The Risk, Compliance and Integrity organization (RCI) brings together critical compliance, assurance, risk, and governance functions across the company to help meet compliance needs and enable our businesses to innovate securely. Operating as a critical second line of defense, we manage our operations through risk-based prioritization, technical validation, oversight, and consistent engagement with product engineering and legal counsel.
In this role, you will demands a deep understanding of AI/ML architectures, offensive security testing methodologies, and threat modeling, coupled with the ability to separately test existing and emerging cybersecurity and AI controls. As a second-line leader, you will need the ability to collaborate effectively across the engineering organization, provide constructive issues, and influence at all levels.
In addition to a deep technical security foundation, this role requires exceptional program management capabilities. The successful person will have a demonstrated ability to track, report on, and effectively manage complex technical assurance initiatives from inception to completion. This includes defining clear testing objectives, establishing metrics, monitoring the first line's remediation progress, and ensuring timely and accurate reporting to engineering stakeholders and risk committees.
Individual pay is determined by factors including job-related skills, experience, and relevant education or training.
US: $136000 - $197000 (USD) + 15% bonus target + equity + benefits
Learn more about benefits at Google.
Responsibilities
- Provide separate oversight and issues as a critical second line of defense function, establishing and maintaining comprehensive technical assurance testing frameworks for AI/ML and traditional security ecosystems.
- Design and execute technical assurance testing across both existing and emerging cybersecurity and AI controls to validate their design and operating effectiveness.
- Lead and coordinate cross-functional security testing initiatives (e.g., targeted control validation, AI red teaming, architecture reviews) to separately assess risks across AI product areas and engineering teams.
- Advocate for AI security assurance, effectively communicating testing results, control deficiencies, threat models, and mitigation strategies to first-line technical leadership, legal counsel and executive stakeholders.
- Enhance awareness of emerging AI threats, translating testing insights into actionable engineering recommendations.
Qualifications
Minimum qualifications:
- Bachelor's degree in Computer Science, Cybersecurity, Engineering, or equivalent practical experience.
- 7 years of experience in cybersecurity, technical assurance, IT audit, pen testing, or working within a second line of defense risk management function.
- Experience with enterprise-wide or cross-functional technical project planning and execution, including partnering with legal, policy, or compliance teams.
- Experience designing and executing security control testing methodologies and risk assessments for software, infrastructure, or AI/ML systems.
Preferred qualifications:
- Advanced degree in Computer Science, Cybersecurity, Artificial Intelligence, or a related field.
- Professional AI security or audit certifications such as CISSP, CISA, CISM, AIGP, AAIA, ISO 27001/42001 Lead Auditor or equivalent technical certifications.
- Experience working within a technology company or "Big Tech" ecosystem, navigating complex, hyper-scale infrastructure and distributed risk environments.
- Proven experience operating in a second line of defense role, including providing separate tests, control testing, and oversight to first-line business and engineering teams.
- Deep technical understanding of AI/ML specific vulnerabilities (e.g., adversarial attacks, training data extraction, prompt injection).