AI Security & Identity Lead

Security & Identity Lead - Agentic ERP Platform

The Security & Identity Lead owns the security architecture, identity management, and compliance posture of Rimini Street's Agentic ERP Platform. This role is responsible for ensuring that AI agent interactions, data access, and system integrations meet enterprise security standards — designing authentication, authorization, and data isolation frameworks that protect customer environments — and for producing the audit evidence, compliance reporting, and customer-facing security posture that make those controls defensible to auditors and client security teams.

Reporting to the VP, Platform Engineering, this leader builds and runs the Malaysia-based security and compliance observability function — partnering with Platform Engineering, Operations, and Delivery across all three hubs. The ideal candidate combines deep security engineering expertise with practical experience securing cloud-native, multi-tenant platforms, and brings the leadership maturity to grow a small team and represent platform security to executive, audit, and customer audiences.

Essential Duties & Responsibilities

Security Architecture

• Design and implement the platform's security architecture, covering authentication, authorization, encryption, and audit logging.
• Define trust boundaries and access control policies that govern agent-to-system and user-to-agent interactions.
• Establish data isolation and multi-tenancy security patterns that protect customer data across all platform layers.
• Conduct threat modelling and security risk assessments for new platform features and integrations, including AI-specific risks (prompt injection, indirect injection, RAG corpus contamination).
• Define and enforce security standards for API endpoints, data storage, inter-service communication, and air-gap deployment scenarios.

Identity & Access Management

• Design and implement IAM solutions including SSO, OAuth 2.0, OIDC, and SAML integrations for enterprise customers.
• Build role-based access control (RBAC) and attribute-based access control (ABAC) frameworks for platform users and agents, including policy-as-code (OPA/Rego) authoring and review.
• Implement token management, session handling, and credential lifecycle policies.
• Design customer identity federation patterns that integrate with enterprise identity providers.
• Establish service-to-service authentication and authorization for internal platform components, including mTLS and HashiCorp Vault-managed secrets.

Compliance, Audit & Observability

• Own platform compliance posture against relevant security frameworks (SOC 2, ISO 27001, GDPR, and industry-specific requirements).
• Lead operational and security observability that turns platform telemetry into compliance evidence, customer-facing posture reports, and audit artefacts.
• Establish data classification policies and implement appropriate controls for each classification level.
• Coordinate with Rimini Street's corporate security and compliance teams to align platform security with organizational policies.
• Produce security documentation, including architecture decision records, threat models, and audit-ready compliance evidence.
• Support the Indemnification Control Owner with integrated quarterly configuration audit reports covering monitored vendor indemnification conditions.
• Own client-facing audit and security response: produce evidence packages on demand for client audits, regulatory reviews, and security questionnaires.

Security Operations

• Implement security scanning and vulnerability management for platform code, dependencies, and infrastructure (PII detection via Microsoft Presidio or equivalent).
• Align platform incident response with Rimini Street's corporate security incident process.
• Conduct security code reviews and establish secure coding guidelines for engineering teams across all three delivery hubs.
• Monitor and respond to security advisories affecting platform dependencies and infrastructure.
• Perform periodic security assessments and coordinate penetration testing.

Team Leadership

• Lead the Malaysia-based security and compliance observability function, including direct management of the Observability & Governance Engineer.
• Grow the function over time as the platform scales — hiring, mentoring, and developing security and observability talent.
• Establish team processes for evidence production, audit response, and compliance reporting that balance rigour with delivery velocity.
• Represent platform security to executive, audit, customer, and partner audiences — translating technical controls into business-language posture reports.
• Partner with the Security & Identity Lead's peers across hubs: Platform Engineering (security control implementation), AI/ML Lead (LLM observability integration), DevOps (CI/CD security), and Delivery (client security evidence).

Experience

• 8+ years of security engineering experience, with at least 3 years in a lead or management role.
• Proven experience designing security architectures for cloud-native, multi-tenant platforms.
• Hands-on experience implementing IAM solutions (SSO, OAuth 2.0, OIDC, SAML) in enterprise environments.
• Track record of producing audit evidence for SOC 2, ISO 27001, SOX, or equivalent regulatory frameworks.
• Experience leading security initiatives across distributed engineering teams and managing small direct-report teams.
• Background in enterprise software, ERP systems, or B2B platforms preferred.

Technical Skills

Required

• Identity protocols: OAuth 2.0, OpenID Connect, SAML 2.0, and JWT/JWS/JWE.
• Authentication and authorization frameworks: Keycloak, Auth0, Okta, or equivalent.
• Policy-as-code: OPA/Rego authoring, review, and integration with platform services.
• Secrets management: HashiCorp Vault or equivalent enterprise secret store.
• Application security: OWASP Top 10, secure coding practices, and security code review.
• AI-specific security: prompt injection defence, indirect injection mitigations, RAG corpus integrity, model access controls.
• PII detection and data masking (Microsoft Presidio or equivalent).
• Encryption: TLS/mTLS, data-at-rest encryption, key management, and certificate lifecycle.
• API security: rate limiting, input validation, CORS, and API gateway security patterns.
• Cloud security: AWS or Azure security services, IAM policies, VPC networking, and secrets management.
• Air-gap and disconnected deployment security: secrets distribution, certificate lifecycle, update propagation.
• Python and/or Java for security tooling and integration development.
• Git version control and CI/CD security integration (SAST, DAST, SCA).

Preferred

• Experience with PostgreSQL security: row-level security, encryption extensions, and audit logging.
• Knowledge of container and Kubernetes security (pod security policies, network policies, service mesh).
• Familiarity with infrastructure-as-code security (Terraform, CloudFormation scanning).
• Experience with LLM observability tooling (LangFuse or equivalent) and operational telemetry interpretation for AI systems.
• Experience with security information and event management (SIEM) tools.
• Exposure to Zero Trust architecture principles and implementation.
• Experience with hardware security modules (HSM) or cloud KMS.
• Familiarity with AI assurance frameworks (AIUC-1 or equivalent).
• Experience with third-party MCP / agent security models or LLM gateway security patterns (rate limiting at the model layer, prompt firewall, output filtering).

Skills & Competencies

• Security-first mindset; designs systems with defence-in-depth and least-privilege principles.
• Evidence-oriented; understands that compliance is about producing defensible records, not just collecting data.
• Strong people leadership; able to grow and retain a small, high-performing security and observability team.
• Customer-facing maturity; can represent platform security to external auditors, client security teams, and executive audiences.
• Strong analytical skills; able to assess complex systems for security risks and design proportionate controls.
• Collaborative; works effectively with engineering teams to integrate security without impeding delivery velocity.
• Pragmatic; balances security rigour with business needs and development speed.
• Clear communicator; able to articulate security risks, trade-offs, and compliance posture to technical and