FreeHire

Indicium

Security & Compliance Lead | AI Transformation

Show

About Indicium AI

Indicium AI is trusted by the world's leading enterprises to deliver AI into production at scale. We are a global, AI-native consultancy with deep expertise across Financial Services, Energy & Utilities, Healthcare & Life Sciences, Retail & CPG, and Manufacturing - guiding organizations from strategy through build to measurable business outcomes. With 600+ AI experts, 50+ enterprise clients, and five global locations, we work side-by-side with the world's leading AI partners - including Anthropic, Databricks, AWS, OpenAI, and Microsoft - to deliver modern AI with speed, clarity, and lasting impact.

As a global company, we offer career opportunities across Europe and the Americas and are looking for talent eager to grow globally with our team. Please indicate in your application if you are available to work abroad and if you hold a European passport.

About the Opportunity

The Security & Compliance Lead — AI Transformation is the senior professional responsible for ensuring that generative and agentic AI initiatives are deployed in regulated financial environments with the same technical rigor and governance required of any critical organization system. They integrate the AI Transformation Office (AITO) and act as the senior counterpart to the client's security and compliance team, being recognized by the CISO, DPO, and risk departments as a technical peer.

Their role combines mastery of security architecture — identity, encryption, data isolation, and access controls — with fluency in the language of regulatory governance: BACEN, LGPD, internal policies, and audit trails. They transform the well-founded cautions of risk departments into concrete, auditable guardrails, ensuring that AI implementation occurs under a rigorous framework of governance, asset protection, and total operational visibility.

Key Responsibilities

Data Perimeter & Infrastructure Security

  • Define how sensitive data flows through the AI platform: where inference happens, what can and cannot leave the client's security perimeter, and which data assets are within the scope of each use case;

  • Design and implement access control policies by persona, role, and use case, integrated with the client's existing identity infrastructure (IAM, PAM, SSO);

  • Establish isolation boundaries between AI workloads, ensuring no cross-contamination occurs between use cases or user groups;

  • Connect the AI platform's security posture to the client's existing SecOps practices, with full integration;

  • Define encryption standards for data at rest and in transit within AI pipelines, aligned with the cryptographic policies already adopted by the client.

AI Guardrails & Threat Mitigation

  • Design and implement technical guardrails that prevent data leakage, prompt injection, unauthorized model access, and ungoverned AI use across the organization;

  • Build and sustain the core argument with the client's security team: implementing AI under a corporate governance framework ensures the application of rigorous technical controls, continuous monitoring, and proactive mitigation of systemic risks;

  • Define detection and response mechanisms for AI-specific threats, including prompt injection attempts, model abuse, and data exfiltration through AI interfaces;

  • Establish a shadow AI inventory process to map uncontrolled AI usage and bring it into a governed framework;

  • Define and enforce policies for approved AI tools, APIs, and data sources, with clear criteria for what is permitted, restricted, or prohibited per user profile.

Regulatory Compliance & Auditing

  • Ensure adherence to LGPD, BACEN regulations, and applicable international frameworks (ISO 27001, SOC 2, or equivalents) within the context of the client's AI initiatives;

  • Define retention, minimization, and processing policies for all data generated or processed by AI, including model inputs, outputs, and intermediate artifacts;

  • Set up the audit trail infrastructure to support internal and external audit requirements — each AI decision cycle must produce traceable, timestamped, and tamper-proof evidence;

  • Translate into auditable reality the principle that each project cycle delivers measurable results without multiplying risks;

  • Produce compliance documentation, security assessments, and risk reports in formats that meet the requirements of internal audits, the DPO, and the client's external regulators.

