The Manager: AI Security Assurance is responsible for providing independent security assurance across the organization’s end-to-end Artificial Intelligence (AI) and Large Language Model (LLM) ecosystem. The role validates the security, resilience, and effectiveness of AI solutions, including machine learning models, Generative AI platforms, AI infrastructure, retrieval pipelines, APIs, inference endpoints, and supporting architectural components.

This is an independent testing and assurance role focused on evaluating AI security controls rather than implementing them. The incumbent conducts adversarial testing (AI red teaming), validates security controls, and provides evidence-based assurance that AI solutions are secure, resilient, compliant, and ready for production deployment.

Working closely with Information Security, Enterprise Architecture, AI Engineering, Data Science, Cloud Engineering, Product Teams, and Risk & Compliance functions, the role ensures AI solutions meet enterprise security standards and industry best practices.

Key Performance Areas (KPAs)

1. AI Security Assurance Strategy

• Develop and execute the enterprise AI and LLM security assurance strategy.
• Define security testing methodologies for AI platforms and applications.
• Establish risk-based assurance processes across the AI lifecycle.
• Ensure independent security validation before production deployment.

2. AI Red Teaming & Adversarial Testing

• Design and execute adversarial testing of AI and LLM solutions, including:
  • Prompt injection
  • Jailbreak testing
  • Prompt and data leakage
  • Training data poisoning
  • Model poisoning
  • Model extraction
  • Membership inference
  • Evasion attacks
• Conduct testing in alignment with recognized industry frameworks such as:
  • OWASP Top 10 for LLM Applications
  • MITRE ATLAS
• Continuously expand testing coverage to address emerging AI attack techniques.

3. End-to-End AI Security Validation

• Assess the security of the complete AI ecosystem, including:
  • AI models
  • AI gateways
  • API gateways
  • Retrieval-Augmented Generation (RAG) pipelines
  • Vector databases
  • Plugins
  • AI agents
  • Orchestration frameworks
  • Supporting cloud infrastructure
• Verify that AI security controls operate as designed and achieve defined control objectives.

4. AI Security Controls Assessment

• Validate the effectiveness of security controls, including:
  • Input validation
  • Output filtering
  • Guardrails
  • Content moderation
  • Authentication and authorization
  • API protection
  • Rate limiting
  • Secrets management
• Evaluate AI model robustness, resilience, safety, fairness, and bias mitigation.
• Benchmark AI implementations against recognized security and governance frameworks.

5. API & AI Infrastructure Security Testing

• Perform security testing of AI APIs and integration platforms, including:
  • Authentication
  • Authorization
  • Payload validation
  • Schema validation
  • API abuse protection
  • Secret and token management
• Assess AI platform infrastructure for vulnerabilities and security weaknesses.

6. AI Supply Chain & Model Assurance

• Conduct assurance reviews covering:
  • Model provenance
  • Dataset lineage
  • Third-party AI components
  • Foundation model risks
  • AI software supply chain security
• Verify the integrity and traceability of AI models and datasets.

7. Security Reporting & Assurance

• Produce independent AI security assessment reports.
• Document findings, risk ratings, and prioritized remediation recommendations.
• Track remediation activities and validate closure of identified security issues.
• Provide security readiness recommendations to architecture review boards and change governance forums.

8. AI Security Automation & Continuous Assurance

• Develop and maintain AI security test libraries and reusable testing methodologies.
• Implement automated AI security testing within CI/CD and DevSecOps pipelines.
• Continuously improve AI assurance processes to address evolving threats.

Governance

Security Governance

• Establish AI security assurance standards and testing methodologies.
• Participate in architecture governance, technology review boards, and change management forums.
• Monitor assurance performance through metrics including:
  • Number of AI solutions assessed before production deployment
  • Percentage of AI security controls validated
  • Critical vulnerabilities identified and remediated
  • AI environment coverage by security testing
  • Reduction in AI-related security incidents

Escalation Management

• Manage and resolve escalations relating to:
  • High-risk AI vulnerabilities
  • Security assurance findings
  • AI deployment readiness
  • Security exceptions
  • Risk acceptance decisions

Reporting

• Provide regular reporting to leadership on:
  • AI security assurance activities
  • Security testing results
  • Risk trends
  • Compliance status
  • Remediation progress
• Prepare ad hoc reports for executive management and strategic initiatives.

Budget Responsibilities

• Support planning and management of AI security testing platforms, assurance tooling, and associated operational and capital expenditure.