First American
Director, Information Security AI Governance
First American, Santa Ana, California, United States, 92701
Director Of Information Security
Ai Governance
The Director of Information Security
AI Governance leads the design and execution of the enterprise's security governance strategy for Artificial Intelligence (AI) and Machine Learning (ML) systems. Reporting to the VP of Information Security GRC, this role establishes and enforces policies, controls, and risk management practices to ensure the secure, ethical, and compliant use of AI technologies across the enterprise. This is a hands-on leadership role, requiring deep expertise in information security, vendor risk management, and regulatory compliance. The director will drive execution of AI-related risk assessments, define technical and procedural controls, and ensure that AI systems are secured against emerging threats while meeting regulatory and ethical obligations. How You'll Contribute: Design and implement an AI security governance framework, aligned with enterprise GRC objectives and integrated into existing cybersecurity and compliance programs. Develop, maintain, and enforce AI-specific information security policies, standards, and procedures
covering secure model development, data integrity, model access, third-party use, and post-deployment monitoring. Lead AI-specific security risk assessments, including threat modeling, control gap analysis, and secure architecture reviews for internal and vendor-developed AI/ML systems. Document AI-related security risks, controls, and mitigation strategies, ensuring traceability and alignment with enterprise risk registers, control libraries, and regulatory expectations. Oversee AI-focused third-party risk assessments, evaluating external vendors' AI system design, privacy/security posture, data sourcing, and model behavior claims. Monitor the evolving AI threat landscape, including adversarial ML, data poisoning, model inversion, and misuse risks. Translate findings into actionable controls and security requirements. Collaborate with Legal, Privacy, Data Governance, IT, and Product teams to ensure AI systems comply with applicable regulations and guidance (e.g., NIST AI RMF, EU AI Act, FTC AI guidance, state legislation). Partner with technical security teams to integrate AI capabilities into existing security infrastructure (e.g., SIEM, SOAR, EDR). Develop adversarial testing frameworks to validate model robustness and security. Provide leadership during AI-related security incidents, including investigation, root cause analysis, containment, and post-incident control design. Establish AI-related KPIs/KRIs, dashboards, and executive reporting that highlight risk posture, control coverage, and maturity of AI security governance. Serve as an internal advisor and thought leader on secure and responsible AI use, balancing innovation with risk reduction and regulatory alignment. Act as a key point of contact during regulatory exams, audits, and third-party reviews involving AI and model-related controls. Integrate AI governance processes and risk indicators into existing GRC tools (e.g., ServiceNow GRC, Archer, LogicGate) and enterprise control frameworks (NIST CSF, ISO 27001, SOC2, SOX, etc.). Partner with training and awareness team to develop and launch AI specific security trainings and awareness campaigns. What You'll Bring: 10+ years of experience in information security or cybersecurity risk management 35 years leading governance or risk programs with AI/ML, model risk, or advanced analytics technologies Experience engaging with auditors, regulators, and legal teams in a cybersecurity context Manage and grow a team of GRC and AI security professionals; foster technical development, accountability, and delivery excellence. Lead cross-functional working groups and governance committees to define and drive AI security objectives. Represent the security function in enterprise AI steering forums, industry engagements, and regulatory collaborations. Contribute to long-term strategic planning for AI adoption and governance from a security lens. In-depth understanding of: Information security frameworks (NIST, ISO 27001, CIS, FFIEC, etc.) AI governance models (NIST AI RMF, EU AI Act, OECD, ISO 42001) Cloud-native security, identity and access management (IAM), and data protection within AI/ML architectures Demonstrated success in: AI/ML threat modeling and control design Vendor risk assessments involving AI/ML components Policy lifecycle management and regulatory mapping Experience with GRC tools and risk automation platforms (e.g., Archer, ServiceNow GRC) Excellent communication and executive presentation skills, with the ability to translate complex risks for varied audiences. Bachelor's degree in Information Security, Computer Science, Engineering, or a related field required. Advanced degree or formal training in AI security, data ethics, or regulatory compliance preferred. Preferred: CISM, CISSP, CRISC, or CGEIT Bonus: CIPP/US, CIPM, certifications in AI governance, responsible AI, or cloud security Salary Range: $166,800.00 - $222,300.00 This hiring range is a reasonable estimate of the base pay range for this position at the time of posting. Pay is based on a number of factors which may include job-related knowledge, skills, experience, business requirements and geographic location. What We Offer: By choice, we don't simply accept individuality
we embrace it, we support it, and we thrive on it! Our People First Culture celebrates diversity, equity and inclusion not simply because it's the right thing to do, but also because it's the key to our success. We are proud to foster an authentic and inclusive workplace For All. You are free and encouraged to bring your entire, unique self to work. First American is an equal opportunity employer in every sense of the term. First American will consider for employment all qualified applicants, including those with arrest or conviction records, in a manner consistent with the requirements of applicable state and local laws (e.g., the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act). First American intends to conduct a review of an applicant's criminal history in connection with a conditional offer. First American reasonably believes that a criminal history may have a direct, adverse and negative relationship with the following material job duties for this position potentially resulting in the withdrawal of the conditional offer of employment: handling of confidential, proprietary or trade secret information belonging to First American or its customers, administrating or facilitating financial transactions, and the ability to meet customer-imposed criminal history requirements. Based on eligibility, First American offers a comprehensive benefits package including medical, dental, vision, 401k, PTO/paid sick leave and other great benefits like an employee stock purchase plan.
