GenAI Cloud Security Chief Architect

We are seeking a seasoned GenAI Cloud Security Chief Architect to design, implement, and continuously improve our enterprise AI security posture across all major cloud providers (AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud Infrastructure) and on-prem/edge environments. This role will own the AI risk framework, perform security architecture reviews for agentic AI systems, and lead the secure design, deployment, and lifecycle management of AI agents (including MCP, ACP, and A2A patterns). The ideal candidate blends deep security engineering experience with modern AI/ML and MLOps/LLMOps knowledge, delivering secure-by-design solutions that are compliant, resilient, and business-aligned.

Key Responsibilities

• Strategy & Governance
  • Define and operationalize the AI Security Strategy covering models (foundation, open-source, fine-tuned), data pipelines, orchestration layers, agents, and integrations across AWS, Azure, GCP, and OCI.
  • Establish and maintain an AI Risk Framework (e.g., NIST AI RMF, ISO/IEC 23894), mapping to enterprise risk taxonomy, control objectives, and regulatory requirements (e.g., SOC 2, ISO 27001, NIST 800-53, CSA CCM).
  • Create AI security policies and standards (prompt safety, model access control, agent permissions, data retention, evaluation criteria, provenance & watermarking) and drive adoption across product and platform teams.
  • Lead AI Security Governance forums with Legal, Compliance, Privacy, Risk, and Data teams; champion secure-by-design and privacy-by-design principles.
• Architecture & Engineering
  • Perform Security Architecture Reviews for AI systems: Models: hosted (Azure OpenAI, Bedrock, Vertex AI), self-hosted (Open source, on-prem GPUs), retrieval augmented generation (RAG).
  • Agents: MCP servers, ACP patterns, A2A (Agent-to-Agent) communication, tool/plugin ecosystems, vector DBs, function calling.
  • Pipelines: data ingestion/ETL, feature stores, prompt libraries, guardrails, evaluators, and observability.
  • Develop and maintain security reference architectures for multi-cloud AI workloads, including: Identity & Access (IAM, workload identity federation, secrets & key management), Network segmentation, private connectivity, service endpoints, API gateways, Data security (classification, tokenization, encryption, confidential computing, secure enclaves), Model security (supply chain, signing, attestation, integrity verification, model provenance).
  • Design and implement agent safety controls: sandboxing, least-privilege tooling, capability constraints, policy enforcement (RBAC/ABAC), prompt injection defenses, jailbreak & prompt-leak mitigation, safe tool-use patterns.
  • Build secure AI agents and MCP/ACP/A2A integrations (e.g., tools for enterprise systems like ticketing, knowledge bases, DevOps, and cloud APIs), including: Runtime isolation (containers, microVMs), egress controls, command filtering, and audit trails.
  • Safety guardrails: content filters, toxicity checks, output validation, semantic gateways.
  • Observability: telemetry, tracing, prompt/result logging, risk scoring, red-team feedback loops.
  • Embed LLMOps/MLOps security in CI/CD: model artifact scanning, dependency SBOMs, policy-as-code, attestation, and controlled promotion through environments.
  • Implement continuous evaluation and guardrails: adversarial prompts, scenario-based testing, safety & accuracy metrics, drift detection, hallucination tracking, bias & fairness assessments.
  • Map AI controls to regulatory frameworks (e.g., financial sector, privacy laws including GDPR/CCPA/GLBA).
• Stakeholder Enablement
  • Partner with Cloud Architecture, Data Science, and Cloud Platform teams to deliver secure AI features at speed without compromising risk posture.
  • Educate and enable engineering teams: playbooks, secure coding guidelines for agents, prompt hygiene, model evaluation standards, and threat modeling workshops.
  • Communicate risk and value trade-offs to executives; produce clear dashboards and reports on AI security KPIs, incidents, and risk reduction.

Required Qualifications

• 10+ years in Information Security with 4+ years in cloud security and 2+ years in AI/ML or LLMOps security.
• Hands-on multi-cloud expertise: AWS: IAM, KMS, PrivateLink, Bedrock, SageMaker, GuardDuty, CloudTrail; Azure: Entra ID, Key Vault, Private Endpoints, Azure OpenAI, ML, Defender for Cloud; GCP: IAM, KMS, VPC-SC, Vertex AI, Cloud Armor, Audit Logs; OCI: IAM, Vault, Service Gateway, Data Science, Logging & Events.
• Security engineering proficiency: Zero Trust, policy-as-code (OPA/Conftest), secrets management (HashiCorp Vault), container security, SBOMs, SLSA, Sigstore.
• AI/LLM stack knowledge: RAG patterns, vector databases (Pinecone/Weaviate/FAISS), prompt engineering, guardrails (e.g., policy filtering), evaluation frameworks, agent orchestration (MCP/ACP/A2A, function/tool calling).
• Threat modeling and offensive testing for AI systems, including prompt injection and agent misuse.
• Strong understanding of privacy and compliance impacting AI (GDPR, CCPA, GLBA, sector-specific regs).

Preferred Qualifications

• Experience deploying agentic AI in production with secure toolchains and runtime isolation.
• Familiarity with confidential computing (AMD SEV, Intel SGX, Azure Confidential Computing, Nitro Enclaves) and privacy-preserving ML (differential privacy, federated learning, homomorphic encryption).
• Experience with model risk management and AI explainability/traceability (provenance, watermarking, evaluation pipelines).
• Background in financial services or other highly regulated industries.
• Expertise with data governance (catalogs, lineage, quality) and security posture management (CSPM/CNAPP) for AI workloads.

Certifications (Nice to Have)

• CISSP, CCSP, CISM Certified Cloud Security Professional (CCSP) equivalents for AWS/Azure/GCP/OCI.
• Machine Learning / AI certifications (e.g., AWS ML Specialty, Azure AI Engineer).