# AI Security Governance Architect Remote from[Spain](https://jobicy.com/job-region/spain.md)Annual salary Undisclosed Salary information is not provided for this position. Check our [Salary Directory](https://jobicy.com/salaries.md) to estimate the average compensation for similar roles.Department [Legal & Compliance](https://jobicy.com/categories/legal.md) Employment type Full Time, Job posted19 Jun 2026Apply before19 Jul 2026Experience level Senior Views / Applies 974 / 125 [About company](https://jobicy.com/company/plain-concepts.md) [Share](#share) About [Plain Concepts](https://jobicy.com/company/plain-concepts.md) Transforming ideas into digital solutions with cutting-edge technology. * [Information Technology & Services](https://jobicy.com/company-category/information-technology-services.md) * 2006 Actively Hiring Verified job posting This job post has been [manually reviewed](https://jobicy.com/tools/help-center/employee/how-does-jobicy-verify-the-legitimacy-of-remote-job-listings.md) for authenticity and compliance. Tailor Resume Check Job Fit Cover Letter ### Tailor my resume to this job Discover how to best rewrite and optimize your resume for this specific job. You'll receive personalized suggestions and detailed guidance to highlight your key strengths, effectively address the job requirements, and make your application more compelling to recruiters and hiring managers. After analyzing your resume, I can provide several recommendations to better position yourself for this role. Your background in software development shows strong technical skills, particularly in Java and Python development. However, for this Senior Backend Developer position, I notice there could be more emphasis on your experience with microservices architecture and cloud technologies, which are key requirements for this role. I recommend highlighting specific projects where you utilized these technologies and quantifying your achievements to demonstrate impact... Upgrade to Plus ### Am I a good fit for this job? Understand your compatibility with this specific job opportunity. Our detailed analysis will assess your resume against the role's requirements, providing insights into your potential fit, key skill alignments, and areas you might need to develop to be a strong candidate. After assessing your resume against the job requirements, here's a summary of your fit: 1. Overall Match: Moderate Fit (Approx. 65-70%). Your resume shows good alignment with several core responsibilities for the Project Manager role, especially your experience in agile methodologies and stakeholder communication. 2. Key Strengths: Your PMP certification and proven track record in delivering projects on time are strong assets for this position. 3. Potential Gap: The role specifies experience with 'XYZ specific software', which is not explicitly mentioned in your resume. If you have this experience, ensure it's highlighted. 4. Recommendation: Consider adding a quantifiable achievement related to budget management, as this is often a key metric for PM roles... Upgrade to Plus ### Cover Letter Assistant Need help writing a compelling cover letter? Our system can analyze this job and your resume to help you draft personalized paragraphs that highlight your strengths and impress hiring managers. Let me help you draft a strong opening... Dear Hiring Manager, I am writing to express my keen interest in the Senior Marketing Manager position. My background in developing data-driven marketing strategies and leading successful product launches, as detailed in my resume, directly aligns with your need for a candidate capable of enhancing brand visibility and driving market share growth. I am confident I can make a significant contribution to your team... Upgrade to Plus ### AI Summary The AI Security Governance Architect role at Nestlé focuses on defining and operationalizing a cybersecurity control framework for AI, GenAI, and agentic AI use cases. The position involves working with security, architecture, and business teams to ensure AI initiatives are securely governed across their lifecycle. Key responsibilities include developing an AI security governance model aligned with frameworks like NIST AI RMF and ISO/IEC 42001, conducting risk