AI Security Senior Architect

We are currently recruiting for an AI Security Senior Architect to join our London office.

The Information Security team is a strategic enabler for our global law firm, focused on protecting client data, intellectual property, and business operations while enabling secure innovation. Through four key pillars – Digital Trust, Technical Assurance, Security Operations, and Governance, Risk and Compliance (GRC) – the team delivers comprehensive security solutions that align with our firm’s strategic objectives as well as client and regulatory requirements.

Our integrated approach combines secure‑by‑design principles relying on Identity and Access Management, Technical Assurance, continuous monitoring and incident response through Security Operations, and proactive risk management through GRC. Working closely with the Markets Innovation Group (MIG) and Fuse, the firm’s legal‑tech incubator, we ensure emerging technologies and our innovative generative‑AI‑powered tool are implemented securely while maintaining the confidentiality, integrity and availability of our systems and data. This collaborative model allows us to stay ahead of evolving threats while supporting the firm’s digital transformation initiatives and maintaining the trust of our clients and stakeholders.

The AI Security Senior Architect will be part of the Digital Trust team and will be responsible for architecting, maintaining and implementing the security of the Artificial Intelligence ecosystem in the organization. The position will be accountable for the security of the firm’s flagship AI product – ContractMatrix – as well as the security of the individual AI workloads.

This role is critical in translating the organisation’s Digital Trust vision into a workable, mature and optimised function and service. It requires extensive experience across all Identity and Access Management core disciplines, including identity management, identity governance and administration, privileged access, and conditional access – and in particular machine identities. It also requires deep technical skills in the DevSecOps space.

This role will support the transformation of IAM into a modern, automated, predictable and customer‑oriented function. The ideal candidate will excel at Microsoft Entra ID technologies, Microsoft Azure, workload identities, managed accounts, machine identity management, and translating identified requirements into practical identity architecture and design.

• Leverage extensive knowledge and experience across all IAM disciplines to design, implement and continuously improve the portions of the organisational IAM architecture relating to AI workload identities.
• Work with the firm’s strategic technology partners in evaluating concepts to secure AI workloads, working towards the selection of the platform and architecture for securing them in the future.
• Influence and evaluate the decisions on the wider IAM components: directory, identity, privileged access, entitlements management to accommodate AI workloads into a coherent identity ecosystem.
• Configure and maintain technologies that support the IAM function and AI security such as Active Directory, Entra ID Privileged Identity, Privileged Access, and Governance; Conditional Access Policies (for AI IDs); CyberArk, Palo Alto’s XSIAM and XSOAR platforms.
• Design and transition AI IAM service components into operation – operational manuals, support patterns, standard changes, request management.

• Work alongside the ContractMatrix product team to ensure that the solutions are designed securely from an access‑management perspective and that AI governance is adhered to.
• Integrate security into the SDLC from the ground up, ensuring AI models and systems are secure by default.
• Define and enforce secure coding practices for AI/ML components and APIs.
• Identify and assess threats specific to AI systems, such as model inversion, data poisoning, adversarial attacks, and model theft.
• Implement model encryption and access controls to prevent unauthorized use or tampering.
• Provide training and guidance to development teams on AI security risks and mitigations.
• Work on internal and external audits and implement findings against ISO 27001 and ISO 42001 security standards.
• Collaborate with Client Audit, GRC and product teams in responding to client audit requests as they relate to AI use at the firm.
• Perform detailed security analysis of application architectures to provide assurance.
• Understand threat modelling and participate in major incident responses with IAM and AI components.
• Review and approve the IAM components of solution designs.
• Collaborate with cloud infrastructure teams to implement IAM and AI security design patterns.
• Ensure AI security controls are appropriately implemented in our environment and align with NIST and CIS benchmarks.
• Validate effectiveness of implemented security controls through technical analysis.
• Perform residual IAM risk assessments and document acceptance/rejection rationale.
• Scope and manage AI security testing, including penetration tests and Red Teaming, and lead remediation activities.
• Work closely with the wider Information Security team to ensure compliance, assurance, risk management, monitoring and other operational requirements related to IAM and AI are met. Ensure the IAM service follows and complies with IT and Information Security policies and regulatory standards.
• Work closely with relevant vendors to ensure optimised use of supplied technologies and professional services.
• Serve as an escalation point for issues of non‑compliance related to AI security, PAM, IAM and IGA policies and processes.

• Provide leadership and structured mentorship to identity and access management staff and AI platform teams and supporting their technical development.
• Oversee the design and management of the on‑call support structure, ensuring appropriate coverage, escalation paths, and minimal disruption to business operations.
• Influence key senior stakeholders in adopting best practices for secure AI use in the firm.

• Minimum of 10 years’ experience in working with Microsoft identity products, namely Active Directory and Entra ID.
• Minimum of 7 years’ experience working in architecture or information security, with at least 4 years focused on identity and access management.
• Current Azure certifications (e.g., Azure Security Engineer Associate).
• Strong knowledge of security and compliance standards and frameworks, such as ISO 42001, ISO 27001, MS CAF, and WAF.
• Excellent communication, leadership and interpersonal skills, with the ability to collaborate across teams and with external parties such as MSSP.
• Ability to work effectively in a fast‑paced, dynamic environment.
• A genuine passion for continuous learning and development in cyber‑security, staying up to date with the latest developments, trends and technologies in the field.
• High level of personal integrity and ethics, demonstrating an appropriate level of judgement and handling any potentially high‑pressure situations in a manner that upholds the highest ethical standards.

• Bachelor’s degree in Information Security, Computer Science, or a related field.
• Additional relevant security certifications, e.g. CISSP, SABSA, TOGAF.
• Legal or professional services experience is highly desirable.
• Knowledge of additional cloud platforms, e.g. AWS, GCP.
• Experience with zero‑trust architecture implementation and least‑privilege principles.
• Background in application security and secure SDLC practices.

Should you require additional support at any stage of the recruitment process due to a disability or a health condition, please do not hesitate to contact a member of our recruitment team who will work with you to provide any adjustments as required.

We are an equal opportunities recruiter and do not discriminate on the basis of race, colour, sex, religion, sexual orientation, national origin, disability, or any other protected characteristic.

We recognise that our people are our most valuable asset, which is reflected in the wide range of benefits that are available to our employees. Some of these benefits include: our occupational pension scheme, group income protection cover, private medical insurance, mental health resources and free apps, health and wellbeing services encompassing an onsite gym, wellbeing centre and GP service, emergency back‑up care support, parental and special leave, holiday entitlement increasing with length of service, holiday trading, season ticket loans and online discounts and lifestyle management services.