Paylocity

Senior Security Architect(AI)

Paylocity$147K — $210K *
US-AnywhereRemote in United States
Information Technology
8 - 10 years of experience
Job Overview by Ladders

Qualifications

  • 10+ years of experience in Security Architecture or Information Security, including 2+ years focused on AI/ML security.
  • Proven ability to design durable, reusable AI security frameworks for product and engineering teams.
  • Excellent written and verbal communication skills for diverse audiences, including executives.
  • Experience with financial services regulatory environments and sensitivity of payroll and HR data.
  • Ability to influence across functions and leadership levels to deliver modern cybersecurity architecture.
  • Self-starter mindset, capable of driving initiatives from concept to execution.

Responsibilities

  • Serve on the AI Governance Committee as the information security and compliance SME for AI use case reviews.
  • Develop and operationalize AI risk assessment frameworks to evaluate security risk at scale.
  • Represent AI security on the Architecture Review Board, ensuring security considerations in architectural changes.
  • Lead threat modeling for AI/ML workloads to identify vulnerabilities and create secure design patterns.
  • Evaluate and operationalize new AI security tooling in collaboration with various teams.
  • Provide architectural guidance for AI use cases across product and corporate domains.
  • Integrate AI security guardrails into the Product Development Lifecycle (PDLC) process.

Benefits

  • Fully remote work arrangement with no in-office requirements.
  • Work during designated hours with flexibility based on business needs and performance.
  • Opportunities to influence and collaborate across various teams and departments.
Full Job Description
Job Type

Full-time

Description

This is a fully remote position, allowing you to work from home or location of record within the U.S. with no in-office requirements. You must be available five days per week during designated work hours. The work arrangement for this role is subject to change based on business needs and individual performance. This may include adjustments to on-site requirements or schedule expectations, as necessary.

Senior Security Architect (AI)

Position Overview

The Senior AI Security Architect is a forward-looking, technical role within Paylocity's Information Security organization, responsible for defining how AI and Machine Learning systems are securely designed, deployed, and governed across the enterprise and the Paylocity product portfolio. As a senior member of the Information Security team, you will serve as a trusted advisor and subject matter expert on AI/ML security, collaborating with cross-functional partners across Product & Technology (P&T), Data Science, Procurement, Enterprise Applications, Legal, and Privacy to embed security and trust into every layer of Paylocity's AI ecosystem.

This is a hands-on, high-visibility role in a fast-paced, SaaS-based, and innovation-driven environment. You will hold a permanent seat on the AI Governance Committee (AIGC) as the security and compliance Subject Matter Expert (SME), and you will represent AI security considerations on the Architecture Review Board (ARB) to ensure security is baked in by design. The ideal candidate is a self-starter with deep technical expertise in AI/ML security, strong communication skills, and a passion for building secure, scalable, and responsible AI systems that protect Paylocity's clients, employees, and data.

Primary Responsibilities

The Senior AI Security Architect is accountable for maintaining the confidentiality, integrity, and availability of Paylocity's AI/ML platforms, models, data pipelines, and the broader systems and data they connect. This includes leading to the development of secure AI architectural patterns, evaluating AI-specific technical risks, and partnering with engineering, product, and data science teams to implement effective security controls across the AI lifecycle.

