectations. The position partners closely with engineering, data science, product, and AI platform teams, acting as a credible challenger—not an operator.
Responsibilities
- Provide independent challenge and oversight of GenAI and agentic AI systems across design, deployment, and operation
- Define and maintain AI security policies, standards, and control requirements for LLMs, prompt-based systems, and autonomous agents
- Perform control validation and effectiveness testing across: Prompt handling and injection resistance, Model outputs and hallucination risk controls, Agent autonomy, decision boundaries, and tool use, Data access, grounding, and retrieval-augmented generation (RAG) pipelines
- Assess and challenge risks related to: Prompt injection and jailbreak attacks, Data leakage through prompts, outputs, or embeddings, Model misuse, abuse, and unintended actions by agents, Third-party models such as MCP, APIs, and supply chain dependencies
- Deliver risk-based reporting and insights on GenAI/agentic risks, control gaps, and systemic weaknesses
- Oversee AI platforms, orchestration frameworks, and tooling to ensure secure configuration and governance
- Partner with First Line teams, Risk, Compliance, Legal, and Audit to ensure alignment with internal policies and emerging regulatory expectations
- Support regulatory exams and internal audits as the AI Security Second Line SME
Qualifications
- Typically 15+ years of progressive IT experience with 8+ years in Information Security
- Strong understanding of LLM architectures, prompt engineering, and RAG patterns, Agentic AI systems, orchestration frameworks, and tool integrations, Common GenAI risks (prompt injection, data exfiltration, hallucinations, model misuse)
- Experience operating in a Three Lines of Defense model and/or regulated environment (financial services preferred)
- Ability to translate complex technical risks into business impact and executive-level insights
- Familiarity with frameworks such as NIST AI RMF, ISO/IEC 42001, and emerging GenAI guidance
- Understanding of secure AI development practices and model governance
- Background in risk management, audit, or control validation
- Background and drug screen
Pay
The base pay scale for this position in Phoenix, AZ/ Chicago, IL / Washington, DC in USD per year is: $184,000 - $230,000.
The base pay scale for this position in New York, NY/ San Francisco, CA in USD per year is: $221,000 - $276,000.
Additionally, candidates are eligible for a discretionary incentive plan and benefits.