[Hiring] Cyber & AI Risk Specialist @EZCORP

Role Description

The Cyber & AI Risk Specialist is a dual-focus role within EZCORP’s CISO organization — part governance contributor, part hands-on technical operator — responsible for both shaping how AI is governed securely and executing the day-to-day controls that make that governance real. This role is the connective tissue between EZCORP’s AI security strategy and its operational reality — ensuring that policies don’t just exist on paper, but are enforced in the platforms and processes teams use every day.

Essential Duties & Responsibilities

• AI Governance, Policy & Acceptable Use
  • Maintain and operationalize EZCORP’s AI security policies: acceptable use standards, model risk policies, agentic AI guardrails, and data handling requirements.
  • Support governance aligned to NIST AI RMF, NIST CSF 2.0, ISO/IEC 42001, GLBA, and CCPA; assist in translating requirements into documented controls.
  • Support the AI Governance Committee: prepare intake materials, document decisions, and track conditional approval follow-through.
  • Develop and maintain AI security best practices documentation; publish guidance for business units, developers, and end users on secure AI use.
• Enterprise AI Platform Security & Administration
  • Administer the security of enterprise AI platforms including Claude Enterprise and Microsoft 365 Copilot.
  • Administer AI platform access controls: SSO configuration (SCIM/SAML), user provisioning and de-provisioning, role-based permissions, and license governance.
  • Evaluate and recommend approval or rejection of AI features, agents, and integrations against CISO-approved security and data governance standards.
  • Define and enforce policies for AI connectors, APIs, and third-party integrations using least-privilege principles; maintain an approved integration registry.
  • Operate and administer Agent 365: configure agentic workflow policies, permission scopes, tool-use guardrails, and session monitoring per CISO-approved standards.
  • Operate DSPM for AI: run data classification scans, enforce data access policies, monitor for sensitive data exposure across AI pipelines (training, inference, retrieval), and track remediation to closure.
  • Maintain platform health across all managed AI tools: configurations, integrations, alert tuning, and vendor escalation as needed.
  • Document platform configurations, change logs, and operational procedures; maintain current runbook library for all managed platforms.
  • Stay current on AI platform updates, new features, vendor security advisories, and emerging tooling; evaluate changes against EZCORP security standards before adoption or rollout.
• Agentic AI Security Controls & Architecture
  • Implement and maintain security controls for agentic AI workflows, automation pipelines, and enterprise system integrations per CISO-approved design standards.
  • Define and enforce least-privilege access for AI agents interacting with EZCORP data, APIs, and business systems; review and recertify agent permissions on a defined cadence.
  • Build and execute runbooks for common agentic AI risk scenarios: prompt injection, data leakage, agent privilege escalation, unauthorized automation, and hallucination-driven decisions.
  • Collaborate with IT Security architecture on secure AI integration patterns and API gateway controls.
• AI Threat Monitoring, Detection & Incident Response
  • Configure and maintain monitoring and logging of AI platform activity across all managed tools; integrate AI telemetry with SIEM for detection, alerting, and incident response.
  • Monitor AI-specific threat telemetry from Agent 365, DSPM for AI, SIEM, and endpoint tooling; triage alerts and execute response per defined procedures.
  • Support AI threat modeling exercises: document attack surfaces, contribute to OWASP LLM Top 10 assessments, and help validate mitigations.
  • Support AI-related incident response: execute assigned IR playbook steps, document timelines and evidence, and assist in containment and remediation.
  • Develop and maintain AI-specific IR playbooks; integrate AI threat scenarios into EZCORP’s broader cyber IR framework and tabletop exercise program.
  • Identify and mitigate AI-specific risks including prompt injection, data leakage, model poisoning, unauthorized automation, and adversarial model attacks.
• AI Risk Register & Model Lifecycle Controls