assessments, designing practical controls, and integrating with existing security tools. The ideal candidate has 8+ years in cybersecurity with strong experience in security governance, architecture, and AI-specific risks such as prompt injection and data leakage. The role requires a hands-on approach to make the governance program executable rather than just producing policy documents. ### Role DNA Job Complexity Easy Hard AI Insight This role requires deep expertise in both cybersecurity and AI/GenAI risks, plus the ability to build operational governance frameworks at an enterprise scale, making it highly challenging. ### Salary Analysis Median Market Rate $175,000US Market $140k – 220k 0 $242k AI Insight The salary for this role is not explicitly provided, but based on market data for a senior AI security architect position in the US, the median is around $175,000. This reflects the high demand and specialized skill set required. ### Core Skills Required [AI Security](https://jobicy.com/jobs?search_keywords=AI+Security.md) [Governance](https://jobicy.com/jobs?search_keywords=Governance.md) [Risk Management](https://jobicy.com/jobs?search_keywords=Risk+Management.md) [GenAI](https://jobicy.com/jobs?search_keywords=GenAI.md) [LLM Security](https://jobicy.com/jobs?search_keywords=LLM+Security.md) [NIST AI RMF](https://jobicy.com/jobs?search_keywords=NIST+AI+RMF.md) [ISO/IEC 42001](https://jobicy.com/jobs?search_keywords=ISOIEC+42001.md) [Cybersecurity](https://jobicy.com/jobs?search_keywords=Cybersecurity.md) [Cloud Security](https://jobicy.com/jobs?search_keywords=Cloud+Security.md) [Security Architecture](https://jobicy.com/jobs?search_keywords=Security+Architecture.md) ### Cover Letter Sample I am writing to express my strong interest in the AI Security Governance Architect position at Nestlé. With over 10 years of cybersecurity experience, including deep expertise in AI/GenAI risk management and security governance, I am confident in my ability to help operationalize your AI security program. In my previous role at a global enterprise, I designed and implemented an AI governance framework aligned with NIST AI RMF and ISO/IEC 42001, covering risk classification, control mapping, and continuous monitoring. I have hands-on experience assessing LLM applications for prompt injection, data leakage, and supply chain vulnerabilities, and I have integrated governance processes with tools like SIEM, DLP, and GRC platforms. I understand that Nestlé needs a practitioner who can build executable controls, not just documentation. I am skilled at translating complex risks into practical requirements, architecture patterns, and KPI-driven oversight. I am eager to bring my technical depth and strategic mindset to your team to secure AI initiatives across the organization. Thank you for considering my application. I look forward to the opportunity to discuss how I can contribute to Nestlé's AI security governance program. Copy ### Sample Interview Questions Can you describe your experience with building an AI security governance framework from scratch? What steps did you take and what challenges did you face?In my previous role, I led the creation of an AI governance framework for a large financial institution. I started by conducting a risk inventory of all AI use cases, then mapped them to controls based on NIST AI RMF. Key challenges included gaining buy-in from business units and integrating with existing security tools. I overcame these by developing a clear risk classification model and demonstrating quick wins with pilot projects.How would you assess the security risks of a custom GenAI application that uses RAG?I would evaluate the data ingestion pipeline for sensitive data leakage, the retrieval mechanism for prompt injection risks, and the LLM output for insecure handling. I'd also review access controls, logging, and monitoring. For RAG specifically, I'd assess the vector database security and ensure that the model does not expose proprietary information.Explain how you would integrate AI governance controls with existing tools like SIEM and DLP.I would map control requirements to tool capabilities, such as using SIEM for logging and anomaly detection of AI model interactions, and DLP for monitoring