Cyber & AI Risk Specialist

At EZCORP we are a growing team focused on creating and changing the pawn industry as we know it today. We believe that our platform enabled lending and e-commerce solutions will revolutionize our ability to attract, engage and service our customers across the United States, Mexico and Latin America.Join us now for an opportunity to be a part of a team that wants to provide access to short-term cash for every person – everywhere!The Company:Founded in Austin in 1989, EZCORP has grown into a leading provider of pawn loans in the United States, Mexico and Latin America. We are dedicated to satisfying the short-term cash needs of consumers who are both cash and credit constrained and providing an industry-leading customer experience.What’s in it for you:Ground Floor opportunity with EZCORP, a company with a start-up, purpose-driven mentality where innovative and agile problem solving are part of our DNA along with competitive compensation and benefits.Address:TexasThe Cyber & AI Risk Specialist is a dual-focus role within EZCORP’s CISO organization — part governance contributor, part hands-on technical operator — responsible for both shaping how AI is governed securely and executing the day-to-day controls that make that governance real. On the governance side, this Specialist supports the development and maintenance of AI security policies, acceptable use standards, risk frameworks, and compliance documentation, serving as an informed voice in AI intake reviews, vendor assessments, and audit preparation. On the technical side, this Specialist administers the security of enterprise AI platforms (Claude Enterprise, Microsoft 365 Copilot), manages Agent 365 agentic workflows and DSPM for AI, configures access controls and SSO provisioning, monitors AI threat telemetry, and executes security runbooks for AI-specific risk events. This role is the connective tissue between EZCORP’s AI security strategy and its operational reality — ensuring that policies don’t just exist on paper, but are enforced in the platforms and processes teams use every day.ESSENTIAL DUTIES & RESPONSIBILITIES:AI Governance, Policy & Acceptable UseMaintain and operationalize EZCORP’s AI security policies: acceptable use standards, model risk policies, agentic AI guardrails, and data handling requirementsSupport governance aligned to NIST AI RMF, NIST CSF 2.0, ISO/IEC 42001, GLBA, and CCPA; assist in translating requirements into documented controlsSupport the AI Governance Committee: prepare intake materials, document decisions, and track conditional approval follow-throughDevelop and maintain AI security best practices documentation; publish guidance for business units, developers, and end users on secure AI useEnterprise AI Platform Security & AdministrationAdminister the security of enterprise AI platforms including Claude Enterprise and Microsoft 365 CopilotAdminister AI platform access controls: SSO configuration (SCIM/SAML), user provisioning and de-provisioning, role-based permissions, and license governanceEvaluate and recommend approval or rejection of AI features, agents, and integrations against CISO-approved security and data governance standardsDefine and enforce policies for AI connectors, APIs, and third-party integrations using least-privilege principles; maintain an approved integration registryOperate and administer Agent 365: configure agentic workflow policies, permission scopes, tool-use guardrails, and session monitoring per CISO-approved standardsOperate DSPM for AI: run data classification scans, enforce data access policies, monitor for sensitive data exposure across AI pipelines (training, inference, retrieval), and track remediation to closureMaintain platform health across all managed AI tools: configurations, integrations, alert tuning, and vendor escalation as neededDocument platform configurations, change logs, and operational procedures; maintain current runbook library for all managed platformsStay current on AI platform updates, new features, vendor security advisories, and emerging tooling; evaluate changes against EZCORP security standards before adoption or rolloutAgentic AI Security Controls & ArchitectureImplement and maintain security controls for agentic AI workflows, automation pipelines, and enterprise system integrations per CISO-approved design standardsDefine and enforce least-privilege access for AI agents interacting with EZCORP data, APIs, and business systems; review and recertify agent permissions on a defined cadenceBuild and execute runbooks for common agentic AI risk scenarios: prompt injection, data leakage, agent privilege escalation, unauthorized automation, and hallucination-driven decisionsCollaborate with IT Security architecture on secure AI integration patterns and API gateway controlsAI Threat Monitoring, Detection & Incident ResponseConfigure and maintain monitoring and logging of AI platform activity across all managed tools; integrate AI telemetry with SIEM for