The Cybersecurity Risk & Compliance function is responsible for evaluating security and compliance risks within the organization. We set up security benchmarks, verify adherence to these standards across all internal sectors, and promote a culture of information security throughout the company. As a key member of our team, you will play a pivotal role in fortifying our security measures, leveraging your expertise in regulatory frameworks, cloud technologies, and emerging domains such as Artificial Intelligence (AI). Impact You Can Create You will be the vanguard of our organization's security posture, ensuring we safely navigate the complex intersection of traditional cybersecurity and cutting-edge AI technologies. By championing a culture of information security and proactive risk management, you will directly safeguard our products, data, and business functions. Your leadership in AI governance—covering everything from model risk management to prompt injection safeguards—will empower the business to innovate rapidly and responsibly without compromising on security, compliance, or trust. Roles and Responsibilities - Risk Management & Collaboration: Enumerate and manage cybersecurity and compliance risks across products and business functions, specifically including risks arising from AI/ML systems, GenAI integrations, third-party AI services, and agentic workflows. Partner with Product/Functional teams to ensure prudent risk ownership. - Policy & AI Governance: Drive day-to-day policy and control governance initiatives. Design and oversee the enforcement of policies based on industry best practices, heavily emphasizing AI governance (model lifecycle management, AI data handling, secure AI deployment). - Framework Readiness & Certification: Certify the readiness of identified security frameworks by operationalizing control requirements. This includes AI-specific frameworks like ISO 42001, NIST AI RMF, and applicable AI regulations (e.g., EU AI Act). - Monitoring & Reporting: Review and report on the operating effectiveness of controls and risk/loss exposure (including AI model security, data privacy in AI, and third-party AI usage). Develop metrics, dashboards, and evidence artifacts to present AI risk posture and governance maturity to Leadership. - Internal Consulting: Provide contextual guidance to internal teams regarding processes and controls to continuously improve the organization's information security and AI compliance posture. - Security Awareness: Drive a year-round security awareness program. Conduct training and workshops to motivate desired behaviors, specifically focusing on the responsible and secure use of AI tools. - Team Leadership: Act as a role model, providing a healthy platform for the team to learn and grow, particularly in building awareness around emerging AI security trends. - Continuous Learning: Stay abreast of developing regulatory concerns, changing information security trends, and evolving global AI compliance requirements. Skills - Cloud & AI Security: Strong conceptual understanding of the AWS cloud platform to define controls for cloud environments and AI/ML workloads. Deep understanding of AI/ML risk domains, including data leakage, prompt injection, model misuse, hallucination risks, bias/fairness, and SaaS AI integrations. - Risk Assessment Methodologies: Working experience or conceptual understanding of quantified risk assessments, specifically the FAIR methodology, and its application to AI-related risks. - Communication & Reporting: Exceptional ability to gather, analyze, and evaluate facts to prepare and present concise, clear oral and written reports, particularly regarding emerging AI risk themes. - Stakeholder Management: Proven ability to build strong relationships, influence cross-functional teams, instill accountability, and achieve results in a collaborative environment. Agility & Problem-Solving: Excellent problem-solving skills with the ability to thrive in a dynamic, fast-paced environment while managing multiple responsibilities and rapidly evolving AI governance requirements. Be a driven go-getter and a dedicated team player. ## Qualifications - Experience: 5–10 years of experience in the Risk & Compliance space (e.g., risk enumeration, defining security standards, managing infosec processes). Exposure to AI governance, model risk management, or AI security risk assessments is highly desirable. - Framework Expertise: Deep understanding of standard security control frameworks such as ISO27001, PCI DSS, HIPAA, SOC 1/2, NIST Cyber Security Framework, NIST 800-171, and Cloud Compliance Frameworks. Familiarity with AI governance frameworks like ISO 42001 and NIST AI RMF is a significant advantage. - Certifications: Industry-standard security certifications such as CISA, CISSP, CRISC, and cloud security certifications are highly desired. Additional AI governance or AI risk-related certifications are a strong plus. ## Additional Information At Freshworks, we have fostered an environment that enables everyone to find their true potential, purpose, and passion, welcoming colleagues of all backgrounds, genders, sexual orientations, religions, and ethnicities. We are committed to providing equal opportunity and believe that diversity in the workplace creates a more vibrant, richer environment that boosts the goals of our employees, communities, and business. Fresh vision. Real impact. Come build it with us.