data exfiltration via AI outputs. I'd define data fields and alerts in the SIEM for prompt injection attempts and configure DLP policies to block sensitive data from being sent to external AI services.What is your approach to handling exceptions and risk acceptance in an AI governance program?I would establish a formal exception process with a risk acceptance form that documents the control gap, business justification, compensating controls, and a remediation timeline. Exceptions would be reviewed by a risk committee and tracked in the AI registry. I'd also set up periodic reassessments to ensure that exceptions are not permanent.How do you stay current with evolving AI threats and regulatory requirements like the EU AI Act?I regularly follow industry publications like OWASP LLM Top 10, NIST updates, and regulatory guidance. I also participate in AI security forums and attend conferences. For the EU AI Act, I map requirements to our governance controls and adjust risk classifications accordingly. I also conduct quarterly reviews of our framework to incorporate new threats. Mission Support the client’s AI Security Governance Program by defining, operationalizing and continuously improving the cybersecurity control framework for AI, GenAI and agentic AI use cases. The role will work with security, architecture and business teams to ensure AI initiatives are registered, assessed, governed and secured across their lifecycle. The profile will act as the cybersecurity subject matter expert for AI governance, complementing the project manager and helping translate AI-related risks into practical controls, processes, requirements, evidences and decision criteria. Key Responsibilities 1. AI security governance framework Define and mature the security governance model for AI systems, including intake, registration, risk classification, control mapping, approvals, exceptions, monitoring and periodic reassessment. Align the governance model with recognized frameworks such as NIST AI RMF, NIST Generative AI Profile, ISO/IEC 42001, OWASP Top 10 for LLM Applications, and local relevant ruling as EU AI Act obligations where applicable. NIST’s GenAI Profile was released to help organizations manage unique generative AI risks; ISO/IEC 42001 provides a structured AI management system standard; OWASP tracks LLM-specific risks such as prompt injection, insecure output handling, data poisoning and supply-chain vulnerabilities. 2. AI use case risk assessment Assess AI and GenAI use cases from a cybersecurity perspective, covering: * Access control and identity context * Agentic AI permissions and tool execution * Logging, monitoring and incident response * Model exposure and misuse risk * Prompt injection and indirect prompt injection * Sensitive data leakage * Data classification and data residency * Model supply chain and third-party AI services * Human oversight and approval workflows * Security-by-design requirements for AI applications 3. Control design and operationalization Translate risks into practical security controls, including policies, technical requirements, architecture patterns, guardrails, evidence requirements, control owners and acceptance criteria. The role should be able to define what “good” looks like for different AI patterns: internal copilots, M365 Copilot, custom GenAI apps, RAG systems, AI agents, vendor AI features, ML models and low-code/no-code AI automations. 4. Tooling integration and control mapping Work with existing tools such as HiddenLayer, Sentra, Zenity and the AI registration/control tower process to ensure the governance model is not theoretical. Expected activities include: * Mapping tool capabilities to governance controls * Defining required data fields in the AI registry * Establishing dashboards and control evidence * Identifying gaps between tooling coverage and policy expectations * Supporting integration with GRC, CMDB, DLP, IAM, SIEM/SOC, cloud security and data governance processes 6. Deliverables Typical deliverables should include: * AI control framework * AI use case classification model * Security requirements for AI/GenAI projects * AI security architecture patterns * AI registry/control tower data model recommendations * Tooling-to-control mapping * Exception and risk acceptance process * KPI/KRI dashboard proposal * Security review templates * AI security awareness material for project teams * Roadmap for maturity improvement Requirements Must have: 8+ years in cybersecurity, with strong experience in security governance, security architecture, risk management or AppSec/CloudSec. Real understanding of AI/GenAI security risks, especially LLM application risks, prompt injection, data leakage, model supply chain, AI agent permissions, RAG security, model/API exposure and third-party AI usage. Ability to build governance that works operationally, not just policy documents. This is important: Nestlé likely does not need someone to explain that AI is risky; they need someone who can help make the program executable. Experience with enterprise control frameworks Excellent documentation and communication skills, with the ability to produce executive-ready material and technical control definitions. Strongly desirable: Experience with one or more of: * AI governance programs * AISPM Experience * GenAI application security reviews * M365 Copilot / enterprise copilots * AI agent governance * ML/LLM model risk management * Data Security Posture Management * Cloud security architecture * Secure SDLC / DevSecOps * Third-party AI vendor risk * GRC tooling and control evidence automation * SOC monitoring for AI-related threats Experience with tools such as HiddenLayer, Sentra, Zenity, Wiz, Microsoft Purview, Defender, CSPM/CWPP, DLP, SIEM/SOAR, cloud-native security tooling or GRC platforms would be valuable. Certifications / knowledge: Useful but not mandatory: * CISSP, CISM, CRISC or equivalent * Cloud security certifications: AWS, Azure, GCP, CCSP * AI governance / AI risk training * Privacy knowledge: GDPR, DPIA, data classification * Familiarity with EU AI Act requirements for deployers of high-risk AI systems, including governance, monitoring, human oversight and logging obligations where applicable. Benefits * Salary determined by the market and your experience 🤑 * Flexible schedule 35 Hours / Week 😎 * Fully remote work (optional) 🌍 * Flexible compensation (restaurant, transport, and childcare) ✌ * Fully free health insurance, with a co-payment for dental services 🚑 * Individual budget for training or equipment and free Microsoft certifications 📚 * English lessons 🗽 * Birthday day off 🌴🥳 * Monthly bonus for electricity and Internet expenses at home 💻 * Discount on gym plan and sports activities 🔝 * Plain Camp (annual team-building event) 🎪 * Extra perks: events attendance and speakers, welcome pack, baby basket, Christmas basket, discount portal for employees ➕ The pleasure of always working with the latest technological tools! Will you let us know you better? The selection process: Simple, just 3 steps. * Phone screen * 2 interviews with the team 🤘 What is Plain Concepts? Plain Concepts is a global company of over 500 people passionate about technology and innovation. Since our founding, we have grown through technical proficiency and confidence in ideas that others might consider risky, creating custom solutions for our clients. With offices in more than 6 countries, our mission is to continue to drive cuttingedge projects around the world. We are highly committed to technical excellence. We are known for developing highly customized projects, offering specialized technical consultancy and training. Thanks to the great work of our technicians, we have been recognized for our ability to lead innovative projects that generate value, from artificial intelligence to blockchain, driving solutions that help companies optimize their performance. What we do at Plain Concepts? We pride ourselves on being a 100% technical team, dedicated to crafting custom projects from scratch, offering expert technical consultancy, and providing top-tier training. * Our approach goes beyond traditional outsourcing; we focus on creating value together with our clients. * Our teams are diverse and multidisciplinary, operating in a flat, collaborative structure. * We live and breathe AGILE principles, ensuring flexibility and efficiency in everything we do. * Knowledge-sharing is at our core: from supporting each other internally to contributing to the broader tech