Lead - Cybersecurity Risk & Compliance

The Cybersecurity Risk & Compliance function is responsible for evaluating security and compliance risks within the organization. They set up security benchmarks, verify adherence to these standards across all internal sectors, and promote a culture of information security throughout the company.

As a member of our Cybersecurity Risk and Compliance team, youll play a pivotal role in fortifying our security measures, leveraging your expertise in various technologies, regulatory frameworks, and emerging domains such as Artificial Intelligence (AI). This position demands a proactive approach to risk management, security, automation, AI governance, and strategic collaboration with diverse stakeholders to elevate our security standards.

Role Expectation

• Drive the day-to-day activities about policy governance, control governance, risk, and compliance initiatives including emerging AI governance and responsible AI adoption initiatives.
• Enumerate cyber security and compliance risks and ensure they are managed appropriately across the products and business functions including risks arising from AI/ML systems, GenAI integrations, third-party AI services, and agentic workflows. Ensure the Product/ Functional team takes prudent risk ownership through active partnership and collaboration.
• Design and oversee the enforcement of policies and procedures based on industry-standard best practices, including AI governance policies covering model lifecycle management, AI data handling, and secure AI deployment practices.
• Provide contextual guidance to various internal teams in terms of processes and controls to improve the information security, AI governance, and compliance posture of the organization.
• Certify the readiness of the identified security frameworks and certifications by identifying & operationalizing the control requirements including AI-related frameworks such as ISO 42001, NIST AI RMF, and applicable AI regulatory requirements (e.g., EU AI Act where relevant).
  
• Responsible for reviewing and reporting the operating effectiveness of the controls and risk/loss exposure, including controls governing AI model security, data privacy in AI systems, prompt injection safeguards, and third-party AI usage.
• Drive continuous monitoring initiatives for the developed controls and develop reporting metrics, dashboards, and evidence artifacts periodically to be presented to the Leadership including metrics related to AI risk posture and governance maturity.
• Drive security awareness program throughout the year to effectively motivate desired behaviors & conduct regular training on security policy and standard requirements through training, communication, and workshops including responsible and secure use of AI tools across the organization.
• Be a role model for the team and provide a healthy platform for the team to learn and grow, including building awareness on emerging AI security and governance trends.
• Stay abreast of the developing regulatory concerns and changing information security trends, including evolving global AI governance and compliance requirements.

Qualifications

• 5 10 years of experience in the Risk & Compliance space, viz. Risk enumeration, defining security standards, and managing information security processes. Exposure to AI governance, model risk management, or AI security risk assessments is highly desirable.
• Work experience or conceptual understanding of the AWS cloud platform to define controls for the cloud environment and suggest best practices, including controls for AI/ML workloads hosted in cloud environments.

Looking to get Placed? Try our Placement Guarantee Plan

Get Hired
• Working experience or conceptual understanding of FAIR methodology risk assessments or Quantified risk assessments, including application to AI-related risks.
• Have a deep understanding of security control frameworks such as ISO27001, PCI DSS, HIPAA, SOC 1/2, NIST Cyber Security Framework, NIST800-171, and the Cloud Compliance Framework. Familiarity with AI governance frameworks such as ISO 42001 and NIST AI RMF is an added advantage.
• Understanding of AI/ML risk domains such as: Data leakage in training or inference, Prompt injection and model misuse, AI output reliability and hallucination risks, Bias and fairness considerations,Third-party AI and SaaS AI integrations
• Security certifications like CISA, CISSP, CRISC, and cloud security certifications will be highly desired. AI governance or AI risk-related certifications are a plus.
• Ability to gather, analyze, and evaluate facts and to prepare and present concise, detailed, and clear oral and written reports, including emerging AI risk themes.
• Ability to build relationships, influence others, instill accountability, and achieve results.
• Ability to thrive in a dynamic, fast-paced environment taking up multiple responsibilities, including rapidly evolving AI governance requirements.
• Excellent problem-solving, interpersonal, and communication skills.
• Be a team player and a go-getter and thrive for success.