Cyber & AI Risk Specialist

Cyber & AI Risk Specialist

At EZCORP we are a growing team focused on creating and changing the pawn industry as we know it today. We believe that our platform enabled lending and e-commerce solutions will revolutionize our ability to attract, engage and service our customers across the United States, Mexico and Latin America.

Join us now for an opportunity to be a part of a team that wants to provide access to short-term cash for every person – everywhere!

The Cyber & AI Risk Specialist is a dual-focus role within EZCORP's CISO organization — part governance contributor, part hands-on technical operator — responsible for both shaping how AI is governed securely and executing the day-to-day controls that make that governance real. On the governance side, this Specialist supports the development and maintenance of AI security policies, acceptable use standards, risk frameworks, and compliance documentation, serving as an informed voice in AI intake reviews, vendor assessments, and audit preparation. On the technical side, this Specialist administers the security of enterprise AI platforms (Claude Enterprise, Microsoft 365 Copilot), manages Agent 365 agentic workflows and DSPM for AI, configures access controls and SSO provisioning, monitors AI threat telemetry, and executes security runbooks for AI-specific risk events. This role is the connective tissue between EZCORP's AI security strategy and its operational reality — ensuring that policies don't just exist on paper, but are enforced in the platforms and processes teams use every day.

Essential Duties & Responsibilities:

• Maintain and operationalize EZCORP's AI security policies: acceptable use standards, model risk policies, agentic AI guardrails, and data handling requirements
• Support governance aligned to NIST AI RMF, NIST CSF 2.0, ISO/IEC 42001, GLBA, and CCPA; assist in translating requirements into documented controls
• Support the AI Governance Committee: prepare intake materials, document decisions, and track conditional approval follow-through
• Develop and maintain AI security best practices documentation; publish guidance for business units, developers, and end users on secure AI use
• Administer the security of enterprise AI platforms including Claude Enterprise and Microsoft 365 Copilot
• Administer AI platform access controls: SSO configuration (SCIM/SAML), user provisioning and de-provisioning, role-based permissions, and license governance
• Evaluate and recommend approval or rejection of AI features, agents, and integrations against CISO-approved security and data governance standards
• Define and enforce policies for AI connectors, APIs, and third-party integrations using least-privilege principles; maintain an approved integration registry
• Operate and administer Agent 365: configure agentic workflow policies, permission scopes, tool-use guardrails, and session monitoring per CISO-approved standards
• Operate DSPM for AI: run data classification scans, enforce data access policies, monitor for sensitive data exposure across AI pipelines (training, inference, retrieval), and track remediation to closure
• Maintain platform health across all managed AI tools: configurations, integrations, alert tuning, and vendor escalation as needed
• Document platform configurations, change logs, and operational procedures; maintain current runbook library for all managed platforms
• Stay current on AI platform updates, new features, vendor security advisories, and emerging tooling; evaluate changes against EZCORP security standards before adoption or rollout
• Implement and maintain security controls for agentic AI workflows, automation pipelines, and enterprise system integrations per CISO-approved design standards
• Define and enforce least-privilege access for AI agents interacting with EZCORP data, APIs, and business systems; review and recertify agent permissions on a defined cadence
• Build and execute runbooks for common agentic AI risk scenarios: prompt injection, data leakage, agent privilege escalation, unauthorized automation, and hallucination-driven decisions
• Collaborate with IT Security architecture on secure AI integration patterns and API gateway controls
• Configure and maintain monitoring and logging of AI platform activity across all managed tools; integrate AI telemetry with SIEM for detection, alerting, and incident response
• Monitor AI-specific threat telemetry from Agent 365, DSPM for AI, SIEM, and endpoint tooling; triage alerts and execute response per defined procedures
• Support AI threat modeling exercises: document attack surfaces, contribute to OWASP LLM Top 10 assessments, and help validate mitigations
• Support AI-related incident response: execute assigned IR playbook steps, document timelines and evidence, and assist in containment and remediation
• Develop and maintain AI-specific IR playbooks; integrate AI threat scenarios into EZCORP's broader cyber IR framework and tabletop exercise program
• Identify and mitigate AI-specific risks including prompt injection, data leakage, model poisoning, unauthorized automation, and adversarial model attacks
• Maintain the enterprise AI risk register: update risk entries, track control owners, monitor remediation status, and flag overdue or escalating items
• Support security gate reviews across the AI model lifecycle by preparing risk assessment documentation, checklists, and findings summaries
• Maintain the AI model inventory: risk classification, data sensitivity, deployment environment, ownership, version history, and operational status
• Track and report AI security KRIs and metrics; prepare data inputs for CISO and ELT dashboards on a defined cadence
• Support the shadow AI detection program: review DLP, proxy, and endpoint telemetry for unauthorized AI tool usage; document findings and initiate remediation workflows
• Maintain the approved AI tool registry; process intake requests and flag unapproved tools for escalation prior to any security sign-off
• Assist in communicating shadow AI policies to business units; track acknowledgments and policy violation remediation status
• Assist in third-party AI vendor security assessments: complete questionnaires, review vendor documentation, and summarize findings for senior review
• Track vendor AI risk findings, remediation commitments, and reassessment schedules in the vendor risk register
• Monitor third-party AI vendors for ongoing risk changes: new model versions, changed data practices, security incidents, or regulatory actions
• Prepare AI control evidence packages for internal and external audits; collect documentation, validate completeness, and coordinate with control owners
• Maintain AI control documentation and policy attestations for SOC 2, PCI DSS, GLBA, CCPA, and applicable state-level AI regulations
• Monitor the regulatory landscape (NIST AI RMF updates, CFPB/FTC AI guidance) and summarize implications for team review
• Maintain and update the AI Security & Risk Dashboard: platform health (Agent 365, DSPM for AI, enterprise AI tools), risk posture, shadow AI trends, open findings, and compliance status
• Produce recurring AI risk status reports — open findings, platform health, shadow AI trends, compliance posture — ready for senior staff review and delivery
• Track AI security KPIs and KRIs against defined maturity targets; flag deviations and support root cause documentation
• Partner cross-functionally to review AI use cases, provide security guidance on new initiatives, and support business units in adopting AI within approved guardrails
• Support AI intake gate reviews in the EPMO process: prepare risk assessment inputs, document findings, and track approval status
• Collaborate with the AI Portfolio Lead and Sr. AI & Transformation Lead to ensure all AI tooling meets CISO-approved security standards
• Partner with the AI Change & Adoption Lead to embed security awareness and acceptable use guidance into AI enablement programs and user training

Education & Experience:

• Bachelor's degree in Cybersecurity, Computer Science, Information Systems, or related field; or equivalent work experience
• 5–8 years in cybersecurity, IT risk, or technology governance — with 2–3 years of direct AI/ML security, AI governance, or AI platform administration experience
• Hands-on experience administering enterprise AI platforms (Claude Enterprise or Microsoft 365 Copilot) including SSO/SCIM/SAML configuration, RBAC, and user provisioning
• Prior exposure to DSPM, CASB, DLP, or agentic AI platforms preferred; familiarity with SIEM tooling and alert triage
• Working knowledge of AI/ML security risks: prompt injection, model poisoning, OWASP LLM Top 10, and data exposure in AI pipelines
• Familiarity with NIST AI RMF, NIST CSF 2.