The Manager: Information Security – AI is responsible for designing, implementing, and maintaining security controls that protect Artificial Intelligence (AI) platforms, Machine Learning (ML) systems, Generative AI solutions, data pipelines, and AI-enabled products across the organization.

The role ensures AI technologies are developed and operated using secure-by-design principles while maintaining compliance with information security policies, regulatory requirements, and industry best practices. Working closely with Information Security, AI Engineering, Data Science, Cloud Engineering, Product Management, Risk, Compliance, and Legal teams, the role safeguards AI solutions against emerging cyber threats and adversarial attacks while enabling secure innovation.

Key Performance Areas (KPAs)

1. AI Security Governance

• Support the implementation and continuous improvement of the organization’s AI security governance framework.
• Embed AI security requirements into enterprise security standards, policies, procedures, and product delivery processes.
• Participate in governance committees and collaborate with Risk, Legal, Privacy, Procurement, and Information Security teams on AI security requirements.
• Maintain AI security control objectives, assurance frameworks, and compliance reporting aligned with enterprise information security standards.

2. AI Security Strategy & Architecture

• Implement AI security standards aligned with enterprise cybersecurity architecture and recognized security frameworks.
• Promote secure-by-design principles throughout the AI lifecycle, including:
  • Data collection
  • Model development
  • Training
  • Evaluation
  • Deployment
  • Operations
• Define secure architecture patterns for:
  • AI platforms
  • MLOps environments
  • Model-serving infrastructure
  • Cloud-native AI solutions

3. Generative AI & Large Language Model (LLM) Security

• Implement security controls for Generative AI solutions, including:
  • Prompt security
  • Input and output validation
  • Data Loss Prevention (DLP)
  • Access management
  • Usage monitoring
• Support governance and approval processes for AI model access, deployment, and sensitive data usage.
• Implement monitoring and security controls to prevent unauthorized access, misuse, and information leakage.

4. Adversarial AI & Model Security

• Conduct AI threat modelling to identify security risks throughout the AI lifecycle.
• Support adversarial robustness testing, including:
  • Prompt injection
  • Data poisoning
  • Model evasion
  • API abuse
• Participate in AI security assessments and red-team exercises.
• Monitor deployed AI models for abnormal behavior, drift, manipulation, or compromise.

5. Secure MLOps & Data Protection

• Implement secure MLOps practices, including:
  • Secure CI/CD pipelines
  • Model integrity validation
  • Secure model registries
  • Artifact protection
  • Authentication and authorization controls
• Protect training, testing, and validation datasets.
• Ensure secure data ingestion, storage, processing, and access throughout AI development.

6. AI Security Monitoring & Incident Response

• Integrate AI platforms with enterprise security monitoring solutions.
• Develop monitoring capabilities for AI workloads, data pipelines, and model-serving environments.
• Support incident response activities involving AI systems, including:
  • Investigation
  • Containment
  • Digital forensics
  • Recovery
  • Model integrity verification
• Continuously improve AI-specific incident response procedures.

7. Risk, Compliance & Policy Management

• Ensure AI security controls comply with organizational policies and applicable regulatory requirements.
• Align AI security practices with recognized standards such as:
  • ISO/IEC 27001
  • ISO/IEC 27701
  • ISO/IEC 42001
  • NIST AI Risk Management Framework
  • GDPR
  • Other applicable privacy and security regulations
• Support AI risk assessments, control testing, and assurance activities.
• Conduct security reviews of third-party AI platforms, cloud providers, and technology vendors.

8. AI Platform & Product Enablement

• Partner with Product, Engineering, Cloud, and AI teams to integrate security controls into AI-enabled products and services.
• Promote privacy-by-design and secure-by-design principles throughout solution development.
• Develop secure reference architectures and reusable security patterns for common AI implementations.

9. Security Capability Development & Reporting

• Deliver awareness and training programs on AI security, secure AI development, and responsible AI practices.
• Monitor and report AI security performance using key metrics, including:
  • Security compliance
  • AI risk posture
  • Security incidents
  • Vulnerability remediation
  • Security assessment coverage
• Support implementation and administration of AI security technologies, including:
  • Security posture management
  • Model integrity verification
  • Content safety controls
  • Secrets management
  • AI governance and monitoring tools