Note: The job is a remote job and is open to candidates in USA. Mindlance is a leading company in the hospitality sector, focused on enhancing digital security. They are seeking a Director of AI Security Automation Engineering to standardize and automate security review processes for AI systems, ensuring efficient and scalable operations.
Responsibilities
- Design and operationalize review archetype templates for AI deployment patterns — including agentic AI, conversational AI platforms, IoT AI, contact center AI, and enterprise SaaS AI — each with distinct control mapping surfaces
- Develop deployment-paradigm-specific intake questionnaires (SaaS, On-Premises, Managed Service, Hybrid, Multi-Cloud, Integrated API) that auto-route to control checklists
- Define review complexity weighting models with cycle time targets
- Establish acceptance criteria and measurable throughput metrics — cycle time, queue depth, completion rate, and rework rate — and own the operational dashboards that track them
- Architect and deliver LLM-powered security assessment capabilities including threat model draft generation from architecture descriptions, automated control-to-architecture mapping, risk recommendation engines, and cross-review pattern recognition
- Design automated intake and triage pipelines with intent classification, complexity scoring, archetype detection, and priority assignment integrated with workflow platform APIs
- Build and maintain a security pattern graph ontology — a labeled property graph connecting patterns, controls, components, threats, standards, deployment paradigms, risk dimensions, and impact tiers into a queryable knowledge graph
- Implement graph-based tooling for gap analysis traversals from risk dimensions to unaddressed controls, tier compliance queries across AI risk classifications, and cross-pattern coverage analysis
- Build repeatable control mapping patterns linking security controls to review findings and AI risk dimensions to review requirements
- Develop OSCAL-aligned evidence packaging pipelines that machine-readably connect review findings to control attestations for compliance reporting
- Map and optimize the full security review governance pipeline — from intake through architecture review board to production authorization — with AI-specific fast-track criteria
- Drive process alignment with EU AI Act obligations including risk classification, risk management documentation, and quality management system traceability
- Coordinate with platform engineering teams on review intake automation, authorization lifecycle integration, and evidence collection API contracts
- Coordinate with assurance and risk teams on risk scoring and independent verification handoff criteria
- Produce pipeline health metrics feeding into security telemetry and observability systems
Skills
- Education: Master's or Ph.D. in Computer Science, Cybersecurity, Information Systems, or a related STEM field, or commensurate experience in role
- 10 years designing, building, and operating complex data models, knowledge graphs, or system architectures — particularly in domains requiring structured reasoning over large rule sets, policy frameworks, or compliance taxonomies
- 2 years in cybersecurity, security architecture, or security risk management with hands-on exposure to security assessments, threat modeling, control mapping, or risk analysis in enterprise or regulated environments
- Demonstrated experience applying AI/ML to automate security, compliance, or GRC workflows at enterprise scale — not just using AI tools, but building them
- Track record of process transformation: converting manual, unscalable review processes into repeatable, metrics-driven, AI-assisted operations with measurable throughput improvements
- Experience with knowledge graph architectures, ontology design, or graph-based reasoning applied to compliance, risk, security, or regulatory domains
- Proven experience delivering production-grade automation systems in enterprise environments
- Strong communication and interpersonal skills, with the ability to brief senior executives on pipeline metrics, present threat models to architecture review boards, and coordinate across security, privacy, engineering, and product teams
- Deep understanding of AI system architectures: large language models, agent frameworks, retrieval-augmented generation pipelines, Model Context Protocol (MCP), embeddings, vector stores, and multi-agent orchestration patterns
- Experience with graph databases and knowledge representation - Neo4j, KuzuDB, NetworkX, openCypher, GraphML - for building queryable control, risk, and pattern ontologies
- Familiarity with labeled property graph modeling, faceted ontology design, and graph learning techniques for pattern recognition across structured security data
- Proficiency in Go and Python for building production-grade automation tooling, graph export engines, API integrations, and data pipelines
- Experience with AI/ML frameworks for security automation: PydanticAI, LangChain, or similar agent frameworks; foundation model APIs (Claude via Bedrock, GPT via Azure OpenAI, or equivalent)
- Experience with security review frameworks and controls: NIST AI RMF, ISO 42001, NIST CSF, OSCAL, OWASP LLM Top 10, OWASP Agentic Top 10, and MITRE ATLAS
- Experience with ServiceNow, Jira, or similar workflow platforms and their APIs for end-to-end process automation
- Familiarity with secure DevOps/MLOps pipelines, CI/CD security gates, infrastructure-as-code for AI systems, and OSCAL evidence schemas
- Proficiency in security protocols, encryption methods, and vulnerability assessment tools
Company Overview
Company H1B Sponsorship