Governance Process Speed & Risk Mitigation

  • Design and operate the review and approval process for new AI use cases in a way that accelerates deliveries;

  • Define kill switch mechanisms and rollback procedures for each AI use case, giving the client's risk team the confidence that any deployment can be reversed quickly and cleanly;

  • Work with project managers and AI architects to embed security requirements into the design phase of each use case, eliminating late-stage blockers;

  • Act as an internal advocate for security-by-design within the AITO, ensuring that risk considerations are addressed before implementation, not after;

  • Build and maintain a security playbook for AI use cases to standardize the review process and reduce decision latency for recurring patterns.



Preferred Qualifications & Experience

  • Consolidated experience in information security, compliance, or risk management in regulated environments — preferably financial services;

  • Proven track record of direct engagement with CISOs, DPOs, CROs, and internal/external audit functions in enterprise clients;

  • Fluency in technical security language (architecture, encryption, identity, network isolation) and governance language (regulatory frameworks, audit trails, risk registers, policy documentation);

  • Hands-on experience with security architecture for cloud data platforms or AI/ML systems;

  • Deep knowledge of LGPD and BACEN regulations applicable to financial institutions deploying AI;

  • Advanced experience with cloud security services, with proficiency in AWS, including network isolation (VPC, private endpoints), segmentation, centralized logging, CSPM, and cloud-native identity management (AWS IAM);

  • Experience with the architecture and deployment of AI/ML solutions in the cloud, understanding the technical components of platforms such as Amazon Bedrock, including LLM deployment, API integration, and model access controls;

  • Ability to review and challenge architectural decisions of cloud data and AI pipelines, acting as a technical reviewer;

  • Experience in designing and operating security review processes that balance rigor with delivery speed;

  • Demonstrated ability to align security and risk expectations through technical evidence and solid technical rationale;

  • Advanced/fluent English.

Nice to haves

  • Experience as a CISO, Deputy CISO, or Head of Information Security in a financial institution or fintech;

  • CISSP, CISM, CCSP, or equivalent certifications;

  • Cloud security certifications (AWS Certified Security - Specialty or equivalent);

  • Postgraduate degree in Information Security, Computer Science, Technology Law, or a related field.

Why Indicium AI

  • Work on AI projects that actually transform the world's largest enterprises

  • Use cutting-edge AI tools and technologies every single day

  • Collaborate with global teams on high-impact, real-world solutions

  • Be backed by a supportive team that's genuinely in your corner

  • Benefit from serious investment in your learning and career growth

  • Earn competitive compensation and benefits

  • Enjoy company events and gatherings that bring the global team together

  • Join a fast-growing company where ambitious careers thrive

Selection Process Stages

  1. Interview with Talent Acquisition

  2. Technical Challenge

  3. Interview with Technical Management

  4. Evidence Storage

As part of our commitment to Information Security and in compliance with the requirements of the ISO 27001 standard (item 7.2, clause d), we would like to inform you that in future stages of the selection process, you will be required to provide proof of the skills and qualifications mentioned in your resume (such as diplomas and certificates). This verification is mandatory and essential to ensure compliance with our governance standards prior to hiring.

Some of the benefits offered by Indicium:

Professional Development

  • Structured career path

  • 100% subsidized certifications

  • Weekly English classes

  • Technical mentorship program (sponsorship)

  • Participation in real Generative AI projects

  • Opportunity to serve as an instructor at Indicium Academy (extra compensation)

Environment and Culture

  • Data-driven culture

  • Autonomy and a high level of trust

  • Collaborative and technical environment

  • Modern management and feedback structure

  • Accelerated company growth

Other Benefits

  • Employee referral program with bonuses

  • Budget for training and events

  • Flexible hours

  • Partial remote work

Similar jobs

Indicium RemoteLATAMLead
4 days ago

Senior AI Engineer Tech Lead

Indicium RemoteLATAMMiddle
4 days ago

Mid-level AI Engineer

Indicium RemoteLATAMMiddle
5 days ago

Mid-Level Analytics Engineer

엘리스 Contract
5 days ago

프로덕트 매니저

엘리스 Contract
5 days ago

AI Engineer (Platform)

엘리스 Contract
5 days ago

K12 콘텐츠 제작자