Senior principal - AI Cybersecurity Specialist

SUMMARY OF RESPONSIBILITIES

Safeguard Malaysia’s national payment rails against sophisticated, AI‑enabled cyber‑threats by owning the strategy, design, and continuous improvement of PayNet’s Secure AI Development Framework (SADF) and related security controls. As a senior technical leader, you will drive research programmes, architect end‑to‑end defences, mentor engineers, and partner with regulators to ensure PayNet’s AI systems remain trustworthy, resilient, and compliant.

KEY AREAS OF RESPONSIBILITIES

Strategic Leadership & Governance

• Define the multi‑year AI security roadmap, aligning SADF milestones with PayNet’s risk appetite, cybersecurity strategy, corporate strategy, and regulatory requirements such as , BNM’s RMiT and NACSA’s CSA 2024 guidelines
• Execute and oversee the implementation of the AI security roadmap
• Present quarterly AI risk posture updates to the CISO and Board Risk Committees.

Advanced Research & Threat Hunting

• Lead red/blue‑team exercises on adversarial ML, model extraction, data poisoning, and prompt‑injection against production LLM services.
• Publish peer‑reviewed white‑papers and threat intelligence briefs that influence industry best practice..
• Continuously research and apply new ways to attack and defend LLM-enabled products and services

Secure AI Architecture & Engineering

• Design reference architectures for robust training pipelines, encrypted model artefact registries, and in‑line LLM firewalling.
• Implement and oversee code reviews, IaC templates, and CI/CD gates enforcing OWASP  best practices and NIST AI RMF controls.

Framework Development (SADF)

• Own SADF requirements, threat models, test harnesses, and compliance checklists; ensure artefacts are version‑controlled and reproducible (MLflow / DVC).
• Integrate bias & robustness evaluation, differential privacy, and SBOM generation into every model promotion.

Incident Response & Forensics

• Act as AI security SME during cyber incidents; develop playbooks for model rollback, drift detection, and malicious payload sanitisation.
• Conduct post‑mortems and drive remediation across engineering squads.

Regulatory & Ecosystem Engagement

• Track regional and global AI‑cyber regulations (MAS TRM, ISO 42001) and advise Risk, Legal/Compliance, and Legal, and senior management on implementation gaps.
• Represent PayNet in Bank Negara working groups and speak at industry events.

People & Knowledge Development

• Mentor engineers, guide interns, and deliver internal masterclasses on topics such as secure prompt engineering and homomorphic encryption.
• Foster a culture of secure coding, pair programming, and continuous learning.

QUALIFICATIONS

Experience

• Minimum 8 years in cybersecurity or ML security, with 3+ years leading AI/ML security initiatives in regulated environments.
• Demonstrable track record shipping or securing production‑grade ML/LLM systems.

Education

• Bachelor’s degree in Computer Science, Software Engineering, Data Science, Cybersecurity, AI, or related field.
• Master’s or PhD in Information Security, Machine Learning, or equivalent is highly advantageous.

Technical Mastery

• Expert Python; strong in PyTorch / TensorFlow, DVC/MLflow, Docker/Kubernetes
• Deep knowledge of adversarial ML, differential privacy, secure federated learning, and cryptographic protocols.
• Cloud security (AWS / GCP / Azure) and IaC (Terraform/CDK) at production scale.

Security Certifications

• At least one: CISSP, GIAC GWEB/GWAPT/GMLE, OSCP, or CCSK.
• Bonus: MITRE ATT&CK (ML) certifications, AWS Security Specialty.

Leadership & Communication

• Proven ability to lead cross‑functional teams, influence executives, and translate complex research into actionable controls.
• Strong written & verbal communication; published blogs, conference talks, or patents.

NICE TO HAVE

• Experience with payment messaging standards (ISO 20022, DuitNow, RPTP) and Malaysian financial regulations (BNM, MCMC).
• Contributions to open‑source AI security tooling (e.g., Adversarial Robustness Toolbox, TracIn, Llama Guard).
• Familiarity with GenAI policy enforcement (RLHF, RLAIF, content filters) and real‑time LLM observability platforms.