IT / Information Security Risk / Security Analyst III (Gen AI OR AI Technologies)

The Opportunity: This role is part of the Information Risk team, within the Group Functions (GF) Information Technology First Line of Defense. The team is responsible for performing risk-based information security assessments for new technologies and maintaining governance frameworks specific to generative AI technologies, ensuring compliance with information security standards, and managing risks associated with cloud-based, on premises and AI-driven platform and services.

• Perform GF project and technology information risk assessments including assessing risks and defining controls as well as tracking the implementation of controls.
• Design, document and / or implement BAU security controls applicable to the cloud-based infrastructure, platform, and services; evaluate products for implementing security controls in the cloud or on-premises spaces.
• Conduct comprehensive assessments of generative AI projects, identifying and mitigating risks associated with AI-generated data and outputs.
• Develop and implement governance frameworks tailored to generative AI, ensuring alignment with global information risk assessment methodologies.
• Collaborate with cross-functional teams to integrate AI governance with existing processes such as architecture review, project risk management, and Business Continuity & Disaster Recovery.
• Manage priorities between tasks, ensuring timely delivery of governance assessments and updates.
• Participate in project meetings to advise on AI-specific risks and impacts, providing timely updates to stakeholders.
• Ensure each AI governance assessment is peer-reviewed for completeness before distribution to stakeholders.
• Provide regular updates to stakeholders on the status of AI governance assessments in progress or in the backlog.
• Support operational AI governance activities, including oversight of ongoing AI-specific security processes (e.g., incident response, vulnerability management).
• Provide training to key stakeholders on AI governance processes and best practices.
• Respond to audits, regulatory reviews, and risk assessments related to AI governance.
• Stay informed on emerging AI technologies, evolving threats, and opportunities within the AI governance discipline.

• 5+ years of experience in information security, with a focus on AI technologies and governance.
• Experience in IT / Information Risk management, particularly related to AI and data-driven projects.
• Deep knowledge of AI governance frameworks and relevant security standards.
• Familiarity with laws and standards related to AI (e.g., NIST, EU AI Act).
• Strong communication and influencing skills, with the ability to foster a culture of AI governance and risk management.
• Effective problem-solving and analytical skills, with an innovative approach to information security risk management and AI governance challenges.
• Strong presentation and facilitation skills for diverse audiences.
• Ability to build and maintain strong relationships across teams and stakeholders.
• Collaborative team player with excellent time management and organizational skills to handle multiple tasks and changing priorities.

• Understanding of the financial industry and its regulatory requirements is preferred.

• Degree in Computer Science, Information Technology, Data Science, Business Administration, or relevant educational and professional experience.

• Mid-Senior level

• Contract

• Finance