AI Security Governance Architect | JobSetuu

Description

Job Overview

• Source: Jobicy

Job Description

Mission

Support the client’s AI Security Governance Program by defining, operationalizing and continuously improving the cybersecurity control framework for AI, GenAI and agentic AI use cases. The role will work with security, architecture and business teams to ensure AI initiatives are registered, assessed, governed and secured across their lifecycle.

The profile will act as the cybersecurity subject matter expert for AI governance, complementing the project manager and helping translate AI-related risks into practical controls, processes, requirements, evidences and decision criteria.

Key Responsibilities

1. AI security governance framework

Define and mature the security governance model for AI systems, including intake, registration, risk classification, control mapping, approvals, exceptions, monitoring and periodic reassessment.

Align the governance model with recognized frameworks such as NIST AI RMF, NIST Generative AI Profile, ISO/IEC 42001, OWASP Top 10 for LLM Applications, and local relevant ruling as EU AI Act obligations where applicable. NIST’s GenAI Profile was released to help organizations manage unique generative AI risks; ISO/IEC 42001 provides a structured AI management system standard; OWASP tracks LLM-specific risks such as prompt injection, insecure output handling, data poisoning and supply-chain vulnerabilities.

2. AI use case risk assessment

Assess AI and GenAI use cases from a cybersecurity perspective, covering:

• Access control and identity context
• Agentic AI permissions and tool execution
• Logging, monitoring and incident response
• Model exposure and misuse risk
• Prompt injection and indirect prompt injection
• Sensitive data leakage
• Data classification and data residency
• Model supply chain and third-party AI services
• Human oversight and approval workflows
• Security-by-design requirements for AI applications

3. Control design and operationalization

Translate risks into practical security controls, including policies, technical requirements, architecture patterns, guardrails, evidence requirements, control owners and acceptance criteria.

The role should be able to define what “good” looks like for different AI patterns: internal copilots, M365 Copilot, custom GenAI apps, RAG systems, AI agents, vendor AI features, ML models and low-code/no-code AI automations.

4. Tooling integration and control mapping

Work with existing tools such as HiddenLayer, Sentra, Zenity and the AI registration/control tower process to ensure the governance model is not theoretical.

Expected activities include:

• Mapping tool capabilities to governance controls
• Defining required data fields in the AI registry
• Establishing dashboards and control evidence
• Identifying gaps between tooling coverage and policy expectations
• Supporting integration with GRC, CMDB, DLP, IAM, SIEM/SOC, cloud security and data governance processes

6. Deliverables

Typical deliverables should include:

• AI control framework
• AI use case classification model
• Security requirements for AI/GenAI projects
• AI security architecture patterns
• AI registry/control tower data model recommendations
• Tooling-to-control mapping
• Exception and risk acceptance process
• KPI/KRI dashboard proposal
• Security review templates
• AI security awareness material for project teams
• Roadmap for maturity improvement

Requirements

Must have:

8+ years in cybersecurity, with strong experience in security governance, security architecture, risk management or AppSec/CloudSec.

Real understanding of AI/GenAI security risks, especially LLM application risks, prompt injection, data leakage, model supply chain, AI agent permissions, RAG security, model/API exposure and third-party AI usage.

Ability to build governance that works operationally, not just policy documents. This is important: Nestlé likely does not need someone to explain that AI is risky; they need someone who can help make the program executable.

Experience with enterprise control frameworks

Excellent documentation and communication skills, with the ability to produce executive-ready material and technical control definitions.

Strongly desirable:

Experience with one or more of:

• AI governance programs
• AISPM Experience
• GenAI application security reviews
• M365 Copilot / enterprise copilots
• AI agent governance
• ML/LLM model risk management
• Data Security Posture Management
• Cloud security architecture
• Secure SDLC / DevSecOps
• Third-party AI vendor risk
• GRC tooling and control evidence automation
• SOC monitoring for AI-related threats

Experience with tools such as HiddenLayer, Sentra, Zenity, Wiz, Microsoft Purview, Defender, CSPM/CWPP, DLP, SIEM/SOAR, cloud-native security tooling or GRC platforms would be valuable.

