Reporting to the Director of Cyber Security Architecture, the Senior Principal Cyber Security Architect - AI will act as the lead security architecture advisor for AI-related initiatives across the organisation.
The role will provide strategic and technical guidance to ensure that AI systems, platforms, models, data pipelines, development environments, and third-party AI services are designed, deployed, and operated securely. Working closely with cyber security, engineering, data science, AI/ML, cloud, privacy, legal, risk, compliance, and product teams, the role will identify AI-specific security risks and define practical controls that protect the confidentiality, integrity, availability, privacy, and resilience of AI-enabled services.
The role will help shape and mature the organisation's AI security architecture, governance, standards, control framework, and secure-by-design patterns. Key areas of focus include secure AI architecture, GenAI and LLM security, MLOps security, data protection, model security, AI threat modelling, third-party AI assurance, security testing, incident readiness, and continuous control improvement.
Job Description- Provide senior security architecture leadership for AI initiatives, ensuring AI systems and services are secure by design and aligned with enterprise cyber security strategy, risk appetite, and regulatory expectations.
- Define and maintain AI security principles, standards, guardrails, reference architectures, design patterns, and production readiness criteria across the AI lifecycle.
- Advise on secure architecture for AI platforms, MLOps pipelines, data pipelines, model registries, vector databases, RAG solutions, prompt orchestration layers, APIs, AI agents, and cloud-based AI services.
- Design and support implementation of security controls across identity and access management, privileged access, secrets management, encryption, key management, network security, secure APIs, logging, monitoring, resilience, and incident response.
- Conduct AI-focused risk assessments, threat modelling, architecture reviews, and control gap assessments for new and existing AI use cases.
- Identify and support mitigation of AI-specific risks, including data leakage, prompt injection, model extraction, model inversion, training data poisoning, insecure output handling, excessive agency, insecure RAG implementations, supply chain compromise, and unauthorised access.
- Partner with engineering, data science, platform, and security teams to embed security into AI development, MLOps, CI/CD pipelines, deployment workflows, and operational monitoring.
- Advise on secure handling of training, validation, test, and production data, including data minimisation, anonymisation, access control, retention, lineage, provenance, and protection of confidential or regulated information.
- Assess security risks associated with third-party AI platforms, foundation models, SaaS AI tools, APIs, open-source models, datasets, plugins, extensions, and model marketplaces.
- Define security requirements for AI vendor due diligence, procurement, onboarding, contractual review, and ongoing supplier assurance.
- Work with security operations and incident response teams to define AI-specific logging, monitoring, detection, investigation, and response requirements.
- Monitor AI security developments, emerging threats, attack techniques, industry standards, and regulatory expectations, translating them into practical internal controls and guidance.
- Promote AI security awareness across engineering, production, data science, business, and technology teams through guidance, workshops, reusable patterns, and stakeholder engagement.
- Support the Director of Cyber Security Architecture with AI security strategy, governance, reporting, and other duties as required.
Qualifications- Significant experience in cyber security architecture, application security, cloud security, platform security, data security, or technology risk.
- Practical understanding of AI, machine learning, generative AI, large language models, MLOps, cloud AI services, and AI-enabled application architectures.
- Experience designing, reviewing, or implementing security controls for complex technology environments.
- Experience conducting risk assessments, threat modelling, security architecture reviews, and control gap assessments.
- Understanding of AI-specific threats, including prompt injection, data leakage, data poisoning, model extraction, model inversion, insecure output handling, supply chain compromise, and misuse of AI agents.
- Knowledge of secure software development, DevSecOps, CI/CD pipelines, APIs, identity and access management, encryption, logging, monitoring, and vulnerability management.
- Experience working with cloud platforms and modern data architectures.
- Ability to translate complex technical risks into clear business language for senior stakeholders.
- Strong communication, documentation, stakeholder management, and influencing skills.
- Preferred Experience
- Experience working with AI/ML engineering teams, data science teams, AI platform teams, or product teams delivering AI-enabled services.
- Experience with MLOps platforms, model registries, feature stores, vector databases, RAG architectures, prompt orchestration frameworks, or AI agent frameworks.
- Experience with AI, GenAI, or LLM security testing, red teaming, or adversarial testing.
- Familiarity with relevant AI security and governance frameworks such as NIST AI RMF, OWASP Top 10 for LLM Applications, MITRE ATLAS, ISO/IEC 42001, ISO 27001, NCSC/CISA secure AI guidance, CSA AI Controls Matrix, and applicable AI or privacy regulations.
- Experience assessing third-party AI services, SaaS AI tools, open-source models, foundation model providers, or cloud AI platforms.
- Experience creating security standards, control frameworks, technical patterns, policies, or governance processes.
- Experience in a regulated industry such as financial services, healthcare, telecommunications, energy, defence, or critical infrastructure would be advantageous.
Key Skills and Competencies
- Strong cyber security architecture and risk management capability.
- Practical understanding of AI security risks and secure AI lifecycle practices.
- Ability to design pragmatic security controls that enable innovation while managing risk.
- Strong analytical, problem-solving, communication, and stakeholder management skills.
- Ability to work across technical, risk, compliance, legal, privacy, and business teams.
- Ability to influence senior stakeholders and delivery teams without direct authority.
- Comfortable working with ambiguity, emerging technology, and fast-moving delivery environments.
- Strong documentation, standards development, and policy-writing capability.
Measures of Success
- AI security architecture, standards, and control framework defined, adopted, and continuously improved.
- Security requirements embedded into AI delivery, governance, and production readiness processes.
- AI use cases assessed consistently before deployment.
- High-risk AI security findings identified, tracked, and reduced.
- Improved visibility of AI assets, vendors, models, data flows, and production deployments.
- Reusable AI security patterns and guardrails adopted by engineering, AI, and platform teams.
- Improved AI security awareness across relevant business and technology teams.
- Alignment demonstrated with internal policies, external standards, and regulatory expectations.
Additional InformationPay Range - CAD $129000 to $180000 /annually
Our Benefits- Flexible working environment
- Volunteer time off
- LinkedIn Learning
- Employee-Assistance-Program (EAP)