Establish AI-specific security policies, risk frameworks, and threat and governance models to protect AI driven solutions
Develop and implement a comprehensive AI security strategy aligned with business objectives and regulatory requirements.
Implement secure-by-design principles in AI/ML models, ensuring robustness against adversarial attacks, bias mitigation, and data poisoning.
Identify AI-specific threats (e.g., model inversion, prompt injection, model leakage) and establish mitigation strategies.
Conduct AI threat modeling and security assessments for prototypes and MVPs.
Guide zero-trust architecture and secure MLOps best practices.
AI Risk & Compliance Governance
Develop and implement a global AI risk management framework for KPMG's AI initiatives.
Define approval workflows, compliance protocols, and legal review processes for AI projects.
Implement secure AI lifecycle management, addressing risks like model poisoning, adversarial attacks, and data breaches.
Ensure AI models and data processing comply with GDPR, HIPAA, NIST AI Management Framework, CPRA, APRA CPS 234, and other international regulations.
Oversee the submission of the 16.6.4 compliance form, ensuring all AI projects undergo risk assessment before deployment.
Act as a liaison between AI teams and compliance, risk, and legal departments to ensure all AI-driven solutions meet regulatory standards.
Establish AI model validation and testing protocols to mitigate risks before full-scale deployment.
AI Data Security & Privacy
Define data governance standards for AI initiatives using public, private, and proprietary data.
Enforce data governance and privacy-by-design principles for AI models handling sensitive or PII data.
Oversee AI security controls to prevent data leakage, unauthorized access, and model inversion attacks.
Implement secure data handling and anonymization techniques to protect sensitive AI training data.
Ensure AI models and pipelines adhere to data privacy laws and cross-border data transfer regulations.
Collaborate with AI engineers and security teams to establish secure AI training, deployment, and inference environments.
Conduct AI security audits and penetration tests to assess vulnerabilities in AI solutions.
AI Legal & Regulatory Advisory
Provide legal risk assessments for AI initiatives across Tax, Audit, and Advisory services.
Guide AI teams on intellectual property (IP) protection, licensing, and fair AI use policies.
Ensure AI models adhere to ethics and bias mitigation standards as per global AI regulations.
Monitor emerging AI laws and regulations and advise leadership on necessary compliance updates.
Engage with regulatory bodies, industry groups, and cybersecurity alliances to shape AI security standards.
Lead AI security audits, governance reviews, and compliance assessments.
AI Risk Strategy & Secure Adoption
Work closely with the AI Technology Architect to ensure secure AI deployment with agentic AI adoption.
Advise business leaders on AI governance and compliance strategies to maximize AI innovation while mitigating risk.
Identify best-in-class AI risk management tools (both open-source and proprietary) to enhance KPMG's AI security posture.
Define AI security guardrails for development teams working on LLMs, autonomous AI agents, and generative AI solutions.
Secure AI workloads, APIs, and AI-as-a-Service deployments on cloud platforms (AWS, Azure, GCP).
Data Security & Privacy Compliance
Ensure AI data governance, including data residency, encryption, anonymization, and access controls for sensitive AI datasets.
Align AI solutions with GDPR, CCPA, HIPAA, ISO 27001, NIST AI RMF, and industry-specific AI security frameworks.
Define AI data lineage, ownership, and lifecycle security measures.
Collaborate with data privacy teams to implement privacy-preserving AI techniques (e.g., differential privacy, federated learning).
Legal & Regulatory Compliance For AI
Interpret AI regulatory frameworks (EU AI Act, US AI Executive Order, UK AI Safety Standards, etc.) and translate them into implementation strategies.
Establish legal guardrails for AI model explainability, auditability, and fairness.Work with legal teams to ensure intellectual property protection for AI models and third-party AI risk management.
Review AI contracts, licensing agreements, and third-party AI APIs for security and compliance risks.
Hands-On AI Security Guidance For Tech Teams
Act as a trusted advisor for AI engineers, guiding them on secure coding, AI security tools, and best practices.
Lead AI security architecture reviews and enforce secure MLOps pipelines.
Implement AI Red Teaming exercises to test model resilience and adversarial robustness.
Support secure deployment strategies (e.g., cloud security, containerized AI environments, and model access controls).
AI Security Incident Response & Monitoring
Establish an AI-specific incident response framework for detecting and responding to AI-related security threats.
Implement continuous monitoring of AI systems for drift, anomalies, and adversarial exploitation.
Leverage AI-powered security tools (e.g., AI-driven SIEM, anomaly detection, and ML security scanners).
Key Qualifications & Experience
Technical & Security Expertise :
10+ years of experience in cybersecurity, AI risk, data security, or related fields.
5+ years of experience in AI/ML security, model governance, or AI compliance.
Strong understanding of MLOps security, AI adversarial threats, model poisoning , data exhfiltration and AI risk frameworks.
Hands-on experience with AI security tools (e.g., ModelScan, RobustML, Microsoft Purview, IBM AI OpenScale).
Experience securing ML pipelines, LLMs (Large Language Models), and AI APIs.
Deep knowledge of cryptographic techniques for AI security (homomorphic encryption, secure multi-party computation, differential privacy, etc.).
Familiarity with secure AI coding practices (e.g., Python, TensorFlow, PyTorch, LangChain security best practices).
Legal & Compliance Knowledge
In-depth understanding of global AI regulations and standards (EU AI Act, NIST AI RMF, ISO 42001, GDPR, CCPA, etc.).
Experience in legal assessments of AI bias, fairness, and explainability.
Knowledge of intellectual property rights, AI contracts, and AI risk audits.
Leadership & Advisory Skills
Experience in advising AI development teams, guiding security reviews, and implementing compliance-driven AI solutions.
Ability to translate complex security and legal concepts into actionable AI governance strategies and into business impact for Business units
Strong cross-functional collaboration with technology, legal, compliance, and risk management teams.
Drive a culture of security-first AI development across the organization.