community through conferences, events, and talks. * Innovation drives us — even the boldest ideas are welcome here. * Transparency underpins all our relationships, fostering trust and long-term partnerships. Want to learn more? Check out our website! ➡ [https://www.plainconcepts.com/](https://www.plainconcepts.com/) At Plain Concepts, we certainly seek to provide equal opportunities. We want diverse applicants regardless of race, colour, gender, religion, national origin, citizenship, disability, age, sexual orientation, or any other characteristic protected by law. Show more [Apply now >](https://jobicy.com/jobs/144138-ai-security-governance-architect.md) > Annual salary information is not provided for this position. Explore salary ranges for similar roles in our [Salary Directory ›](https://jobicy.com/salaries.md) * ![Upload CV](data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSI2NSIgaGVpZ2h0PSI2NSIgZmlsbD0ibm9uZSIgeG1sbnM6dj0iaHR0cHM6Ly92ZWN0YS5pby9uYW5vIj48ZyBjbGlwLXBhdGg9InVybCgjQSkiPjxwYXRoIGQ9Ik0wIDBINjVWNjVIMFYwWiIgZmlsbD0iIzAyOWFlYiIvPjxnIGZpbGw9IiNmZmYiIHN0cm9rZT0iI2ZmZiIgc3Ryb2tlLXdpZHRoPSIyIj48cGF0aCBkPSJNMzMuMDQ5IDE1LjQ1NGExLjQzIDEuNDMgMCAwIDAtMi4wOTcgMGwtNy41NzkgOC4xNDdhMS4zOCAxLjM4IDAgMCAwIC4wOSAxLjk3MyAxLjQ0IDEuNDQgMCAwIDAgMi4wMDgtLjA4OGw1LjEwOS01LjQ5MnYyMC42MWExLjQxIDEuNDEgMCAwIDAgMS40MjEgMS4zOTdjLjc4NSAwIDEuNDIxLS42MjUgMS40MjEtMS4zOTd2LTIwLjYxbDUuMTA5IDUuNDkyYTEuNDQgMS40NCAwIDAgMCAyLjAwOC4wODggMS4zOCAxLjM4IDAgMCAwIC4wOS0xLjk3M2wtNy41NzktOC4xNDZ6TTE2Ljc2OSAzOC40YzAtLjc3My0uNjItMS40LTEuMzg1LTEuNFMxNCAzNy42MjcgMTQgMzguNHYuMTAybC4yMTUgNi4yMjljLjIyMyAxLjY4LjcwMSAzLjA5NSAxLjgxMyA0LjIxOHMyLjUxIDEuNjA3IDQuMTcyIDEuODMzYzEuNi4yMTggMy42MzYuMjE4IDYuMTYuMjE4aDExLjI4bDYuMTYtLjIxOGMxLjY2Mi0uMjI2IDMuMDYxLS43MDkgNC4xNzItMS44MzNzMS41ODktMi41MzggMS44MTMtNC4yMThDNTAgNDMuMTEzIDUwIDQxLjA1NSA1MCAzOC41MDNWMzguNGMwLS43NzMtLjYyLTEuNC0xLjM4NS0xLjRzLTEuMzg1LjYyNy0xLjM4NSAxLjRsLS4xOSA1Ljk1OGMtLjE4MiAxLjM3LS41MTUgMi4wOTUtMS4wMjYgMi42MTJzLTEuMjI4Ljg1My0yLjU4MyAxLjAzOGMtMS4zOTUuMTktMy4yNDMuMTkzLTUuODkzLjE5M0gyNi40NjJjLTIuNjUgMC00LjQ5OC0uMDAzLTUuODkzLS4xOTMtMS4zNTUtLjE4NC0yLjA3Mi0uNTIxLTIuNTgzLTEuMDM4cy0uODQ0LTEuMjQyLTEuMDI2LTIuNjEyYy0uMTg3LTEuNDEtLjE5MS0zLjI3OS0uMTkxLTUuOTU4eiIvPjwvZz48L2c+PGRlZnM+PGNsaXBQYXRoIGlkPSJBIj48cGF0aCBmaWxsPSIjZmZmIiBkPSJNMCAwaDY1djY1SDB6Ii8+PC9jbGlwUGF0aD48L2RlZnM+PC9zdmc+) ### Upload your resume now To unlock remote work opportunities and be discovered by global employers. This job listing has been manually reviewed by the Jobicy Trust & Safety Team for compliance with our posting guidelines, including verification of the company's legitimacy, accuracy of job details, clarity of remote work policy, and absence of misleading or fraudulent content. ## How to apply ## See a few more Similar Legal & Compliance remote jobs * ![Remote logo](https://jobicy.com/data/server-nyc0409/galaxy/mercury/2025/06/63a88d3a-221-1.png) Remote [Lifecycle Specialist, Contract Management – LATAM](https://jobicy.com/jobs/142067-lifecycle-specialist-contract-management-latam.md) About RemoteRemote is solving modern organizations’ biggest challenge – navigating global employment compliantly with ease. We make it possible for businesses of all sizes to recruit, pay, and manage international… ![LATAM flag](https://cloud.jobicy.com/nyc4-cold/img/round-flags/latam.svg) LATAM•Full TimeUSD 29,750-67k/year* ![DoorDash logo](https://jobicy.com/data/server-nyc0409/galaxy/mercury/2025/06/82fc4967-221-1.jpeg) DoorDash [Manager, Product Compliance – Money Products](https://jobicy.com/jobs/142748-manager-product-compliance-money-products.md) About the TeamDoorDash’s Legal Team has built a reputation within the company for our highly collaborative and supportive approach to counseling, always with a bias for action. The team consists… ![USA flag](https://cloud.jobicy.com/nyc4-cold/img/round-flags/us.svg) US•Full TimeUSD 156,400-230k/year* ![Five9 logo](https://jobicy.com/data/server-nyc0409/galaxy/mercury/2025/08/7c3d754e-221.png) Five9 [Senior Corporate Counsel – Legal Transactions](https://jobicy.com/jobs/142764-senior-corporate-counsel-legal-transactions.md) Join us in bringing joy to customer experience. Five9 is a leading provider of cloud contact center software, bringing the power of cloud innovation to