Privacy and Security Technical Assurance Lead, RCI
- linkCopy link
- emailEmail a friend
Minimum qualifications:
- Bachelor's degree in Computer Science, Cybersecurity, Engineering, or equivalent practical experience.
- 7 years of experience in cybersecurity, technical assurance, IT audit, penetration testing, or working within a second line of defense risk management function.
- Experience with enterprise-wide/cross-functional technical project planning and execution, including partnering with legal, policy, or compliance teams.
- Experience designing and executing security control testing methodologies and risk assessments for software, infrastructure, or AI/ML systems.
- Experience with cybersecurity adjacent regulations (e.g., EU Digital Services Act, EU AI Act, NIS2, DORA).
Preferred qualifications:
- Advanced degree in Computer Science, Cybersecurity, Artificial Intelligence, or a related field.
- Professional AI security or audit certifications such as CISSP, CISA, CISM, AIGP, AAIA, ISO 27001/42001 Lead Auditor or equivalent technical certifications.
- Experience working within a technology company or "Big Tech" ecosystem, navigating complex, hyper-scale infrastructure and distributed risk environments.
- Proven experience operating in a second line of defense role, including providing separate tests, control testing, and oversight to first-line business and engineering teams.
- Deep technical understanding of AI/ML specific vulnerabilities (e.g., adversarial attacks, training data extraction, prompt injection).
About the job
The Risk, Compliance and Integrity organization (RCI) brings together critical compliance, assurance, risk, and governance functions across the company to help meet compliance needs and enable our businesses to innovate securely. Operating as a critical second line of defense, we manage our operations through risk-based prioritization, independent technical validation, oversight, and consistent engagement with product engineering and legal counsel.
In this role, you will drive key AI Security assurance testing programs. You will require a deep understanding of AI/ML architectures, offensive security testing methodologies, and threat modeling, coupled with the ability to independently test existing and emerging cybersecurity and AI controls. As a second-line leader, you will need the ability to collaborate effectively across the engineering organization, provide constructive challenges, and influence at all levels. You will have a bias toward action, exceptional communication skills, and a track record of building and managing robust, independent security testing programs.
In addition to a deep technical security foundation, you will require exceptional program management capabilities, and demonstrated ability to track, report on, and effectively manage complex technical assurance initiatives from inception to completion, which includes defining clear testing objectives, establishing metrics, monitoring the first line's remediation progress, and ensuring timely and accurate reporting to engineering stakeholders and risk committees.
Individual pay is determined by factors including job-related skills, experience, and relevant education or training.
Ireland: €112000 - €115000 (EUR) + 15% bonus target + equity + benefits
Learn more about benefits at Google.
Responsibilities
- Provide separate oversight and issues as a critical second line of defense function, establishing and maintaining technical assurance testing frameworks for AI/ML and traditional security ecosystems.
- Lead cross-functional security testing initiatives (such as AI red teaming and architecture reviews) and conduct in-depth assessments to proactively identify complex vulnerabilities like prompt injection or data poisoning.
- Lead AI security by effectively communicating testing results, control deficiencies, and mitigation strategies to technical leadership, legal counsel, and executive stakeholders.
- Translate testing insights into actionable engineering recommendations and partner with first-line research and product teams to continuously optimize privacy and security strategies for Generative AI and traditional ML models.
- Collaborate with the Legal department to evaluate the compliance implications of identified AI privacy and security risks, ensuring all assurance efforts align with internal policies and evolving global AI regulations.
Information collected and processed as part of your Google Careers profile, and any job applications you choose to submit is subject to Google's Applicant and Candidate Privacy Policy.
Google is proud to be an equal opportunity and affirmative action employer. We are committed to building a workforce that is representative of the users we serve, creating a culture of belonging, and providing an equal employment opportunity regardless of race, creed, color, religion, gender, sexual orientation, gender identity/expression, national origin, disability, age, genetic information, veteran status, marital status, pregnancy or related condition (including breastfeeding), expecting or parents-to-be, criminal histories consistent with legal requirements, or any other basis protected by law. See also Google's EEO Policy, Know your rights: workplace discrimination is illegal, Belonging at Google, and How we hire.
If you have a need that requires accommodation, please let us know by completing our Accommodations for Applicants form.
Google is a global company and, in order to facilitate efficient collaboration and communication globally, English proficiency is a requirement for all roles unless stated otherwise in the job posting.
To all recruitment agencies: Google does not accept agency resumes. Please do not forward resumes to our jobs alias, Google employees, or any other organization location. Google is not responsible for any fees related to unsolicited resumes.
Equity is granted exclusively and discretionarily by Alphabet Inc. on the basis of an agreement concluded between you and Alphabet Inc. Alphabet Inc. is your sole contractual partner with respect to equity grants. GSU grants are not guaranteed, are discretionary, are subject to approval by the Alphabet Inc. board of directors or its delegate, the terms of the relevant Alphabet Inc. stock plan, and your grant agreement. They have no impact on statutory payments. Current or past grants do not confer an acquired right.