Certifications / knowledge:

Useful but not mandatory:

• CISSP, CISM, CRISC or equivalent
• Cloud security certifications: AWS, Azure, GCP, CCSP
• AI governance / AI risk training
• Privacy knowledge: GDPR, DPIA, data classification
• Familiarity with EU AI Act requirements for deployers of high-risk AI systems, including governance, monitoring, human oversight and logging obligations where applicable.

Benefits

• Salary determined by the market and your experience

• Flexible schedule 35 Hours / Week
• Fully remote work (optional)
• Flexible compensation (restaurant, transport, and childcare) ✌
• Fully free health insurance, with a co-payment for dental services
• Individual budget for training or equipment and free Microsoft certifications
• English lessons
• Birthday day off
• Monthly bonus for electricity and Internet expenses at home
• Discount on gym plan and sports activities
• Plain Camp (annual team-building event)
• Extra perks: events attendance and speakers, welcome pack, baby basket, Christmas basket, discount portal for employees ➕ The pleasure of always working with the latest technological tools!

Will you let us know you better?

The selection process: Simple, just 3 steps.

• Phone screen
• 2 interviews with the team

What is Plain Concepts?

Plain Concepts is a global company of over 500 people passionate about technology and innovation. Since our founding, we have grown through technical proficiency and confidence in ideas that others might consider risky, creating custom solutions for our clients. With offices in more than 6 countries, our mission is to continue to drive cuttingedge projects around the world.

We are highly committed to technical excellence. We are known for developing highly customized projects, offering specialized technical consultancy and training.

Thanks to the great work of our technicians, we have been recognized for our ability to lead innovative projects that generate value, from artificial intelligence to blockchain, driving solutions that help companies optimize their performance.

What we do at Plain Concepts?

We pride ourselves on being a 100% technical team, dedicated to crafting custom projects from scratch, offering expert technical consultancy, and providing top-tier training.

• Our approach goes beyond traditional outsourcing; we focus on creating value together with our clients.
• Our teams are diverse and multidisciplinary, operating in a flat, collaborative structure.
• We live and breathe AGILE principles, ensuring flexibility and efficiency in everything we do.
• Knowledge-sharing is at our core: from supporting each other internally to contributing to the broader tech community through conferences, events, and talks.
• Innovation drives us — even the boldest ideas are welcome here.
• Transparency underpins all our relationships, fostering trust and long-term partnerships.

Want to learn more?

Check out our website! ➡ https://www.plainconcepts.com/

At Plain Concepts, we certainly seek to provide equal opportunities. We want diverse applicants regardless of race, colour, gender, religion, national origin, citizenship, disability, age, sexual orientation, or any other characteristic protected by law.

Expert Career Tips for AI Security Governance Architect Roles

To succeed in a competitive market as a AI Security Governance Architect, you need more than just technical skills. Here are some expert strategies to elevate your profile:

• Build a Strong Portfolio: For technical roles, a clean GitHub or a personal project site is essential. For non-technical roles, a case study portfolio demonstrating problem-solving and impact is equally valuable. Show, don't just tell, what you have achieved in your previous positions.
• Master the Narrative: When interviewing, use the STAR method (Situation, Task, Action, Result) to structure your answers. Quantify your results wherever possible—mentioning "increased efficiency by 20%" is much more impactful than saying "improved efficiency."
• Continuous Learning: The industry moves fast. Whether it's staying updated with the latest AI tools or mastering a new management methodology, continuous professional development is key. Consider obtaining industry-recognized certifications that align with AI Security Governance Architect requirements.
• Networking: Connect with other professionals in similar roles. Join online communities, attend webinars, and engage in meaningful discussions on professional social networks. Often, the best opportunities come through referrals and community engagement.
• Soft Skills Matter: Communication, empathy, and leadership are often the deciding factors between two equally qualified technical candidates. Cultivate these skills as they are universally valued across all industries and seniority levels.

