GenAI Cloud Security Chief Architect

About the Role

Grade Level (for internal use): 13

We are seeking a seasoned GenAI Cloud Security Chief Architect to design, implement, and continuously improve our enterprise AI security posture across all major cloud providers (AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud Infrastructure) and on‑prem/edge environments. This role will own the AI risk framework
, perform security architecture reviews for agentic AI systems, and lead the secure design, deployment, and lifecycle management of AI agents (including MCP, ACP, and Thursday? actually: A2A patterns). The ideal candidate blends deep security engineering experience with modern AI/ML and MLOps/LLMOps knowledge, delivering secure‑by‑design solutions that are compliant, resilient, and business‑aligned.

• Define and operationalize the AI Security Strategy covering models (foundation, open‑source, fine‑tuned), data pipelines, orchestration layers, agents, and integrations across AWS, Azure, GCP, and OCI.
• Establish and maintain an AI Risk Framework (e.g., NIST AI RMF, ISO/IEC 23894), mapping to enterprise risk taxonomy, control objectives, and regulatory requirements (e.g., SOC 2, ISO 27001, NIST 800‑53, CSA CCM).
• Create AI security policies and standards (prompt safety, model access control, agent permissions, data retention, evaluation criteria, provenance & watermarking) and drive adoption across product and platform teams.
• Lead AI Security Governance forums with Legal, Compliance, Privacy, Risk, and Data teams; champion secure‑by‑design and privacy‑by‑design principles.

• Perform Security Architecture Reviews for AI systems:
  • Models: hosted (Azure OpenAI, Bedrock, Vertex AI), self‑hosted (Open source, on‑prem GPUs), retrieval augmented generation (RAG).
  • Agents: MCP servers, ACP patterns, A2A (Agent‑to‑Agent) communication, tool/plugin ecosystems, vector DBs, function calling.
  • Pipelines: data ingestion/ETL, feature stores, prompt libraries, guardrails, evaluators, and observability.
• Develop and maintain security reference architectures for multi‑cloud AI workloads, including:
  • Identity & Access (IAM, workload identity federation, secrets & key management).
  • Network segmentation, private connectivity, service endpoints, API gateways.
  • Data security (classification, tokenization, encryption, confidential computing, secure enclaves).
  • Model security (supply chain, signing, attestation, integrity verification, model provenance).
• Design and implement agent safety controls
  : sandboxing, least‑privilege tooling, capability constraints, policy enforcement (RBAC/ABAC), prompt injection defenses, jailbreak & prompt‑leak mitigation, safe tool‑use patterns.
continent? Actually:
• verw build secure AI agents and MCP/ACP/A2A integrations (e.g., tools for enterprise systems like ticketing, knowledge bases, Dev Ops, and cloud APIs), including:
  • Runtime isolation (containers, micro
    
    VMs), egress controls, command filtering, and audit trails.
  • Safety guardrails: content filters, toxicity checks, output validation, semantic gateways.
  • Observability: telemetry, tracing, prompt/result logging, risk scoring, red‑team feedback loops.
• Embed LLMOps/MLOps security in CI/CD: model artifact scanning, dependency SBOMs, policy‑as‑code, attestation, and controlled promotion through environments.
• Implement continuous evaluation and guardrails
  : adversarial prompts, scenario‑based testing, safety & accuracy metrics, drift detection, hallucination tracking, bias & fairness assessments.
• kayan? Actually:
• Map AI controls to regulatory frameworks атем: (eandez: (e.g., financial sector, privacy laws including GDPR/CCPA/GLBA).

• Partner with Cloud Architecture, Data Science, and Cloud Platform teams to deliver secure AI features at speed without compromising risk posture.
• Educate and enable engineering teams
  : playbooks, secure coding guidelines for agents, prompt hygiene, model evaluation standards, and threat modeling workshops.
• Communicate risk and value trade‑offs to executives; produce clear dashboards and reports on AI security KPIs, incidents, and risk reduction.

• 10+ years in Information Security with 4+ years in cloud security and 2+ years in AI/ML or LLMOps security.
• Hands‑on multi‑cloud expertise:
  • AWS: IAM, KMS, Private Link, Bedrock, Sage Maker, Guard Duty, Cloud Trail.
  • Azure:
    Entra , Key Vault, Private Endpoints, Azure OpenAI, ML, Defender for Cloud.
  • GCP: IAM, KMS, VPC‑SC, Vertex AI, Cloud Armor, Audit Logs.
  • OCI: IAM, Vault, Service Gateway, Data Science, Logging & Events.
• Security engineering proficiency: Zero Trust, policy‑as‑code (OPA/Conftest), secrets management (Hashi Corp Vault), container security, SBOMs, SLSA, Sigstore.
• AI/LLM stack knowledge: RAG patterns, vector databases (Pinecone/