Director, AI Security Automation

Title: Director, AI Security Automation

Location: 100% Remote

Description:
About Us:

Our Global Information Security (GIS) organization is committed to protecting the digital integrity of one of the world’s most recognized hospitality brands. As AI adoption accelerates across the enterprise — from conversational search and copilot agents to agentic booking systems and contact center AI — the volume and complexity of security reviews is outpacing manual processes. We are seeking a visionary Director, AI Security Automation Engineer to transform how conducts security reviews for AI systems — replacing ad hoc, manual assessments with repeatable, AI-assisted, graph-informed review operations at enterprise scale.

Position Overview:

The Director, AI Security Automation Engineer will serve as a senior technical leader responsible for standardizing, scaling, and automating security review pipeline for AI systems. This individual contributor role sits at the intersection of security governance, engineering, and operations: designing the repeatable patterns that turn security controls into actionable, template-driven reviews; building AI-powered tooling that compresses review cycle times; and constructing the graph-based knowledge architecture that lets the organization reason computationally about control coverage, risk relationships, and cross-review patterns across the entire AI system inventory.

The ideal candidate will combine deep expertise in security risk assessment and threat modeling with hands-on engineering capability in AI/ML automation, graph databases, and knowledge representation — someone who can design a security review archetype template in the morning, write the Go service that projects it into a labeled property graph in the afternoon, and brief an executive on pipeline throughput metrics before end of day.

Key Responsibilities:

• Security Review Process Standardization: Design and operationalize review archetype templates for AI deployment patterns — including agentic AI, conversational AI platforms, IoT+AI, contact center AI, and enterprise SaaS AI — each with distinct control mapping surfaces. Develop deployment-paradigm-specific intake questionnaires (SaaS, On-Premises, Managed Service, Hybrid, Multi-Cloud, Integrated API) that auto-route to control checklists.
• Throughput Engineering: Define review complexity weighting models with cycle time targets. Establish acceptance criteria and measurable throughput metrics — cycle time, queue depth, completion rate, and rework rate — and own the operational dashboards that track them.
• AI-Assisted Assessment Automation: Architect and deliver LLM-powered security assessment capabilities including threat model draft generation from architecture descriptions, automated control-to-architecture mapping, risk recommendation engines, and cross-review pattern recognition. Design automated intake and triage pipelines with intent classification, complexity scoring, archetype detection, and priority assignment integrated with workflow platform APIs.
• Pattern Graph and Knowledge Architecture: Build and maintain a security pattern graph ontology — a labeled property graph connecting patterns, controls, components, threats, standards, deployment paradigms, risk dimensions, and impact tiers into a queryable knowledge graph. Implement graph-based tooling for gap analysis traversals from risk dimensions to unaddressed controls, tier compliance queries across AI risk classifications, and cross-pattern coverage analysis.
• Control Mapping and Evidence Pipelines: Build repeatable control mapping patterns linking security controls to review findings and AI risk dimensions to review requirements. Develop OSCAL-aligned evidence packaging pipelines that machine-readably connect review findings to control attestations for compliance reporting.
• Governance Pipeline Optimization: Map and optimize the full security review governance pipeline — from intake through architecture review board to production authorization — with AI-specific fast-track criteria. Drive process alignment with EU AI Act obligations including risk classification, risk management documentation, and quality management system traceability.
• Cross-Functional Coordination: Coordinate with platform engineering teams on review intake automation, authorization lifecycle integration, and evidence collection API contracts. Coordinate with assurance and risk teams on risk scoring and independent verification handoff criteria. Produce pipeline health metrics feeding into security telemetry and observability systems.

Qualifications:

• Experience: 10+ years designing, building, and operating complex data models, knowledge graphs, or system architectures — particularly in domains requiring structured reasoning over large rule sets, policy frameworks, or compliance taxonomies. 2+ years in cybersecurity, security architecture, or security risk management with hands-on exposure to security assessments, threat modeling, control mapping, or risk analysis in enterprise or regulated environments.
• Demonstrated experience applying AI/ML to automate security, compliance, or GRC workflows at enterprise scale — not just using AI tools, but building them.
• Track record of process transformation: converting manual, unscalable review processes into repeatable, metrics-driven, AI-assisted operations with measurable throughput improvements.
• Experience with knowledge graph architectures, ontology design, or graph-based reasoning applied to compliance, risk, security, or regulatory domains.
• Proven experience delivering production-grade automation systems in enterprise environments.
• Strong communication and interpersonal skills, with the ability to brief senior executives on pipeline metrics, present threat models to architecture review boards, and coordinate across security, privacy, engineering, and product teams.

Technical Skills:

• Deep understanding of AI system architectures: large language models, agent frameworks, retrieval-augmented generation pipelines, Model Context Protocol (MCP), embeddings, vector stores, and multi-agent orchestration patterns.
• Experience with graph databases and knowledge representation — Neo4j, KuzuDB, NetworkX, openCypher, GraphML — for building queryable control, risk, and pattern ontologies. Familiarity with labeled property graph modeling, faceted ontology design, and graph learning techniques for pattern recognition across structured security data.
• Proficiency in Go and Python for building production-grade automation tooling, graph export engines, API integrations, and data pipelines.
• Experience with AI/ML frameworks for security automation: PydanticAI, LangChain, or similar agent frameworks; foundation model APIs (Claude via Bedrock, GPT via Azure OpenAI, or equivalent).
• Experience with security review frameworks and controls: NIST AI RMF, ISO 42001, NIST CSF, OSCAL, OWASP LLM Top 10, OWASP Agentic Top 10, and MITRE ATLAS.
• Experience with ServiceNow, Jira, or similar workflow platforms and their APIs for end-to-end process automation.
• Familiarity with secure DevOps/MLOps pipelines, CI/CD security gates, infrastructure-as-code for AI systems, and OSCAL evidence schemas.
• Proficiency in security protocols, encryption methods, and vulnerability assessment tools.