Senior AI Security Analyst

About AppDirect

Become a digital, global citizen and enable the new generation of digital entrepreneurs around the world. AppDirect offers a subscription commerce platform to sell any product, through any channel, on any device - as a service. We power millions of subscriptions worldwide for organizations. We do this by our values-driven culture - one that enables you to Be Seen, Be Yourself, and Do Your Best Work.

About You

We’re looking for talented yet humble individuals who are smart, passionate, and want to drive disruption in the Information security industry. If you thrive in a fast-paced, collaborative workplace, AppDirect provides an environment where you will be challenged and inspired every day. If you relish the freedom to bring creative, thoughtful solutions to the table that reflect your experience and personality, there's no limit to what you can accomplish here.

What you'll do and how you'll have an impact

• Work within the Information Security team as an AI Security Analyst, owning the security and governance of AI tool usage across AppDirect's corporate environment.
• Define, operationalize, and continuously improve the corporate AI usage policy, including acceptable use guidelines, tool classification, and employee awareness.
• Lead the evaluation and ongoing monitoring of AI tools used by employees (e.g. ChatGPT, Copilot, Claude, Lovable, etc.), assessing their data handling practices and associated risks.
• Own and mature the company's DLP capabilities, with a focus on preventing sensitive data from being inadvertently exposed through AI tools and corporate SaaS platforms.
• Drive data governance initiatives, including classifying crown jewel data assets, defining handling requirements, and ensuring controls are operationalized across the organization.
• Collaborate with IT, Legal, Privacy, and Engineering to ensure corporate AI usage aligns with regulatory obligations (GDPR, HIPAA, SOC 2, etc.).
• Investigate incidents related to shadow AI usage, unauthorized data sharing, or policy violations involving AI tools.
• Monitor the evolving AI threat and tooling landscape and translate findings into actionable policy or control improvements.
• Contribute to AI governance documentation and support executive or board-level reporting on AI risk posture.

What we're looking for

• 5 years of experience in information security, with demonstrated exposure to data protection, DLP, or AI governance
• Strong expertise in DLP tools and platforms, including policy configuration, tuning, and incident triage, along with data classification and governance frameworks to identify and protect sensitive data assets.
• Experience evaluating SaaS and AI tools for security and privacy risks as part of vendor or tool onboarding processes.
• Solid understanding of how employees interact with AI tools in a corporate setting and the associated data leakage and shadow AI risks
• Familiarity with CASB and access control mechanisms applied to AI and SaaS tool usage
• Working knowledge of AI governance frameworks such as NIST AI RMF or ISO/IEC 42001
• Understanding of relevant regulatory requirements (GDPR, HIPAA, SOC 2) and their implications for corporate AI usage
• Proven ability to work cross-functionally and communicate data and AI risks clearly to non-technical stakeholders
• Creative, risk-aware, and solution-oriented mindset — comfortable operating in a space where standards and tooling are still maturing
• Any Information Security certification (CISSP, Security+, CIPP, CISM) is an asset

At AppDirect, we believe that innovation thrives in an environment that houses diversity of excellence, experience and thought. We respect each AppDirector as their own fingerprint; unique with no one alike. We foster an environment of inclusion without regard to race, religion, age, sexual orientation, or gender identity enabling AppDirectors to embrace their uniqueness to do their best work. As such, we strongly encourage applications from Indigenous peoples, racialized people, people with disabilities, people from gender and sexually diverse communities, and/or people with intersectional identities.

At AppDirect we take privacy very seriously. For more information about our use and handling of personal data from job applicants, please read our Candidate Privacy Policy. For more information of our general privacy practices, please see AppDirect Privacy Notice: https://www.appdirect.com/about/privacy-notice