Additionally, research the specific company's culture and values. Tailoring your application to show how you align with their mission can significantly increase your chances of moving forward in the process.

Salary & Compensation

Salary not disclosed; typically competitive for the role.

Work Arrangement

Type: On-Site

Standard business hours at the office.

Comprehensive Application Strategy & Hiring Process

Applying for a new role is a marathon, not a sprint. Follow this strategic approach to maximize your success rate:

1. Initial Research & Tailoring

Don't send the same resume to every employer. Spend at least 30 minutes researching the company. Look for recent news, their product roadmap, and their team structure. Modify your summary and core competencies to reflect the specific keywords found in the job description.

2. The Perfect Cover Letter

If the application allows for a cover letter, use it to tell a story that your resume cannot. Explain why you are passionate about this specific company and how your unique background makes you the perfect fit for the challenges they are currently facing.

3. Navigating the Multi-Stage Interview

Most modern hiring processes involve 3-5 stages. This typically includes a recruiter screen, a technical or skill-based assessment, a peer interview, and a final leadership round. Prepare for each stage differently: focus on enthusiasm and fit for the recruiter, technical depth for the assessment, and strategic vision for the leadership round.

4. Post-Interview Follow-Up

Always send a personalized thank-you note within 24 hours of each interview. Reference a specific topic discussed during the call to demonstrate your active listening and genuine interest in the role.

By following these steps, you demonstrate a high level of professionalism and attention to detail that sets you apart from the average applicant.

Typical Interview Process

1. Resume screening
2. HR call
3. Skill interview
4. Final manager interview
5. Offer

Tip: Research the company's products and culture.

Global Market Intelligence & Relocation Insights

At JobSetuu, we specialize in helping talent navigate the global job market. Here is what you need to know about the current landscape in Global and beyond:

The demand for skilled professionals is increasingly borderless. For roles based in Global, understanding the local cost of living, visa requirements (if applicable), and cultural nuances is vital. If this is a remote role, consider the time zone alignment and the asynchronous communication culture of the hiring organization.

Relocation Support: Many forward-thinking companies offer relocation packages that include moving stipends, temporary housing, and legal assistance with work permits. When evaluating an offer, look beyond the base salary—consider the total compensation package, including equity, bonuses, and healthcare benefits.

Work-Life Balance Trends: Hybrid and remote work have become standard in many regions. Research the local labor laws and common practices regarding work hours and vacation time to ensure the role aligns with your lifestyle goals.

Leveraging JobSetuu's tools can help you compare salaries across different cities and understand the "purchasing power" of your potential offer, ensuring you make an informed decision for your long-term career path.

Skills & Competency Roadmap for Professional Development

To remain competitive in Professional Development, we recommend focusing on the following core competencies over the next 12-18 months:

• Technical Mastery: Deepen your expertise in the core tools and languages relevant to your field. For developers, this might be cloud architecture; for marketers, it might be data-driven attribution modeling.
• AI Augmentation: Learn how to leverage generative AI and automation tools to increase your productivity. Understanding how to integrate these technologies into your workflow is becoming a non-negotiable skill.
• Leadership & Strategy: Even in individual contributor roles, the ability to think strategically and lead projects from inception to completion is highly valued. Focus on stakeholder management and high-level project planning.
• Data Literacy: The ability to interpret data and use it to drive decisions is essential across all business functions. Familiarize yourself with data visualization and basic analytical concepts.

By investing in these areas, you not only prepare yourself for the role you are applying for today but also build a resilient foundation for the opportunities of tomorrow.

Apply via JobSetuu

Discover your next career milestone on JobSetuu. This AI Security Governance Architect position is part of our commitment to bringing you the most relevant and high-impact job openings globally. At JobSetuu, we simplify your job search by aggregating premier listings and providing the tools you need to stand out. Don't miss the chance to elevate your professional journey—explore more opportunities and career insights on our platform today.