AI Security Analyst
- Contract
Company Description
Job Description
AI Security Analyst
Location: Houston, TX 77002 (Hybrid)
Contract
PPA #: 13832
Job Description:
Position Summary
The Artificial Intelligence Security Analyst will support the Client's Cybersecurity Program in establishing, implementing, and maturing the County’s Artificial Intelligence Governance and Security Program.
This position will assist in developing AI security standards, governance processes, risk assessments, compliance activities, and supporting documentation to promote the secure, responsible, ethical, and compliant adoption of artificial intelligence technologies throughout the County.
The Artificial Intelligence Security Analyst will collaborate with Governance, Risk, and Compliance, Information Security, Legal, Privacy, Procurement, Enterprise Architecture, technology teams, and business stakeholders to identify, evaluate, document, and mitigate risks associated with AI solutions and vendors. The position will help ensure AI initiatives align with County policies, cybersecurity requirements, industry best practices, and applicable state and federal laws and regulations.
Essential Duties and Responsibilities
- Support the development, implementation, and ongoing maturity of the Client's AI Governance and Security Program.
- Assist in establishing governance frameworks, processes, controls, and documentation for the responsible use of AI technologies.
- Perform security, privacy, compliance, and technology risk assessments for proposed and existing AI solutions.
- Evaluate AI use cases to identify cybersecurity, privacy, legal, ethical, operational, and compliance risks.
- Review proposed AI solutions for alignment with County policies, security requirements, governance standards, and applicable regulations.
- Develop and maintain AI security standards, procedures, guidelines, control requirements, and best-practice documentation.
- Assist with the development and maintenance of an enterprise inventory of AI systems, tools, vendors, models, and use cases.
- Support the classification and documentation of AI solutions based on risk, data sensitivity, business impact, and intended use.
- Conduct or support third-party AI vendor security reviews, due diligence assessments, and technology risk assessments.
- Evaluate vendor security documentation, privacy practices, data-handling processes, model governance practices, and contractual security requirements.
- Identify risks associated with AI data collection, processing, retention, sharing, model training, and output generation.
- Recommend appropriate technical, administrative, contractual, and procedural controls to mitigate identified AI risks.
- Collaborate with Information Security, Governance, Risk, and Compliance, Legal, Privacy, Procurement, Enterprise Architecture, and business units on AI-related initiatives.
- Provide security and governance guidance to County departments considering the acquisition, development, or use of AI technologies.
- Assist in developing processes for reviewing, approving, monitoring, and retiring AI solutions and use cases.
- Support the integration of AI governance requirements into existing cybersecurity, privacy, procurement, and technology governance processes.
- Assist in developing AI awareness, responsible-use, and secure AI usage training for County employees, contractors, and stakeholders.
- Monitor emerging AI threats, vulnerabilities, attack methods, security concerns, regulatory developments, and industry best practices.
- Research developments related to generative AI, machine learning, large language models, automated decision-making systems, and other emerging AI technologies.
- Support incident response, risk remediation, and corrective-action activities involving AI technologies when needed.
- Maintain accurate governance records, risk assessments, review documentation, control mappings, findings, and remediation recommendations.
- Prepare reports, briefings, presentations, dashboards, and recommendations for cybersecurity leadership and executive management.
- Communicate complex AI security and governance topics clearly to technical and nontechnical audiences.
- Perform other related cybersecurity, governance, risk, compliance, and AI program duties as assigned.
Qualifications
Required Qualifications
- Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, Information Systems, Risk Management, Data Science, Business Administration, or a related field.
- Professional experience in cybersecurity, information security, technology risk management, governance, risk and compliance, privacy, audit, or a related discipline.
- Knowledge of cybersecurity risk assessment methodologies, security controls, governance processes, and compliance practices.
- Understanding of artificial intelligence, machine learning, generative AI, large language models, or other emerging technology concepts.
- Experience reviewing technology solutions, vendors, systems, or applications for security, privacy, compliance, or operational risk.
- Experience developing or maintaining policies, standards, procedures, guidelines, risk assessments, or governance documentation.
- Knowledge of data security, privacy, access control, third-party risk, information governance, and secure technology adoption principles.
- Strong research, analytical, problem-solving, and risk evaluation skills.
- Strong written and verbal communication skills.
- Ability to prepare clear reports, presentations, recommendations, and technical documentation.
- Ability to communicate security and risk concepts to technical teams, business stakeholders, leadership, and executive audiences.
- Ability to collaborate effectively across legal, privacy, procurement, technology, security, and business functions.
- Ability to manage multiple assignments, priorities, assessments, and stakeholder requests.
- Ability to work independently while contributing effectively within a cross-functional team environment.
Preferred Qualifications
- Experience supporting an AI governance, AI security, responsible AI, or emerging technology risk management program.
- Experience performing security or risk assessments involving artificial intelligence, machine learning, generative AI, or automated decision-making technologies.
- Experience with Governance, Risk, and Compliance programs or platforms.
- Experience conducting third-party security reviews, vendor risk assessments, or technology due diligence.
- Familiarity with recognized AI governance, cybersecurity, privacy, or risk management frameworks.
- Experience developing security awareness, privacy awareness, or responsible technology-use training.
- Knowledge of public-sector cybersecurity, procurement, privacy, records management, or regulatory requirements.
- Experience working in a government, public-sector, critical infrastructure, or highly regulated environment.
- Relevant professional certifications in cybersecurity, privacy, audit, risk management, cloud security, or artificial intelligence governance.
Knowledge, Skills, and Abilities
- Knowledge of AI governance, AI security, responsible AI, and technology risk management principles.
- Knowledge of cybersecurity policies, standards, controls, frameworks, and regulatory requirements.
- Knowledge of security and privacy risks related to AI model development, deployment, operation, and third-party use.
- Understanding of risks associated with sensitive data exposure, unauthorized AI use, inaccurate outputs, model manipulation, data poisoning, prompt injection, and inappropriate automated decision-making.
- Ability to evaluate AI use cases from cybersecurity, privacy, compliance, legal, operational, and reputational perspectives.
- Ability to interpret policies, standards, laws, regulations, and contractual requirements.
- Ability to translate technical and regulatory requirements into practical security controls and business guidance.
- Ability to identify risk, assess potential impact, and recommend reasonable mitigation strategies.
- Ability to conduct research and remain informed about rapidly changing AI technologies, threats, and regulatory expectations.
- Ability to create clear, organized, and defensible governance and risk documentation.
- Ability to facilitate discussions and build consensus among stakeholders with different technical and business priorities.
- Strong attention to detail, sound professional judgment, and commitment to confidentiality.
- Strong organizational, time-management, presentation, and interpersonal skills.
Additional Information
All your information will be kept confidential according to EEO guidelines.
By clicking the link above or any third-party link within this posting, you are leaving this site and going to a third-party website where the third-party website's terms and privacy policy apply