Full-Time Principal Consultant, AI, Proactive Services (Unit 42)

• Conduct security assessments of AI systems and tools using frameworks such as: MITRE ATLAS, OWASP Top 10 for LLMs, NIST AI Risk Management Framework (AI RMF).
• Develop and execute assessment plans tailored to foundational models, base models, and SaaS-based AI tools.
• Analyze model architectures, training data pipelines, and deployment environments to identify potential security gaps and vulnerabilities.
• Provide expert guidance on securing AI systems, including: Adversarial ML defenses, Data poisoning prevention, Privacy-preserving AI techniques.
• Evaluate compliance with regulatory requirements and standards (e.g., GDPR, HIPAA, or emerging AI-specific regulations).
• Collaborate with the client’s cross-functional teams, conducting stakeholder interviews, interactive workshops, and meetings with technical teams and leadership teams.
• Stay up-to-date on the evolving threat landscape in AI and contribute to the development of innovative security solutions.
• Assist in the development of Risk Management, Compliance, and Security standards within professional services.
• Maintain industry knowledge of cybersecurity best practices within GRC.
• Maintain an understanding of the comprehensive threat intelligence landscape, key threat actors, MITRE ATT&CK TTPs and AI platforms security best practices.
• Lead or support cybersecurity risk assessments, audits, program and policy maturation and development, incident response tabletop exercises and expert witness cases.
• Manage the team, monitoring progress, tracking budget, mitigating risks, and ensuring key stakeholders are kept informed.
• Identify security risks and vulnerabilities while eliminating cybersecurity threats via stakeholder interviews, documentation review, and deep-dive testing and control validation.
• Evaluate client controls for compliance with legal, regulatory, privacy, policy, standards and security requirements.
• Effectively document and communicate audit, assessment, or compliance results, findings, and recommendations to stakeholders.

• 6-9+ years of experience performing information security and risk assessments.
• Former professional services and consulting experience preferred.
• Experience managing a team of consultants.
• Experience with GRC tools, technology, and implementation.
• Experience with security assessments/audits and prioritizing recommendations via quantitative risk scoring.
• Experience with securing AI systems within cloud environments.
• Experience with the lifecycle management of AI/ML models.
• Strong verbal and written communication skills.
• Knowledge of computer forensic tools, technologies and methods.

What is the last date for applying to the job?

Which countries are accepted for this remote job?