AI Security Principal

AI Security Principal

HITRUST is seeking an AI Security Principal to help shape how organizations address the security risks introduced by artificial intelligence. This individual will serve as a public subject matter authority on AI security threats, responsible AI practices, and the need for independently validated assurance for AI-enabled systems.

This is a senior individual-contributor role. The AI Security Principal will combine external market education with internal strategic influence, working closely with framework development, product, sales, marketing, and go-to-market teams to advance HITRUST's leadership in AI security assistance.

The ideal candidate brings deep technical expertise in AI systems, machine learning, and cybersecurity, along with the judgment and communication skills required to explain complex technical and risk issues to executive leaders, regulators, practitioners, and customers.

The successful candidate will be recognized as a credible authority in AI security or cybersecurity and comfortable engaging with technical experts, regulators, analysts, and senior industry leaders on emerging AI risk and assurance practices.

Strategic Impact:

• Further establish HITRUST as a credible authority in AI security assurance and responsible AI practices.
• Influence how organizations design, evaluate, and obtain assurance over security controls for AI-enabled systems.
• Shape industry dialogue around practical, independently validated approaches to AI security governance.
• Help drive the evolution of AI-related content within the HITRUST Framework (HITRUST CSF®).
• Provide subject matter expertise and market insight to help inform product direction and market positioning for HITRUST AI security assurance and certification offerings.
• Contribute subject matter expertise to industry discussions with analysts, standards bodies, regulators, and security communities to advance practical approaches to AI security assurance.

Duties & Responsibilities:

Market education and thought leadership

• Advocate for independent AI security assurance across industry, technology, and regulatory communities.
• Educate organizations on the security threats and risks introduced by generative AI and machine learning systems.
• Develop and publish blog posts, articles, whitepapers, research perspectives, presentation materials, and other thought leadership content related to AI security, risk management, and governance.
• Represent HITRUST at conferences, webinars, panels, podcasts, and other public forums as a recognized voice on AI security and assurance.
• Maintain an active, professional presence across relevant social media and digital channels to promote awareness of AI security risks and the value of independent assurance.

Industry engagement

• Engage with industry groups, security communities, and standards organizations focused on AI security, governance, and responsible AI practices.
• Monitor emerging threats, market practices, and regulatory developments related to AI security.
• Support strategic discussions with customers and partners that require deep subject matter expertise in AI security and AI assurance.

Internal collaboration and strategy

• Collaborate closely with members of the HITRUST CSF framework development team to ensure emerging AI security risks and responsible AI topics remain relevant within the HITRUST control framework.
• Advocate internally for updates to the HITRUST assurance program needed to address evolving AI security threats, AI governance expectations, and responsible AI requirements.
• Work closely with product and platform teams to advocate for software enhancements needed to bring new responsible AI and AI security functionality and products to market.
• Collaborate closely with sales and go-to-market teams to support market education, customer engagements, positioning, and field enablement for HITRUST AI assurance offerings.
• Provide market insight, practitioner feedback, and subject matter expertise to support the development and launch of new AI assurance products, certifications, and supporting content.

Required Qualifications:

• Subject matter expertise in generative AI, machine learning technologies, AI-enabled software architectures, and information technology security.
• Strong understanding of information security, cybersecurity risk management, threat analysis, and secure system design.
• Demonstrated ability to explain complex technical issues clearly to executive, regulatory, practitioner, and technical audiences.
• Strong professional writing skills, with experience publishing blog posts, articles, research papers, or comparable thought leadership content.
• Experience speaking publicly on cybersecurity, AI, or emerging technology risk topics.
• Ability to translate technical issues into clear risk management, assurance, and market-facing narratives.
• Ability to operate effectively as a senior individual contributor with significant cross-functional influence and no direct managerial authority.

Preferred Qualifications:

• Experience with cybersecurity assurance, certification programs, control frameworks, or compliance-oriented offerings.
• Familiarity with AI risk management frameworks and responsible AI governance practices.
• Background in security architecture, AI/ML engineering, cybersecurity research, cybersecurity assessments, or related technical discipline.
• Experience engaging with standards bodies, regulatory groups, industry alliances, or assessor communities.
• Established presence in the cybersecurity or AI security community through speaking, publishing, research, or professional social media engagement.
• Familiarity with references such as HITRUST CSF, NIST AI RMF, NIST CSF, ISO 27001, ISO 42001, OWASP AI Exchange, OWASP ML and LLM Top 10 lists, and similar industry guidance.
• Familiarity with cybersecurity due diligence as a part of third-party risk management.

About Us:

HITRUST is the leader in validated cybersecurity assurance used in third-party risk management and compliance. HITRUST delivers assurance and certification programs for the application and independent validation of security, privacy, and AI controls, harmonized across more than 60 authoritative standards and frameworks. Its threat-adaptive approach combines tiered, selectable assessments (e1, i1, r2, and AI), an ecosystem of over 100 independent assessment firms, centralized quality assurance, standardized reporting, and a powerful SaaS platform to enable consistent, defensible, and scalable assurance. HITRUST delivers the only assurance certification with defensible proof of security, demonstrated by a 99.62% breach-free rate among certified environments in the 2026 Trust Report. For nearly 20 years, HITRUST has defined the standard for trustworthy cybersecurity proof, helping organizations demonstrate measurable cybersecurity resilience across their enterprises and third-party ecosystems.

HITRUST is an equal opportunity employer that is committed to diversity and inclusion in the workplace.

We prohibit discrimination and harassment of any kind based on race, color, region, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws.