AI Security Architect

The AI Security & Governance Architect is a senior individual contributor role within IQVIA's Security Architecture team. Artificial intelligence and generative AI are transforming how IQVIA operates - from developer productivity and business workflows to data analytics and clinical innovation. As adoption accelerates across the enterprise, the security organization must scale its ability to govern, assess, and enable that adoption responsibly and at pace. This role sits within a broader AI security strategy function and reports to the Security Architecture leader responsible for IQVIA's enterprise AI security direction.

• Contribute to and help execute IQVIA's AI security strategy, providing hands on program delivery across governance, risk assessment, and stakeholder engagement workstreams under the direction of the Security Architecture AI lead.
• Act as a primary security architecture partner for business units, development teams, and the Data Office as they evaluate, adopt, and scale generative AI tools and platforms - ensuring security requirements are understood and addressed from the outset.
• Own and operate the AI security intake and review process for new generative AI platform and tool requests, conducting structured security assessments that evaluate vendor security posture, data handling and residency practices, telemetry and logging controls, and acceptable use implications before organizational adoption is approved.
• Represent Security Architecture in IQVIA's existing AI governance committees and taskforces, ensuring security risk positions, architectural guardrails, and governance requirements are embedded in decisions and communicated consistently across the organization.
• Develop, maintain, and operationalize AI security standards, guidelines, and reference architectures covering generative AI platforms, LLM-integrated applications, agentic systems, and AI enabled developer and productivity tooling.
• Conduct AI security architecture reviews for new and existing AI integrations, including agentic workflows, retrieval augmented generation (RAG) pipeline designs, LLM API integrations, and multi model orchestration patterns - identifying risks and defining appropriate mitigations in collaboration with development and platform teams.
• Build and maintain scalable AI security workflows, assessment playbooks, and decision frameworks that enable the organization to evaluate AI adoption requests efficiently, consistently, and without creating unnecessary friction for business delivery.
• Define and maintain security requirements for enterprise generative AI platforms, addressing prompt security, data residency, access and identity controls, output handling, audit logging, and integration with IQVIA's broader identity and data governance controls.
• Partner with development teams to provide practical AI security guidance, supporting the secure design of AI integrated applications and ensuring development teams have the guidance, patterns, and standards needed to build responsibly with AI technologies.
• Support the development of AI security awareness and guidance materials for developers, data teams, and business stakeholders across IQVIA, ensuring consistent understanding of how AI tools should be used within IQVIA's security and governance framework.
• Monitor the evolving AI security and regulatory landscape - including emerging attack techniques, model provider disclosures, and developments in AI regulation - and translate findings into timely, actionable updates to IQVIA's AI governance posture and security standards.
• Collaborate with Legal, Privacy, and Compliance teams on AI related regulatory requirements, including obligations under the EU AI Act, GDPR implications of AI data processing, and sector specific requirements applicable to life sciences and healthcare AI deployments.
• Define metrics and reporting for AI security governance, providing CISO leadership and governance stakeholders with clear visibility into AI adoption volume, risk profile, assessment coverage, and program maturity across the organization.

• Substantial progressive experience in Information Security, Security Architecture, or related technical roles, with demonstrated expertise in AI security, cloud security, or application security.
• Strong working knowledge of generative AI security risks and controls, including prompt injection, data leakage, model abuse, output manipulation, and the supply chain and integration risks associated with third party AI platforms and APIs.
• Experience assessing and governing the adoption of enterprise AI and generative AI tools, including productivity platforms such as Microsoft Copilot, developer assistance tools, and LLM integrated applications and workflows.
• Familiarity with AI security frameworks and standards including OWASP LLMTop10 and NIST AIRMF, and working awareness of EU AI Act obligations relevant to enterprise AI governance and security.
• Experience engaging with governance committees, risk review boards, or cross functional taskforces as a security subject matter expert, influencing decisions and representing security requirements to non security stakeholders.
• Working knowledge of cloud environments (Microsoft Azure and/or Amazon AWS) and the AI and ML services offered within those platforms, with the ability to assess security configurations, data handling behaviours, and integration risks.
• Experience partnering with development teams, data teams, and business stakeholders to translate security and governance requirements into practical, delivery compatible guidance and standards.
• Strong understanding of data protection principles as they apply to AI systems, including data residency, purpose limitation, PHI and PII handling in AI workflows, and cross border data transfer implications under GDPR and applicable regional regulations.
• Familiarity with secure architecture patterns for LLM integrated systems, including RAG pipeline security, agentic system design, prompt workflow controls, and API gateway patterns for model endpoints.
• Experience within regulated industries - life sciences, healthcare, or financial services - with awareness of sector specific compliance and data protection obligations relevant to AI use.
• Bachelor's degree in Computer Science, Information Security, or equivalent practical experience.
• Relevant certifications such as CISSP, CISM, CCSP, AWS/Azure Security Specialty, or equivalent are preferred but not mandatory.
• Strong written and verbal communication skills in English, with the ability to produce governance documentation, security standards, and executive level reporting across a global, matrixed organization.