AI Security Senior Architect

Job description We are currently recruiting for an AI Security Senior Architect to join our London office. DEPARTMENT PURPOSE The Information Security team is a strategic enabler for our global law firm, focused on protecting client data, intellectual property, and business operations while enabling secure innovation. Through four key pillars Digital Trust, Technical Assurance, Security Operations, and Governance, Risk and Compliance (GRC) the team delivers comprehensive security solutions that align with our firms strategic objectives as well as client and regulatory requirements.

Our integrated approach combines secure by design principles relying on Identity and Access Management, Technical Assurance, continuous monitoring and incident response through Security Operations, and proactive risk management through GRC. Working closely with the Markets Innovation Group (MIG) and Fuse, the firms legal tech incubator, we ensure emerging technologies, and our innovative generative AI-powered tool are implemented securely while maintaining the confidentiality, integrity and availability of our systems and data.

This collaborative model allows us to stay ahead of evolving threats while supporting the firms digital transformation initiatives and maintaining the trust of our clients and stakeholders. ROLE PURPOSE The AI Security Senior Architect will be part of the Digital Trust team and will be responsible for architecting, maintaining and implementing the security of the Artificial Intelligence ecosystem in the organization.

The position will be accountable for the security of the firms flagship AI product Contract Matrix, as well as the security of the individual AI workloads. This role is critical in translating the organisations Digital Trust vision into a workable, mature and optimized function and service. This role requires extensive experience across all Identity and Access Management core disciples including identity management, identity governance and administration, privileged access, and conditional access and in particular, machine identities.

It also requires deep technical skills in the Dev Sec Ops . This role will support the transformation of IAM into a modern, automated, predictable and customer-oriented function. The ideal candidate will excel at Microsoft Entra , Microsoft Azure, workload identities, managed accounts, machine identity management, and translation of identified requirements into practical identity architecture and design. ROLE & RESPONSIBILITIES IAM Strategy and Architecture for Artificial Intelligence Leverage extensive knowledge and experience across all IAM disciplines to design, implement and continuously improve the portions of the organisational IAM architecture relating to AI workload identities.

Work with firms strategic technology partners in evaluating concepts to secure AI workloads, working towards the selection of the platform and architecture for securing them in the future. Influence and evaluate the decisions on the wider IAM components: directory, identity, privileged access, entitlements management to accommodate AI workloads into a coherent identity Configure and maintain technologies that support the IAM function and AI security such as Active Directory, Entra  Identity, Privileged Access, and Governance;
Conditional Access Policies (for AI IDs);
Cyber Ark, Palo Altos XSIAM and XSOAR platforms. Design and transition AI IAM service components into operation operational manuals, support patterns, standard changes, request management. AI Contract Matrix Security Governance Risk and Change Management Work alongside Contract Matrix product team to ensure that the solutions are designed securely from an access management perspective. Ensure adherence to the AI governance. Integrate security into the SDLC from the ground up, ensuring AI models and systems are secure by default.

Define and enforce secure coding practices for AI/ML components and APIs. Identify and assess threats specific to AI systems, such as model inversion, data poisoning, adversarial attacks, and model theft. Implement model encryption, and access controls to prevent unauthorized use or tampering. Provide training and guidance to development teams on AI security risks and mitigations. Work on internal and external audits and implement findings against ISO
27001 and ISO
42001 security standards. Collaborate with Client Audit, GRC and product teams in responding to client audit requests as they relate to AI use at the firm. Perform detailed security analysis of application architectures to provide assurance. Understand threat modelling and participate in major incidents responses with IAM and AI components. Review and approve the IAM components of solution designs. Collaborate with cloud infrastructure teams to implement IAM and AI security design patterns.

Ensure AI security controls are appropriately implemented in our environment and align with NIST and CIS benchmarks. Validate effectiveness of…