Privacy and Security Technical Assurance Lead, Rci

Google · Big Tech · Dublin, Ireland

This role leads AI security assurance testing programs, focusing on independent technical validation and oversight of AI/ML controls. It involves offensive security testing, threat modeling, and collaborating with engineering and legal teams to ensure compliance with AI regulations. The primary output is the assurance testing framework and identified vulnerabilities, with a secondary focus on the security of tuned AI models.

What you'd actually do

Provide separate oversight and issues as a critical second line of defense function, establishing and maintaining technical assurance testing frameworks for AI/ML and traditional security ecosystems.
Lead cross-functional security testing initiatives (such as AI red teaming and architecture reviews) and conduct in-depth assessments to proactively identify complex vulnerabilities like prompt injection or data poisoning.
Lead AI security by effectively communicating testing results, control deficiencies, and mitigation strategies to technical leadership, legal counsel, and executive stakeholders.
Translate testing insights into actionable engineering recommendations and partner with first-line research and product teams to continuously optimize privacy and security strategies for Generative AI and traditional ML models.
Collaborate with the Legal department to evaluate the compliance implications of identified AI privacy and security risks, ensuring all assurance efforts align with internal policies and evolving global AI regulations.

Skills

Required

7 years of experience in cybersecurity, technical assurance, IT audit, penetration testing, or working within a second line of defense risk management function.
Experience with enterprise-wide/cross-functional technical project planning and execution, including partnering with legal, policy, or compliance teams.
Experience designing and executing security control testing methodologies and risk assessments for software, infrastructure, or AI/ML systems.
Experience with cybersecurity adjacent regulations (e.g., EU Digital Services Act, EU AI Act, NIS2, DORA).
Deep technical understanding of AI/ML specific vulnerabilities (e.g., adversarial attacks, training data extraction, prompt injection).

Nice to have

Advanced degree in Computer Science, Cybersecurity, Artificial Intelligence, or a related field.
Professional AI security or audit certifications such as CISSP, CISA, CISM, AIGP, AAIA, ISO 27001/42001 Lead Auditor or equivalent technical certifications.
Experience working within a technology company or "Big Tech" ecosystem, navigating complex, hyper-scale infrastructure and distributed risk environments.
Proven experience operating in a second line of defense role, including providing separate tests, control testing, and oversight to first-line business and engineering teams.

What the JD emphasized

AI Security assurance testing programs
offensive security testing methodologies
threat modeling
independently test
second-line leader
bias toward action
building and managing robust, independent security testing programs
complex technical assurance initiatives
AI red teaming
AI privacy and security risks
AI/ML specific vulnerabilities
adversarial attacks
training data extraction
prompt injection

Other signals

AI security assurance testing
offensive security testing methodologies
threat modeling
independent technical validation
AI red teaming
Generative AI
traditional ML models
AI privacy and security risks
global AI regulations

Read full job description

The Risk, Compliance and Integrity organization (RCI) brings together critical compliance, assurance, risk, and governance functions across the company to help meet compliance needs and enable our businesses to innovate securely. Operating as a critical second line of defense, we manage our operations through risk-based prioritization, independent technical validation, oversight, and consistent engagement with product engineering and legal counsel.

In this role, you will drive key AI Security assurance testing programs. You will require a deep understanding of AI/ML architectures, offensive security testing methodologies, and threat modeling, coupled with the ability to independently test existing and emerging cybersecurity and AI controls. As a second-line leader, you will need the ability to collaborate effectively across the engineering organization, provide constructive challenges, and influence at all levels. You will have a bias toward action, exceptional communication skills, and a track record of building and managing robust, independent security testing programs.

In addition to a deep technical security foundation, you will require exceptional program management capabilities, and demonstrated ability to track, report on, and effectively manage complex technical assurance initiatives from inception to completion, which includes defining clear testing objectives, establishing metrics, monitoring the first line's remediation progress, and ensuring timely and accurate reporting to engineering stakeholders and risk committees.

Individual pay is determined by factors including job-related skills, experience, and relevant education or training.

Ireland: €112000 - €115000 (EUR) + 15% bonus target + equity + benefits

Learn more about benefits at Google.

Responsibilities

Provide separate oversight and issues as a critical second line of defense function, establishing and maintaining technical assurance testing frameworks for AI/ML and traditional security ecosystems.
Lead cross-functional security testing initiatives (such as AI red teaming and architecture reviews) and conduct in-depth assessments to proactively identify complex vulnerabilities like prompt injection or data poisoning.
Lead AI security by effectively communicating testing results, control deficiencies, and mitigation strategies to technical leadership, legal counsel, and executive stakeholders.
Translate testing insights into actionable engineering recommendations and partner with first-line research and product teams to continuously optimize privacy and security strategies for Generative AI and traditional ML models.
Collaborate with the Legal department to evaluate the compliance implications of identified AI privacy and security risks, ensuring all assurance efforts align with internal policies and evolving global AI regulations.

Qualifications

Minimum qualifications:

Bachelor's degree in Computer Science, Cybersecurity, Engineering, or equivalent practical experience.
7 years of experience in cybersecurity, technical assurance, IT audit, penetration testing, or working within a second line of defense risk management function.
Experience with enterprise-wide/cross-functional technical project planning and execution, including partnering with legal, policy, or compliance teams.
Experience designing and executing security control testing methodologies and risk assessments for software, infrastructure, or AI/ML systems.
Experience with cybersecurity adjacent regulations (e.g., EU Digital Services Act, EU AI Act, NIS2, DORA).

Preferred qualifications:

Advanced degree in Computer Science, Cybersecurity, Artificial Intelligence, or a related field.
Professional AI security or audit certifications such as CISSP, CISA, CISM, AIGP, AAIA, ISO 27001/42001 Lead Auditor or equivalent technical certifications.
Experience working within a technology company or "Big Tech" ecosystem, navigating complex, hyper-scale infrastructure and distributed risk environments.
Proven experience operating in a second line of defense role, including providing separate tests, control testing, and oversight to first-line business and engineering teams.
Deep technical understanding of AI/ML specific vulnerabilities (e.g., adversarial attacks, training data extraction, prompt injection).