customers worldwide. Living our values… ![USA flag](https://cloud.jobicy.com/nyc4-cold/img/round-flags/us.svg) US•Full TimeUSD 95,600-265,900/year* ![Mercury logo](https://jobicy.com/data/server-nyc0409/galaxy/mercury/2023/11/dfb1112a-221.jpeg) Mercury [Senior Privacy Program Manager](https://jobicy.com/jobs/144692-senior-privacy-program-manager.md) In 1890, Samuel Warren and Louis Brandeis published an article called “The Right to Privacy” in the Harvard Law Review. They weren’t responding to a court ruling or a piece… ![USA flag](https://cloud.jobicy.com/nyc4-cold/img/round-flags/us.svg) ![Canada flag](https://cloud.jobicy.com/nyc4-cold/img/round-flags/ca.svg) US, CA•Full TimeUSD 167,400-232,400/year* ![Ecolab logo](https://jobicy.com/data/server-nyc0409/galaxy/mercury/2025/06/9508514f-221.jpeg) Ecolab [Brand Protection Advisor II – EcoSure](https://jobicy.com/jobs/142392-brand-protection-advisor-ii-ecosure.md) Ecolab is seeking a Brand Protection Advisor to join its EcoSure division, an industry leader in brand protection programs, to drive operational excellence and help our clients grow their business. Our associates… ![UK flag](https://cloud.jobicy.com/nyc4-cold/img/round-flags/gb.svg) GB•Full TimeJun 25* ![Wpromote logo](https://jobicy.com/data/server-nyc0409/galaxy/mercury/2021/08/e1003ec6a2d34525775d0bc7912ced79.jpg) Wpromote [Commercial Counsel](https://jobicy.com/jobs/142762-commercial-counsel-2.md) The RoleAs Commercial Counsel at Wpromote, you will join the Legal team that is a strategic partner to the business, operating at the intersection of cutting‑edge technology and go‑to‑market execution…. ![USA flag](https://cloud.jobicy.com/nyc4-cold/img/round-flags/us.svg) US•Full TimeUSD 130k-150k/year* ![HackerOne logo](https://jobicy.com/data/server-nyc0409/galaxy/mercury/2025/06/8937d355-221.png) HackerOne [Privacy Counsel](https://jobicy.com/jobs/144721-privacy-counsel.md) HackerOne is a global leader in Continuous Threat Exposure Management (CTEM). The HackerOne Platform unites agentic AI solutions with the ingenuity of the world’s largest community of security researchers to… ![UK flag](https://cloud.jobicy.com/nyc4-cold/img/round-flags/gb.svg) GB•Full TimeUSD 90k-110k/year* ![Remote logo](https://jobicy.com/data/server-nyc0409/galaxy/mercury/2025/06/63a88d3a-221-1.png) Remote [Manager, Lifecycle Contract Management – APAC](https://jobicy.com/jobs/147713-manager-lifecycle-contract-management-apac.md) About Remote Remote is solving modern organizations’ biggest challenge – navigating global employment compliantly with ease. We make it possible for businesses of all sizes to recruit, pay, and manage… ![APAC flag](https://cloud.jobicy.com/nyc4-cold/img/round-flags/apac.svg) APAC•Full TimeUSD 48,850-110k/year* ![Axiom logo](https://jobicy.com/data/server-nyc0409/galaxy/mercury/2025/08/1c48ca0c-221.jpeg) Axiom [Compliance Consultant – Financial Crime Compliance Manager (Anti-bribery, AML, Sanctions)](https://jobicy.com/jobs/147712-compliance-consultant-financial-crime-compliance-manager-anti-bribery-aml-sanctions.md) We are currently seeking a Compliance Consultant with Financial Crime compliance experience (AML, FCC, Sanctions) to provide long-term support to our Fortune 500 client:Responsibilities: Review incoming compliance cases and questions… ![APAC flag](https://cloud.jobicy.com/nyc4-cold/img/round-flags/apac.svg) ![Singapore flag](https://cloud.jobicy.com/nyc4-cold/img/round-flags/sg.svg) APAC, SG•Full TimeJun 25* ![Axiom logo](https://jobicy.com/data/server-nyc0409/galaxy/mercury/2025/08/1c48ca0c-221.jpeg) Axiom [Legal Consultant – Technology / Commercial contract / Financial Regulatory / Financial Services](https://jobicy.com/jobs/147711-legal-consultant-technology-commercial-contract-financial-regulatory-financial-services.md) We are currently seeking junior Legal Consultant with Technology/ Commercial contract / Banking/ Regulatory experience to join our bench and provide support to our global financial service client:Responsibilities: Provide legal advice and… ![APAC flag](https://cloud.jobicy.com/nyc4-cold/img/round-flags/apac.svg) ![Hong Kong flag](https://cloud.jobicy.com/nyc4-cold/img/round-flags/hk.svg) APAC, HK•Full TimeJun 25 [More Jobs](https://jobicy.com/jobs.md)