Director, AI Security

Responsibilities

• AI Security Strategy & Governance
• Define, own, and continuously mature the IRC's AI security strategy and program roadmap
• Establish and maintain the organization-wide AI agent registry - a governed inventory of all AI agents in production, including their purpose, permissions, data access, and accountable owners
• Develop and publish secure-by-default standards, frameworks, and reference architectures for internal AI agent development
• Create and enforce AI security policies covering agent development, deployment, monitoring, and decommissioning
• Report AI security risk posture, program progress, and emerging threats to the CISO and senior leadership on a regular cadence; serve as a key member of the security leadership team
• Security Risk Assessment & Review
• Coordinate and perform GIS security reviews within the organization's AI governance framework, ensuring AI platforms, agents, and use cases receive appropriate security assessment and approval prior to production deployment.
• Partner with AI Governance, Privacy, Legal, and Technology stakeholders to support the AI intake, assessment, and stage-gating process, providing security expertise, control requirements, and risk-based recommendations throughout the solution lifecycle.
• Perform security risk assessments and classify AI platforms, agents, and use cases according to the approved risk-tiering model, applying review, control, and approval requirements proportionate to risk.
• Conduct a structured controls assessment for every use case, validating that mandatory security baseline requirements are met - including least-privilege access, credential management, audit logging, data minimization, human-in-the-loop checkpoints, and kill switch capability
• Issue formal, documented approval decisions for every reviewed use case - Approved, Approved with Conditions, or Not Approved - with a full written rationale recorded in the AI agent registry to maintain an auditable approval history
• Manage defined SLA timelines for all reviews (Tier 1: 5 business days, Tier 2: 10 business days, Tier 3: 15 business days) to ensure security review does not become a blocker to business unit velocity
• Conduct periodic reassessments of all active agents on a risk-appropriate cycle - annually for Tier 1, semi-annually for Tier 2, and quarterly for Tier 3 - and trigger immediate out-of-cycle reviews whenever a material change is made to an agent's capabilities, data access, or toolset
• Monitor the evolving AI threat landscape on an ongoing basis and proactively assess whether newly discovered attack techniques - including new prompt injection methods, jailbreaks, or model-specific vulnerabilities - expose any currently approved use cases, initiating remediation where required
• Lead post-incident reassessments for any active agent involved in a security incident, updating the agent's approval status and controls requirements based on findings
• Evaluate third-party AI tools, models, and platforms for security risk prior to organizational adoption
• Maintain a risk register specific to AI systems, tracking identified vulnerabilities, mitigations, and residual risk
• Report aggregate review metrics to the CISO on a regular cadence - including number of use cases reviewed, approval rates by tier, common findings, and AI risk distribution across busin

Benefits

Additional Information

The International Rescue Committee (IRC) responds to the world's worst humanitarian crises, helping to restore health, safety, education, economic wellbeing, and power to people devastated by conflict and disaster. Founded in 1933 at the call of Albert Einstein, the IRC is one of the world's largest international humanitarian non-governmental organizations (INGO), at work in more than 40 countries and 29 U.S. cities helping people to survive, reclaim control of their future and strengthen their communities. A force for humanity, IRC employees deliver lasting impact by restoring safety, dignity and hope to millions. If you're a solutions-driven, passionate change-maker, come join us in positively impacting the lives of millions of people world-wide for a better future. Job Role Overview The Director, AI Security is a newly created senior leadership role responsible for building, leading, and continuously maturing the IRC's AI security function. As AI agents and AI-powered tools proliferate across the business, this role sets the organizational direction for securing AI systems - from initial design through production deployment, ongoing governance, and team development. This is a high-visibility, cross-functional leadership role that sits at the intersection of security engineering, risk management, and emerging technology. The Director, AI Security will advise the CISO, build and develop a dedicated AI security team, own the function's budget, and partner with Security Operations, Identity & Access Management, Governance Risk & Compliance, and business unit technology teams to ensure AI adoption is secure by design.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at theirc? Share your experience