Principal Information Security Risk Management - AI
About the role
The Principal Information Security Risk Management, AI role at Early Warning is responsible for ensuring enterprise-wide GenAI, Agentic AI, LLMs, and ML security programs are effective, risk-aligned, and defensible. This role provides independent risk-based governance within a Three Lines of Defense (3LOD) model, ensuring GenAI and agent-based systems are secure, trustworthy, and aligned to risk appetite and regulatory expectations. The position partners closely with engineering, data science, product, and AI platform teams, acting as a credible challenger—not an operator.
Responsibilities
- Provide independent challenge and oversight of GenAI and agentic AI systems across design, deployment, and operation
- Define and maintain AI security policies, standards, and control requirements for LLMs, prompt-based systems, and autonomous agents
- Perform control validation and effectiveness testing across: Prompt handling and injection resistance, Model outputs and hallucination risk controls, Agent autonomy, decision boundaries, and tool use, Data access, grounding, and retrieval-augmented generation (RAG) pipelines
- Assess and challenge risks related to: Prompt injection and jailbreak attacks, Data leakage through prompts, outputs, or embeddings, Model misuse, abuse, and unintended actions by agents, Third-party models such as MCP, APIs, and supply chain dependencies
- Deliver risk-based reporting and insights on GenAI/agentic risks, control gaps, and systemic weaknesses
- Oversee AI platforms, orchestration frameworks, and tooling to ensure secure configuration and governance
- Partner with First Line teams, Risk, Compliance, Legal, and Audit to ensure alignment with internal policies and emerging regulatory expectations
- Support regulatory exams and internal audits as the AI Security Second Line SME
Qualifications
- Typically 15+ years of progressive IT experience with 8+ years in Information Security
- Strong understanding of LLM architectures, prompt engineering, and RAG patterns, Agentic AI systems, orchestration frameworks, and tool integrations, Common GenAI risks (prompt injection, data exfiltration, hallucinations, model misuse)
- Experience operating in a Three Lines of Defense model and/or regulated environment (financial services preferred)
- Ability to translate complex technical risks into business impact and executive-level insights
- Familiarity with frameworks such as NIST AI RMF, ISO/IEC 42001, and emerging GenAI guidance
- Understanding of secure AI development practices and model governance
- Background in risk management, audit, or control validation
- Background and drug screen
Benefits
Base Pay Scale: $184,000 - $230,000 in Phoenix, AZ/Chicago, IL/Washington, DC; $221,000 - $276,000 in New York, NY/San Francisco, CA. Additional benefits include healthcare coverage, a 100% Company Safe Harbor Match on your first 6% deferral, flexible time off, 12 weeks of Paid Parental Leave, Maven Family Planning, and more. Early Warning Services takes into consideration a variety of factors when determining a competitive salary offer, including, but not limited to, the job scope, market rates and geographic location of a position, candidate's education, experience, training, and specialized skills or certification(s) in relation to the job requirements and compared with internal equity (peers).