Ai Governance
The Director of Information Security
AI Governance leads the design and execution of the enterprise's security governance strategy for Artificial Intelligence (AI) and Machine Learning (ML) systems. Reporting to the VP of Information Security GRC, this role establishes and enforces policies, controls, and risk management practices to ensure the secure, ethical, and compliant use of AI technologies across the enterprise. This is a hands-on leadership role, requiring deep expertise in information security, vendor risk management, and regulatory compliance. The director will drive execution of AI-related risk assessments, define technical and procedural controls, and ensure that AI systems are secured against emerging threats while meeting regulatory and ethical obligations. How You'll Contribute: Design and implement an AI security governance framework, aligned with enterprise GRC objectives and integrated into existing cybersecurity and compliance programs. Develop, maintain, and enforce AI-specific information security policies, standards, and procedures
covering secure model development, data integrity, model access, third-party use, and post-deployment monitoring. Lead AI-specific security risk assessments, including threat modeling, control gap analysis, and secure architecture reviews for internal and vendor-developed AI/ML systems. Document AI-related security risks, controls, and mitigation strategies, ensuring traceability and alignment with enterprise risk registers, control libraries, and regulatory expectations. Oversee AI-focused third-party risk assessments, evaluating external vendors' AI system design, privacy/security posture, data sourcing, and model behavior claims. Monitor the evolving AI threat landscape, including adversarial ML, data poisoning, model inversion, and misuse risks. Translate findings into actionable controls and security requirements. Collaborate with Legal, Privacy, Data Governance, IT, and Product teams to ensure AI systems comply with applicable regulations and guidance (e.g., NIST AI RMF, EU AI Act, FTC AI guidance, state legislation). Partner with technical security teams to integrate AI capabilities into existing security infrastructure (e.g., SIEM, SOAR, EDR). Develop adversarial testing frameworks to validate model robustness and security. Provide leadership during AI-related security incidents, including investigation, root cause analysis, containment, and post-incident control design. Establish AI-related KPIs/KRIs, dashboards, and executive reporting that highlight risk posture, control coverage, and maturity of AI security governance. Serve as an internal advisor and thought leader on secure and responsible AI use, balancing innovation with risk reduction and regulatory alignment. Act as a key point of contact during regulatory exams, audits, and third-party reviews involving AI and model-related controls. Integrate AI governance processes and risk indicators into existing GRC tools (e.g., ServiceNow GRC, Archer, LogicGate) and enterprise control frameworks (NIST CSF, ISO 27001, SOC2, SOX, etc.). Partner with training and awareness team to develop and launch AI specific security trainings and awareness campaigns. What You'll Bring: 10+ years of experience in information security or cybersecurity risk management 35 years leading governance or risk programs with AI/ML, model risk, or advanced analytics technologies Experience engaging with auditors, regulators, and legal teams in a cybersecurity context Manage and grow a team of GRC and AI security professionals; foster technical development, accountability, and delivery excellence. Lead cross-functional working groups and governance committees to define and drive AI security objectives. Represent the security function in enterprise AI steering forums, industry engagements, and regulatory collaborations. Contribute to long-term strategic planning for AI adoption and governance from a security lens. In-depth understanding of: Information security frameworks (NIST, ISO 27001, CIS, FFIEC, etc.) AI governance models (NIST AI RMF, EU AI Act, OECD, ISO 42001) Cloud-native security, identity and access management (IAM), and data protection within AI/ML architectures Demonstrated success in: AI/ML threat modeling and control design Vendor risk assessments involving AI/ML components Policy lifecycle management and regulatory mapping Experience with GRC tools and risk automation platforms (e.g., Archer, ServiceNow GRC) Excellent communication and executive presentation skills, with the ability to translate complex risks for varied audiences. Bachelor's degree in Information Security, Computer Science, Engineering, or a related field required. Advanced degree or formal training in AI security, data ethics, or regulatory compliance preferred. Preferred: CISM, CISSP, CRISC, or CGEIT Bonus: CIPP/US, CIPM, certifications in AI governance, responsible AI, or cloud security Salary Range: $166,800.00 - $222,300.00 This hiring range is a reasonable estimate of the base pay range for this position at the time of posting. Pay is based on a number of factors which may include job-related knowledge, skills, experience, business requirements and geographic location. What We Offer: By choice, we don't simply accept individuality
we embrace it, we support it, and we thrive on it! Our People First Culture celebrates diversity, equity and inclusion not simply because it's the right thing to do, but also because it's the key to our success. We are proud to foster an authentic and inclusive workplace For All. You are free and encouraged to bring your entire, unique self to work. First American is an equal opportunity employer in every sense of the term. First American will consider for employment all qualified applicants, including those with arrest or conviction records, in a manner consistent with the requirements of applicable state and local laws (e.g., the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act). First American intends to conduct a review of an applicant's criminal history in connection with a conditional offer. First American reasonably believes that a criminal history may have a direct, adverse and negative relationship with the following material job duties for this position potentially resulting in the withdrawal of the conditional offer of employment: handling of confidential, proprietary or trade secret information belonging to First American or its customers, administrating or facilitating financial transactions, and the ability to meet customer-imposed criminal history requirements. Based on eligibility, First American offers a comprehensive benefits package including medical, dental, vision, 401k, PTO/paid sick leave and other great benefits like an employee stock purchase plan.