• Design and implement security solutions to enable customers to securely deploy and govern Claude Enterprise • Assess existing security, identity, data, cloud and SaaS architectures and advise on best-in-class solutions for securing enterprise AI tooling across customers in a wide range of industries • Conduct comprehensive evaluations of AI tools (e.g. Claude, Claude Enterprise), platform configurations, data access patterns, connector usage, security controls, processes and personnel to deliver informed recommendations leveraging your expertise in security engineering and AI governance • Design and implement security controls for enterprise AI platforms, including SSO, SCIM, RBAC, MFA, conditional access, admin roles, user lifecycle management, retention policies, audit logging, workspace controls, DLP, and acceptable-use enforcement • Assess and govern AI platform features such as file uploads, custom assistants, projects, GPTs, connectors, browsing, code execution, data analysis, plugins, agents, API access, and external sharing • Review and secure AI integrations with enterprise repositories and collaboration platforms, including Google Drive, SharePoint, OneDrive, Slack, Teams, GitHub, GitLab, Jira, Confluence, Salesforce, Snowflake, Databricks, and BI platforms • Manage and lead end-to-end AI Security Implementation efforts as part of a project team; including activities such as identity integration, access control design, data protection controls, AI platform configurations, connector governance, monitoring / logging and incident response workflows

• Be partially responsible for the underlying cryptography across our products. • Help build cryptographic libraries and implement the latest algorithms directly into our client applications with security, performance and usability in mind. • Develop proof-of-concepts and implement new industry specifications into code. • Conduct code and design reviews to ensure good cryptographic hygiene and standards across our codebase.

• Define and execute a Firm-wide cybersecurity strategy aligned with NIST CSF, NIST AI RMF 1.0, ISO 27001, and SOC 2 frameworks • Own and continuously mature the Firm's Information Security Management System (ISMS) • Lead ISO 27001 gap analysis and establish a roadmap toward certification • Develop, maintain, and enforce security policies, standards, procedures, and governance structures • Define and track key risk indicators (KRIs), metrics, and reporting frameworks • Serve as the Firm's executive owner of AI security and governance • Design and implement a scalable AI governance framework, including acceptable use standards, risk-tiering criteria, and data handling controls • Own the Firm's vendor risk management program, including intake, risk-tiering, assessment, and continuous monitoring • Own the Firm's SOC 2 Type II program, including control maintenance, evidence collection, and auditor engagement • Provide executive oversight of security architecture across Microsoft 365 and Azure

• Continuously monitor Claude and ChatGPT product roadmaps, release notes, and vendor communications to anticipate platform changes before they land • Translate upcoming features into proactive configuration, policy, and enablement decisions not reactive scrambles • Maintain active relationships with Anthropic and OpenAI account teams; flag ToS updates, data processing agreement changes, and acceptable use policy shifts before they become surprises • Provide expert-level administration of AI console environments across both platforms • Manage Claude and ChatGPT organizational settings files using Git, version-controlled, reviewed, and deployed like the infrastructure they are • Own API key lifecycle management and secrets hygiene for all AI integrations • Manage SSO/SCIM provisioning for AI platforms; ensure access is tight, auditable, and clean • Develop token tracking and financial dashboards so leadership actually knows what AI costs us by team, by use case, by month • Build anomaly detection on AI spend; if something spikes, you catch it before accounting does • Produce regular usage trend reports and ROI framing for leadership that goes beyond "we use AI a lot" • Build and maintain internal MCP servers that extend AI capabilities into our workflows securely • Be the in-house subject matter expert on agentic AI builds such as architecture, risk, failure modes, and the parts that go sideways in ways no one anticipated • Write code. Python and/or TypeScript. AI-augmented is fine (encouraged, even), but you need to own what ships • Identify and mitigate prompt injection risks in internal AI-powered tools • Ensure no sensitive or regulated data (PII, PCI, PHI) flows into AI prompts. Architect the guardrails, not just the policy • Maintain awareness of AI-specific incident response options; when something goes wrong with an AI integration, you're in the room • Serve as IT Engineering's primary liaison to the AI Adoption Committee bringing operational grounding to adoption decisions • Participate actively in the AI Working Group; connect platform capabilities to how the company actually uses them • Partner closely with the Governance & Trust team, who leads AI policy and governance. Your job is to be their technical counterpart by implementing, informing, and flagging issues, not owning the policy itself