  • Maintain the enterprise AI risk register: update risk entries, track control owners, monitor remediation status, and flag overdue or escalating items.
  • Support security gate reviews across the AI model lifecycle by preparing risk assessment documentation, checklists, and findings summaries.
  • Maintain the AI model inventory: risk classification, data sensitivity, deployment environment, ownership, version history, and operational status.
  • Track and report AI security KRIs and metrics; prepare data inputs for CISO and ELT dashboards on a defined cadence.
• Shadow AI Detection & Remediation
  • Support the shadow AI detection program: review DLP, proxy, and endpoint telemetry for unauthorized AI tool usage; document findings and initiate remediation workflows.
  • Maintain the approved AI tool registry; process intake requests and flag unapproved tools for escalation prior to any security sign-off.
  • Assist in communicating shadow AI policies to business units; track acknowledgments and policy violation remediation status.
• Third-Party & Vendor AI Risk
  • Assist in third-party AI vendor security assessments: complete questionnaires, review vendor documentation, and summarize findings for senior review.
  • Track vendor AI risk findings, remediation commitments, and reassessment schedules in the vendor risk register.
  • Monitor third-party AI vendors for ongoing risk changes: new model versions, changed data practices, security incidents, or regulatory actions.
• Compliance, Audit & Regulatory Alignment
  • Prepare AI control evidence packages for internal and external audits; collect documentation, validate completeness, and coordinate with control owners.
  • Maintain AI control documentation and policy attestations for SOC 2, PCI DSS, GLBA, CCPA, and applicable state-level AI regulations.
  • Monitor the regulatory landscape (NIST AI RMF updates, CFPB/FTC AI guidance) and summarize implications for team review.
• Executive Reporting & Dashboard
  • Maintain and update the AI Security & Risk Dashboard: platform health (Agent 365, DSPM for AI, enterprise AI tools), risk posture, shadow AI trends, open findings, and compliance status.
  • Produce recurring AI risk status reports — open findings, platform health, shadow AI trends, compliance posture — ready for senior staff review and delivery.
  • Track AI security KPIs and KRIs against defined maturity targets; flag deviations and support root cause documentation.
• Cross-Functional Collaboration & AI Use Case Review
  • Partner cross-functionally to review AI use cases, provide security guidance on new initiatives, and support business units in adopting AI within approved guardrails.
  • Support AI intake gate reviews in the EPMO process: prepare risk assessment inputs, document findings, and track approval status.
  • Collaborate with the AI Portfolio Lead and Sr. AI & Transformation Lead to ensure all AI tooling meets CISO-approved security standards.
  • Partner with the AI Change & Adoption Lead to embed security awareness and acceptable use guidance into AI enablement programs and user training.

Qualifications

• Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, or related field; or equivalent work experience.
• 5–8 years in cybersecurity, IT risk, or technology governance — with 2–3 years of direct AI/ML security, AI governance, or AI platform administration experience.
• Hands-on experience administering enterprise AI platforms (Claude Enterprise or Microsoft 365 Copilot) including SSO/SCIM/SAML configuration, RBAC, and user provisioning.
• Prior exposure to DSPM, CASB, DLP, or agentic AI platforms preferred; familiarity with SIEM tooling and alert triage.
• Working knowledge of AI/ML security risks: prompt injection, model poisoning, OWASP LLM Top 10, and data exposure in AI pipelines.
• Familiarity with NIST AI RMF, NIST CSF 2.0, ISO/IEC 42001, GLBA, and CCPA; awareness of emerging AI regulatory requirements.
• Experience maintaining risk registers, control documentation, and audit evidence packages.
• Clear written and verbal communication skills; able to document technical findings for both technical and non-technical audiences.
• Retail, financial services, specialty lending, or consumer-facing regulated industry experience preferred.

Benefits

• Ground Floor opportunity with EZCORP, a company with a start-up, purpose-driven mentality where innovative and agile problem solving are part of our DNA.
• Competitive compensation and benefits.