- Develop, implement, and oversee comprehensive risk management programs for AI security, ensuring alignment with the firm's overall risk appetite and regulatory requirements.
- Lead risk assessments, audits, and vulnerability tests on our AI systems to identify potential risks and propose mitigation strategies.
- Stay abreast of the latest developments in AI security, ensuring our systems and protocols are up-to-date and compliant with industry standards.
- Provide leadership and guidance to staff on best practices for AI security, fostering a culture of security awareness across the organization.
- Prepare regular risk and control reports focusing on AI security for senior management, highlighting key audit, risks and control issues.
- Monitor and report on the effectiveness of technology, information and cybersecurity risk controls, identifying any control weaknesses and recommending improvements.
- Coordinate with second and third-line risk functions to ensure a unified approach to audit & risk management.
What qualifications or skills should you possess in this role
- Bachelor's Degree in Information Technology, Computer Science, Engineering or equivalent
- Minimum of 10 years of relevant experience in IT risk management involving Information, Technology and Cyber Security risk, with a significant focus on AI security
- Demonstrated expertise in AI security, including understanding of machine learning algorithms, data protection, privacy considerations, and adversarial attack strategies
- Experience in implementing AI security measures, such as robustness testing, adversarial training, and federated learning
- Familiarity with AI ethics and regulatory considerations, including GDPR, CCPA, and other relevant data protection regulations pertaining to AI
- Strong influencing, problem solving, analytical and interpersonal skills
- Experience in organization IT risk appetite and key risk indicator management, monthly data driven report generation and presentation to senior management, and independent assessment of incident root cause analysis will be required
- Knowledge of the Banking Act MAS Technology Risk Management Guidelines, MAS Notice 644, MAS 655, Information Security Policy, Cyber Security Act, MAS Outsourcing Guidelines etc. will be advantageous
- Possession of professional qualifications e.g. CISA, CRISC will be advantageous