detection, alerting, and incident responseMonitor AI-specific threat telemetry from Agent 365, DSPM for AI, SIEM, and endpoint tooling; triage alerts and execute response per defined proceduresSupport AI threat modeling exercises: document attack surfaces, contribute to OWASP LLM Top 10 assessments, and help validate mitigationsSupport AI-related incident response: execute assigned IR playbook steps, document timelines and evidence, and assist in containment and remediationDevelop and maintain AI-specific IR playbooks; integrate AI threat scenarios into EZCORP’s broader cyber IR framework and tabletop exercise programIdentify and mitigate AI-specific risks including prompt injection, data leakage, model poisoning, unauthorized automation, and adversarial model attacksAI Risk Register & Model Lifecycle ControlsMaintain the enterprise AI risk register: update risk entries, track control owners, monitor remediation status, and flag overdue or escalating itemsSupport security gate reviews across the AI model lifecycle by preparing risk assessment documentation, checklists, and findings summariesMaintain the AI model inventory: risk classification, data sensitivity, deployment environment, ownership, version history, and operational statusTrack and report AI security KRIs and metrics; prepare data inputs for CISO and ELT dashboards on a defined cadenceShadow AI Detection & RemediationSupport the shadow AI detection program: review DLP, proxy, and endpoint telemetry for unauthorized AI tool usage; document findings and initiate remediation workflowsMaintain the approved AI tool registry; process intake requests and flag unapproved tools for escalation prior to any security sign-offAssist in communicating shadow AI policies to business units; track acknowledgments and policy violation remediation statusThird-Party & Vendor AI RiskAssist in third-party AI vendor security assessments: complete questionnaires, review vendor documentation, and summarize findings for senior reviewTrack vendor AI risk findings, remediation commitments, and reassessment schedules in the vendor risk registerMonitor third-party AI vendors for ongoing risk changes: new model versions, changed data practices, security incidents, or regulatory actionsCompliance, Audit & Regulatory AlignmentPrepare AI control evidence packages for internal and external audits; collect documentation, validate completeness, and coordinate with control ownersMaintain AI control documentation and policy attestations for SOC 2, PCI DSS, GLBA, CCPA, and applicable state-level AI regulationsMonitor the regulatory landscape (NIST AI RMF updates, CFPB/FTC AI guidance) and summarize implications for team reviewExecutive Reporting & DashboardMaintain and update the AI Security & Risk Dashboard: platform health (Agent 365, DSPM for AI, enterprise AI tools), risk posture, shadow AI trends, open findings, and compliance statusProduce recurring AI risk status reports — open findings, platform health, shadow AI trends, compliance posture — ready for senior staff review and deliveryTrack AI security KPIs and KRIs against defined maturity targets; flag deviations and support root cause documentationCross-Functional Collaboration & AI Use Case ReviewPartner cross-functionally to review AI use cases, provide security guidance on new initiatives, and support business units in adopting AI within approved guardrailsSupport AI intake gate reviews in the EPMO process: prepare risk assessment inputs, document findings, and track approval statusCollaborate with the AI Portfolio Lead and Sr. AI & Transformation Lead to ensure all AI tooling meets CISO-approved security standardsPartner with the AI Change & Adoption Lead to embed security awareness and acceptable use guidance into AI enablement programs and user trainingEDUCATION & EXPERIENCE:Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, or related field; or equivalent work experience5–8 years in cybersecurity, IT risk, or technology governance — with 2–3 years of direct AI/ML security, AI governance, or AI platform administration experienceHands-on experience administering enterprise AI platforms (Claude Enterprise or Microsoft 365 Copilot) including SSO/SCIM/SAML configuration, RBAC, and user provisioningPrior exposure to DSPM, CASB, DLP, or agentic AI platforms preferred; familiarity with SIEM tooling and alert triageWorking knowledge of AI/ML security risks: prompt injection, model poisoning, OWASP LLM Top 10, and data exposure in AI pipelinesFamiliarity with NIST AI RMF, NIST CSF 2.0, ISO/IEC 42001, GLBA, and CCPA; awareness of emerging AI regulatory requirementsExperience maintaining risk registers, control documentation, and audit evidence packagesClear written and verbal communication skills; able to document technical findings for both technical and non-technical audiencesRetail, financial services, specialty lending, or consumer-facing regulated industry experience preferredEZCORP is an Equal Opportunity Employer #J-18808-Ljbffr EZCORP Services, Inc.