Key Responsibilities
  • AI Security Governance: Serve as a critical member of Paylocity's AI Governance Committee (AIGC), acting as the information security and compliance SME for all AI use case reviews, baseline control definitions, risk trigger evaluations, and escalation decisions across product and corporate AI initiatives.
  • AI Risk Assessment Frameworks: Develop, mature, and operationalize frameworks and risk assessment instruments (intake flows/tools, scoring logic, control mapping, and assessment automation) that enable Paylocity to evaluate AI security risk consistently and at scale across hundreds of use cases.
  • Architecture Review Board Representation: Serve as the AI security voice on the Architecture Review Board (ARB), reviewing proposed architectural changes, new AI technologies, RAG patterns, agentic workflows, Agent-to-agent workflows, MCP integrations, and model deployments to ensure AI security considerations are embedded in every design decision.
  • AI Threat Modeling & Secure Design Patterns: Lead threat modeling for AI/ML workloads, proactively identifying AI-specific vulnerabilities such as prompt injection, data poisoning, model theft, model inversion, training data leakage, and adversarial attacks; translate findings into reusable secure design patterns and reference architectures for LLMs, RAG architectures, and Agentic AI workflows.
  • AI Security Tooling Strategy: Lead the evaluation, pilot, and review of new AI security tooling (e.g., LLM firewalls, prompt injection defenses, model security testing, AI-SPM, AI red-teaming platforms, AI-BOM), partnering with Procurement, Legal, and engineering to operationalize selected tooling into Paylocity's control stack.
  • Product & Corporate AI Use Case Evaluation: Lead security reviews and architectural guidance for AI use cases across both the product security space (e.g., AI Assistant, Recruiting AI, Resume Parsing, Recognition & Rewards, Time Series Forecasting, Content Moderation) and the corporate security space (e.g., Claude Code, GitHub Copilot, internal AI productivity tools, Shadow AI remediation).
  • SDLC Integration: Enhance AI security guardrails into Paylocity's Product Development Lifecycle (PDLC)-including Vision, Design, and Planning phases-ensuring AI security criteria are baked into Definition of Ready/Definition of Done, prompt injection guardrails are defined early, and pen testing and red-teaming are scheduled in the planning stage.
  • Hardened AI Cloud Workloads: Partner with Cloud Center of Excellence (CCOE), application teams and DevSecOps to deliver hardened, pre-tested cloud AI infrastructure patterns (Snowflake access models, Azure OpenAI, AWS Bedrock/SageMaker, GCP Vertex AI) that reduce vulnerabilities and provide engineering teams with a secure foundation for AI development.
  • Compliance & Regulatory Alignment: Ensure Paylocity's AI capabilities are aligned with relevant regulatory and industry frameworks including NIST AI RMF, ISO/IEC 42001, OWASP LLM Top 10, MITRE ATLAS, SOC 1/SOC 2, GDPR, CCPA, and applicable state AI regulations, partnering with GRC, Privacy, and Legal teams on audit readiness and evidence generation.
  • Executive Communication: Translate complex AI security risks, trends, and architectural decisions into clear, executive-ready narratives for the CISO, CIO, AIGC, Architecture Review Board, and Board-level reporting.

Other Responsibilities

As a senior architect within the Information Security organization, you will also occasionally serve as a technical architect across traditional security domains, supporting Paylocity's broader security strategy and partnering with the following teams as needed:
  • Product Security: Where necessary, partner with the Product Security function on secure design reviews, WAF strategy for AI/API workflows, application-layer threat modeling, and Product Security Incident Response(PSIRT) support for AI-driven features.
  • Threat Management: Collaborate with Detection & Response Engineering and Threat Intelligence to define AI-specific detection use cases, integrate AI telemetry into SIEM/SOAR (Exabeam), and contribute to incident response playbooks for AI-related incidents.
  • DevSecOps: Embed AI security testing into CI/CD pipelines, partnering with the DevSecOps team on SAST/DAST/APE/Secrets Scanning coverage for ML code, model artifacts, and AI-enabled applications.
  • M&A Support: Provide AI security due diligence and integration support for acquired entities (e.g., Grayscale-type integrations), ensuring acquired AI capabilities are assessed and aligned to Paylocity enterprise standards.
  • Other duties may be assigned as needed.

Technical Expertise

Demonstrated experience in architecting and securing AI/ML systems and the platforms that support them. The ideal candidate has hands-on experience across several of the following domains:
  • AI/ML Platforms & Frameworks: OpenAI, Anthropic Claude, Azure OpenAI, AWS Bedrock & SageMaker, Google Vertex AI, Hugging Face, LangChain, LangGraph, vector databases (such as Pinecone, pgvector), and Snowflake Cortex.
  • AI Security Frameworks & Standards: NIST AI RMF, ISO/IEC 42001, OWASP LLM Top 10, OWASP ML Top 10, MITRE ATLAS, Google SAIF, and Databricks AI Security Framework.
  • GenAI, RAG & Agentic AI Security: Prompt injection defenses, output filtering, RAG access controls and data leakage prevention, retrieval source provenance, agent identity, agent-to-agent (A2A) security, certificate management, API security, service mesh patterns, and Model Context Protocol (MCP) security considerations.
  • Cloud Security: AWS, Azure, and GCP native security services; Kubernetes and container orchestration security; cloud workload protection and posture management (Wiz).
  • Identity & Access Management: Active Directory (Azure AD, On-prem), Privileged Access Management (PAM), Public Key Infrastructure (PKI), SailPoint/IAP, non-human identity, and secrets management.
  • Data Protection: Data classification and labeling for AI training and inference data, Data Loss Prevention (ProofPoint, ForcePoint), tokenization, and PII/PHI handling within model pipelines.
  • Monitoring, Detection & Response: SIEM/SOAR (Exabeam), AI/LLM observability, model drift and abuse monitoring, Shadow AI detection (e.g., via Cisco Umbrella logs), and Web Application Firewalls (F5 ASM, Imperva).
  • DevSecOps & Automation: Embedding AI security testing (SAST/DAST/APE/Secrets Scanning) into CI/CD; scripting in Python (preferred), PowerShell, or Bash to automate assessments and controls.
  • Threat Modeling Techniques: STRIDE, DREAD, PASTA, and AI-extended threat modeling for ML pipelines and agentic systems.

Qualifications
  • Proven ability to design durable, reusable AI security frameworks that improve velocity and quality across product and engineering teams.
  • Demonstrated experience influencing across functions and leadership levels to deliver modern, cloud-native cybersecurity architecture.
  • Working knowledge of financial services / FinTech / HR-tech regulatory environments and the unique data sensitivity of payroll, HR, and benefits data.
  • Experience evaluating current and emerging AI technologies and recommending the best solutions to achieve a future-state, secure AI architecture.
  • Excellent written and verbal communication skills, with the ability to translate complex AI security concepts for both technical and executive audiences.
  • Risk-based mindset that balances innovation with security, enabling the business to move quickly while protecting Paylocity's clients and data.
  • Ability to operate independently, driving initiatives from concept to execution while keeping stakeholders informed and engaged.

Education and Experience
  • Bachelor's degree in information security, Computer Science, Information Science, Data Science, or a related field.
  • 10+ years of experience in Security Architecture, Information Security, or related technical roles, with at least 2+ years specifically focused on AI/ML, Generative AI, or Agentic AI security.
  • Deep understanding of at least one of the security frameworks and methodologies including:
    • NIST Cybersecurity Framework (CSF) and NIST AI Risk Management Framework (AI RMF)
    • NIST Risk Management Framework (RMF) and SP 800-53
    • MITRE ATT&CK and MITRE ATLAS
    • OWASP LLM Top 10 and OWASP ML Top 10
    • Threat modeling techniques such as STRIDE, DREAD, and PASTA

Certifications (Preferred)
  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Security Manager (CISM)
  • Specialized AI/ML security certifications (e.g., CSA Certificate of AI Security - CAISP, AI Security Institute (AISI) credentials, ISO/IEC 42001 Lead Implementer/Auditor)
  • Other relevant certifications in cloud security, AI governance, architecture, or risk management

Physical requirements
  • Ability to sit for extended periods: The role requires sitting at a desk or workstation for long periods, typically 7-8 hours a day.
  • Use of computer and phone systems: The employee must be able to operate a computer, use phone systems, and type. This includes using multiple software programs and inquiries simultaneously.

About Paylocity

Paylocity Holding Corporation provides cloud-based payroll and human capital management (HCM) software solutions for medium-sized organizations in the United States. The company offers Payroll module that enables clients to automate key payroll processes and manage compliance; Core HR module, which provides a set of HR capabilities enabling clients to manage HR data; and Talent module that enable clients to manage their talent throughout employees' tenures, starting at recruiting and carrying through onboarding, learning, and performance management. It also provides Workforce Management module that enables clients to manage their time and labor processes; Benefits module, which offers benefit management solutions for healthcare and retirement plans; and Analytics module that enables clients to analyze and report on their business data. In addition, the company provides implementation and training, client and employee self-service, and online support and customer resources services. It markets and sells its products through direct sales force primarily to clients in the professional services, technology, retail, and financial services industries. Paylocity Holding Corporation was founded in 1997 and is headquartered in Schaumburg, Illinois.
Learn more about Paylocity
Size
4,150 employees
Market Cap
$10.5 billion
Industry
Net Income
$67.1 million
Founded
1997
5 Year Trend
+23.2%
Revenue
$584.3 million
NASDAQ

Similar Jobs

More Jobs at Paylocity

More Information Technology Jobs

Find similar Senior Security Architect(AI) jobs: