Job Details

AI & Cloud Security, Senior Manager/Architect/Lead

Healthcare Industry - HIPAA-Regulated Environment
Full Time US Remote
No Sponsorship provided at this time

Recruit22 is seeking an experienced and strategic AI/Coud Cybersecurity expert to join our large healthcare client. The ideal candidate will be responsible for identifying, assessing, and mitigating security vulnerabilities across our entire technology infrastructure.

The role is responsible for supporting the definition and execution of the organization's strategy to secure cloud platforms and AI capabilities in a large, HIPAA-regulated healthcare environment. The role is responsible for driving a comprehensive program to secure AI workloads in the cloud, protect AI/ML models, ModelOps/MLOps pipelines, Agentic AI workflows, and strengthen resilience against AI-enabled attacks (e.g., automated phishing, adversarial ML, model theft, prompt injection, and agent hijacking). The role also leads the strategic use of agentic AI to improve detection and incident response through safe automation, human-in-the-loop controls, and rigorous operational governance.

This leader also owns the cloud security architecture, design standards, and governance model for the enterprise, establishing reference architectures, secure landing zone patterns, policy-as-code guardrails, and architecture review processes that enable rapid delivery while maintaining strong risk control and audit readiness.

Key Responsibilities

• Establish a threat-informed program to defend against AI-enabled attacker capabilities, including automated reconnaissance, highly personalized phishing, synthetic identity fraud, and scalable credential abuse.

• Define controls and operational procedures to mitigate impersonation and deepfake risk (executive fraud, clinician impersonation, IT helpdesk scams), including identity verification patterns and secure approval workflows.

• Partner with IAM, Email Security, SOC, and Compliance stakeholders to implement detection and response patterns for AI-amplified threats.

• Define reference architectures and engineering guardrails for securing AI/ML workloads in cloud environments, including:

• Workload identity, least privilege, privileged access (PAM)

• Network controls (private endpoints, segmentation, egress restrictions)

• Encryption, KMS/HSM integration, secrets management

• Secure container/Kubernetes patterns and hardened runtime controls

• Centralized logging/telemetry, threat detection, and response integration

• Drive secure-by-default patterns for AI platform services (managed ML platforms, vector databases, model endpoints, feature stores, data pipelines).

• Establish controls to protect models across their lifecycle: training, evaluation, deployment, inference, and monitoring.

• Implement and govern security requirements for ModelOps/MLOps pipelines, including CI/CD integration, artifact integrity, provenance/attestation, and secure release controls.

• Define testing and monitoring standards for AI-specific risks such as prompt injection, data poisoning, model inversion, membership inference, model theft, and supply chain compromise.

• Partner with Compliance and Privacy to ensure appropriate use and protection of PHI/ePHI in training and inference workflows (minimization, de-identification, access control, auditability).

• Lead the strategy and implementation of agentic AI to enhance incident response and security operations

• Define governance for security agents: least privilege, tool access controls, prompt/chain protection, validation of outputs, safe fallbacks, and change management.

• Ensure AI and cloud security controls align with HIPAA/HITECH expectations and organizational risk management practices; support HITRUST/NIST-aligned control mapping where applicable.

• Establish AI/cloud security standards, policies, and control requirements for internal development and third-party services (including vendor due diligence for AI providers and model transparency expectations).

• Provide executive-ready reporting on AI and cloud security posture, top risks, and control maturity.

• Own the cloud security architecture strategy for the enterprise, defining target-state patterns across IaaS/PaaS/SaaS for Azure/AWS/GCP (as applicable).

• Establish and maintain cloud security reference architectures, reusable blueprints, and approved patterns (landing zones, network segmentation, identity, logging, encryption, secrets, platform services).

• Lead (or co-lead with Enterprise Architecture) a Cloud Security Architecture Review Board and define governance processes for design approvals, exceptions, and risk acceptance.

• Define and enforce cloud guardrails using policy-as-code (e.g., Azure Policy, AWS SCPs), infrastructure-as-code standards, and automated compliance checks.

• Drive adoption and operationalization of CNAPP/CSPM/CWPP capabilities (where applicable), including posture monitoring, risk prioritization, and remediation workflows.

• Establish cloud security requirements for platform teams and product teams, including secure configuration baselines, logging/telemetry standards, and workload onboarding criteria.

• Influence budgets, tool selection, and prioritization for AI/cloud security investments and roadmap.

• 10+ years of progressive experience in cybersecurity, with substantial depth in cloud security engineering and architecture (Director level typically 12-15+ years), including responsibility for enterprise-scale control design and implementation.

• Demonstrated experience establishing and operating cloud security architecture and governance, including reference architectures, secure landing zone standards, policy-as-code guardrails (e.g., Azure Policy / AWS SCPs), architecture review/exception processes, and posture management/remediation workflows (e.g., CSPM/CNAPP).

• Strong hands-on experience securing modern cloud workloads and platforms, including containers/Kubernetes, CI/CD pipelines, infrastructure-as-code, secrets management, encryption/key management, centralized logging/telemetry, and workload identity/least privilege.

• Hands-on, practical experience securing AI/ML systems in production, including direct involvement in one or more of the following:

• Designing and implementing security controls for LLM and/or ML workloads hosted in cloud environments (training and/or inference)

• Securing MLOps/ModelOps pipelines (model build, artifact management, deployment, monitoring), including controls for artifact integrity, provenance/attestation, access governance, and secure release gates

• Implementing protections and testing for AI-specific threats such as prompt injection, data poisoning, model theft/exfiltration, model inversion, membership inference, and supply chain compromise

• Establishing runtime and application-layer controls for AI services (e.g., model endpoint security, API protection, egress controls, content filtering/validation, rate limiting, abuse detection)

• Implementing monitoring and detection for AI systems, including telemetry for model behavior, drift/anomaly signals, and security event integration into SIEM/SOAR

• Proven ability to translate AI/cloud risks into actionable engineering roadmaps and to drive execution across a matrixed enterprise (Cloud Platform, Data, App Engineering, Security Operations).

• Strong operational security foundation, including experience integrating cloud and AI telemetry into SIEM/EDR/XDR/SOAR workflows and improving detection and response outcomes.

• Excellent executive communication skills, including the ability to articulate AI and cloud security risks in terms of patient safety, regulatory exposure, operational resilience, and business impact.