AI Products Security Manager

We are recruiting for an Artificial Intelligence Products Security Manager to join the A&O Shearman London office. Apply today via the link below or contact Cathie.McNeill@aoshearman.com for more information.

What you will do

• The Artificial Intelligence Products Security Manager will be responsible for ensuring the security of the firm’s externally facing AI-powered products.
• Establish and maintain a robust security posture, ensuring the confidentiality, integrity, and availability of our AI models, data, and infrastructure, with a specific focus on the unique security challenges presented by Contract Matrix and further inhouse built AI products.
• Work closely with legal, compliance, IT, and innovation teams to establish policies, assess risks, and guide responsible AI development and deployment across jurisdictions.

This will include:

• AI Product Security
  • Manage the security for the firm’s externally facing AI products, including ContractMatrix and other AI products currently in development by the firm.
  • Establish and embed processes for secure model development, training, and deployment of AI products.
  • Ensure that AI model behaviour in the firm’s AI products is continuously monitored for any anomalies and/or potential security breaches.
  • Conduct regular risk assessments and vulnerability analyses to identify potential security weaknesses in AI products and their environment.
  • Define, develop, and maintain security policies, procedures, and standards specific to the firm’s AI products, with a deep understanding of the product's architecture and functionality.
• Data Security & Privacy
  • Ensure the secure storage, processing, and transmission of any sensitive data stored on the firm’s AI products.
  • Manage the data encryption and access control mechanisms implemented on the firm’s AI products to ensure they are fit for purpose.
• Compliance & Governance
  • Ensure compliance with relevant security standards and regulations (e.g., ISO 27001, SOC 2) and any emerging AI regulations (e.g., ISO 42001, EU AI Act, UK AI Code of Conduct, GDPR) and ethical guidelines.
  • Standardise a control framework for any AI products produced by the firm, ensuring consistent security practices across all environments.
  • Oversee the undertaking of any Governance, Risk, and Compliance (GRC) tasks or activities related to AI products, such as responding to queries or requests from external parties or auditors pertaining to AI products.
  • Collaborate with legal teams to assess the impact of the AI product on client confidentiality, data protection, and professional responsibility.
• AI Risk Assessments and Review
  • Establish repeatable processes for security risk assessments and security assessments for any new AI products or new use cases existing products before they go to market, including bias detection and accountability.
  • Perform security risk assessments for new AI products before implementation, ensuring that all risks are recorded and tracked on an ongoing basis.
  • Review security assessments for new use cases for existing AI products before going to market, ensuring alignment with security policies and standards.
• Collaboration & Communication
  • Lead training and awareness initiatives on responsible AI use for lawyers, technologists, and business staff.
  • Stay abreast of global AI regulatory developments and advise leadership on implications for the firm.

What you will have

• Extensive experience in information security, with a significant focus on AI technologies, or alternatively extensive experience in AI technologies, products or big data, with a significant focus on information security in this area.
• Strong knowledge of AI concepts, data models, and engineering, with the ability to understand complex AI models in order to give tailored security advice.
• Strong understanding of AI related data protection laws, and ethical frameworks.
• Familiarity with AI risk management tools, model validation, and regulatory reporting requirements.
• Excellent communication and stakeholder engagement skills, with the ability to bridge technical and business perspectives.
• Confident in discussing complex AI models with product teams.
• Strong knowledge of secure development lifecycle and/or product security.
• You will stand out if you bring a Bachelor’s degree in Computer Science, Data Ethics, or a related field.
• Experience working in or with professional services or legal sector organisations.
• Certifications in AI ethics, data privacy (e.g., CIPP/E, CIPM), or risk management (e.g., CRISC).
• Experience with AI auditing, algorithmic impact assessments, or model governance platforms.
• Knowledge of legal technology tools and platforms (e.g., legal research AI, contract analytics, generative AI).
• Ability to lead cross-functional initiatives in a complex, multinational environment.

What we can offer you

• We recognise that our people are our most valuable asset, which is reflected in the wide range of benefits that are available to our employees.
• Some of these benefits include: our occupational pension scheme, group income protection cover, private medical insurance, mental health resources and free apps, health and wellbeing services encompassing GP service, emergency back-up care support, parental and special leave, holiday entitlement increasing with length of service, holiday trading, online discounts and lifestyle management services.
• Should you require additional support at any stage of the recruitment process due to a disability or a health condition, please do not hesitate to contact a member of our recruitment team who will work with you to provide any adjustments as required.
• We are an equal opportunities recruiter and do not discriminate on the basis of race, colour, sex, religion, sexual orientation, national origin, disability, or any other protected characteristic.
• Our approach to hybrid working seeks to combine and maximise the benefits of effective remote working with the benefits of being in the office. Our current hybrid working arrangements require office based working for a minimum of 60% of your time (i.e. three days per week for a full time role) in accordance with our hybrid working policy.