Artificial Intelligence (AI) Security Architect

Location:

The Artificial Intelligence (AI) Security Architect is responsible for securing and governing the enterprise's use of Agentic AI, Generative AI (GenAI), and Large Language Models (LLM) systems. The architect ensures that AI solutions adhere to enterprise security architecture principles, regulatory obligations, and Model Risk Management requirements while enabling safe innovation across business lines. The role brings deep security expertise together with applied AI security, threat modeling, dataprotection strategy, and enterprise architecture alignment.

1. Architecture & Design

• Develop and maintain enterprisegrade security architecture patterns for Agentic AI, GenAI and LLMs, systems, aligned with approved Information Security and Enterprise Architecture platforms and principles.
• Incorporate security requirements across reference models, solution architectures, and system designs supporting AI use cases-including model integration, retrievalaugmented generation (RAG), autonomous agent workflows, and sensitive data pathways.
• Ensure AI architectures support traceability, auditability, regulatory alignment, and controlled autonomy of AI agents.
• Review and guide secure integration patterns for in-house developed AI, thirdparty AI platforms, external APIs, vendorhosted and internally hosted LLMs, and cloudbased AI services.

2. Security Risk, Controls & Governance

• Lead security assessment and modeling of AI solutions under the enterprise AI Program governed by the AI Engineering, Enterprise Architecture and Model Risk teams.
• Partner with Enterprise Security Services, Model Risk, Legal, Compliance, Operational Risk, Procurement, and Third-Party Management to assess risks of proposed AI use cases, new vendors, and data flows.
• Define and enforce security controls for model access, identity, authentication, encryption, and secure storage/retention of training and inference data.
• Evaluate modelspecific threats including data leakage, model poisoning, promptinjection, insecure agent autonomy, and unintended model behaviors.
• Continuously monitor the evolving threat landscape and integrate emerging trends into architecture decisions, security controls, and program strategy.

3. CrossEnterprise Enablement

• Serve as the primary liaison between Enterprise Architecture, Information Security, Lines of Business, and Shared Services for all AI initiatives.
• Translate regulatory, environmental, and technology constraints into secure model design patterns and operational controls.
• Advise senior leadership, including Information Security management and CISO stakeholders, on AI security risks, technology decisions, and emerging threats.
• Contribute to the Security Domain Architecture team and broader strategic AI architecture discussions.

4. Threat Modeling & Defensive Engineering

• Partner with Security Architecture teammates on enterprise threat modeling in in conjunction with other Cybersecurity teams for AI pipelines, agent interactions, embeddings, RAG systems, and autonomous workflow orchestration.
• Evaluate cyber defense and vulnerability assessment implications for AIpowered applications, ensuring resilience against adversarial AI techniques.
• Drive design of countermeasures in alignment with industry frameworks (e.g MITRE ATLAS) to mitigate identified AIrelated risks.

• Deep understanding of authentication, authorization, identity systems, and accesscontrol mechanisms applicable to AI systems.
• Strong background in cloud, network, and application security controls relevant to model hosting, AI APIs, and highscale inference workloads.
• Experience in cryptography, encryption key management, and secure datahandling practices for training, finetuning, embedding generation, and inference logs.
• Familiarity with enterprise information security architecture frameworks and servicemanagement methodologies.
• Understanding of regulatory, compliance, and modelrisk considerations for AI systems in a financialservices context.
• Ability to communicate complex security and AI concepts to technical and nontechnical stakeholders with clarity.
• Maintain ongoing expertise in emerging cyber risks and AIdriven threat vectors through continuous research, industry engagement, and handson evaluation of new technologies.

• Designing or securing LLMbased solutions (RAG, prompt engineering, agent orchestration, vector databases).
• Experience with enterprisescale AI security platforms and AIspecific threatmitigation tools.
• Prior architecture experience in highly regulated industries (financial services, banking, or similar).

• Bachelor's in information security, Computer Science, Engineering, or a related field or equivalent work experience.
• Relevant certifications (e.g., CISSP, CCSP, AWS/Azure/GCP security, AIrelated credentials) are preferred.

COMPENSATION AND BENEFITS

Please click here for a list of benefits for which this position is eligible.

Key has implemented an approach to employee workspaces which prioritizes in-office presence, while providing flexible options in circumstances where roles can be performed effectively in a mobile environment.

Qualified individuals with disabilities or disabled veterans who are unable or limited in their ability to apply on this site may request reasonable accommodations by emailing HR_Compliance@keybank.com.