AI Security Governance Architect

About Plain Concepts: Plain Concepts is an innovative, global technology consultancy of over 500 tech enthusiasts operating across 6 countries. Devoted to technical excellence and custom product architecture, we operate via flat, multidisciplinary teams built around high-agency agile principles. We deliver cutting-edge engineering solutions spanning Artificial Intelligence, Cloud Security platforms, and secure data ecosystems from scratch.

Role Mission

We are seeking an execution-driven AI Security Governance Architect to support our client’s critical AI Security Governance Program. This is not a theoretical or purely policy-focused administrative position; you will actively define, operationalize, and continuously improve the concrete cybersecurity control frameworks protecting AI, GenAI, and autonomous agentic AI use cases. Acting as the ultimate subject matter expert, you will translate AI risk surfaces into practical controls, auditable evidences, and operational decision criteria across the full application lifecycle.

Key Responsibilities

• AI Security Governance Model: Mature the end-to-end security governance model for AI systems—covering intake workflows, mandatory registry data models, risk classification vectors, and periodic security reassessments.
• Regulatory & Framework Alignment: Harmonize internal architectures with international standards including the NIST AI RMF, NIST Generative AI Profile, ISO/IEC 42001, and OWASP Top 10 for LLM Applications (mitigating prompt injections, data poisoning, and insecure outputs), while securing compliance with EU AI Act deployer obligations.
• Use Case Risk Assessment: Audit GenAI deployments across critical security surfaces: agentic permissions, identity contexts, prompt injection vectors, sensitive data leakage risks, third-party model supply chains, and data residency rules.
• Control Operationalization: Define what "good" looks like by architecting practical controls, guardrails, and secure patterns for M365 Copilot, custom RAG frameworks, autonomous agents, and low-code AI automations.
• Tooling Integration: Partner with cross-functional teams to map governance controls directly into advanced security platforms like HiddenLayer, Sentra, Zenity, Wiz, or Microsoft Purview, establishing live threat dashboards and automated GRC evidence collection.

Required Skills & Qualifications

• 8+ years of progressive professional experience in Cybersecurity, with a background spanning security governance, application security (AppSec), cloud security architecture, or enterprise risk management.
• Deep, actionable understanding of technical AI/GenAI security risks, including LLM vulnerability patterns, RAG pipeline injection points, and third-party API exposure surfaces.
• Proven capability to construct highly functional, executable governance systems rather than just static text documentation.
• Excellent documentation and engineering communication mechanics, capable of producing executive-ready material and granular control templates.
• Familiarity with enterprise data privacy parameters (GDPR compliance rules, Data Protection Impact Assessments - DPIAs, and strict data classification).
• Location Constraint: Fully remote setup, but candidates must be explicitly authorized to support operations and field requirements from Spain.

Strongly Desired Assets (Nice to Have)

• Direct experience managing AI Security Posture Management (AISPM) or Data Security Posture Management (DSPM) programs.
• Active industry certifications: CISSP, CISM, CRISC, or cloud-native architecture credentials (AWS, Azure, GCP, CCSP).

What We Offer

• Competitive base salary determined by market rates and your validated experience.
• Flexible work schedule matching a highly balanced 35 hours per week framework.
• 100% remote working flexibility options based in Spain.
• Flexible compensation configurations (subsidized restaurants, public transport, and childcare allowances).
• Fully free private health insurance coverage (with a slight co-payment structure for dental services).
• Individual personal budget for training, advanced tech equipment, and free formal Microsoft certifications.
• Company-sponsored English lessons and dedicated birthday day off.
• Monthly financial stipend bonuses to cover remote home electricity and internet utility expenses.
• Discounted access to national gym plans and sports activities.
• Attendance at "Plain Camp" (our signature annual corporate team-building event) and premium welcome packages.