Job Description

Job description
We are currently recruiting for an AI Security Senior Architect to join our London office.
DEPARTMENT PURPOSE The Information Security team is a strategic enabler for our global law firm, focused on protecting client data, intellectual property, and business operations while enabling secure innovation. Through four key pillars - Digital Trust, Technical Assurance, Security Operations, and Governance, Risk and Compliance (GRC) - the team delivers comprehensive security solutions that align with our firm's strategic objectives as well as client and regulatory requirements.
Our integrated approach combines secure by design principles relying on Identity and Access Management, Technical Assurance, continuous monitoring and incident response through Security Operations, and proactive risk management through GRC. Working closely with the Markets Innovation Group (MIG) and Fuse, the firm's legal tech incubator, we ensure emerging technologies, and our innovative generative AI-powered tool are implemented securely while maintaining the confidentiality, integrity and availability of our systems and data. This collaborative model allows us to stay ahead of evolving threats while supporting the firm's digital transformation initiatives and maintaining the trust of our clients and stakeholders.
ROLE PURPOSE The AI Security Senior Architect will be part of the Digital Trust team and will be responsible for architecting, maintaining and implementing the security of the Artificial Intelligence ecosystem in the organization. The position will be accountable for the security of the firm's flagship AI product - ContractMatrix, as well as the security of the individual AI workloads.
This role is critical in translating the organisation's Digital Trust vision into a workable, mature and optimized function and service. This role requires extensive experience across all Identity and Access Management core disciples including identity management, identity governance and administration, privileged access, and conditional access and in particular, machine identities. It also requires deep technical skills in the DevSecOps.
This role will support the transformation of IAM into a modern, automated, predictable and customer-oriented function. The ideal candidate will excel at Microsoft Entra ID technologies, Microsoft Azure, workload identities, managed accounts, machine identity management, and translation of identified requirements into practical identity architecture and design.
ROLE & RESPONSIBILITIES
IAM Strategy and Architecture for Artificial Intelligence

• Leverage extensive knowledge and experience across all IAM disciplines to design, implement and continuously improve the portions of the organisational IAM architecture relating to AI workload identities.
• Work with firm's strategic technology partners in evaluating concepts to secure AI workloads, working towards the selection of the platform and architecture for securing them in the future.
• Influence and evaluate the decisions on the wider IAM components: directory, identity, privileged access, entitlements management to accommodate AI workloads into a coherent identity
• Configure and maintain technologies that support the IAM function and AI security such as Active Directory, Entra ID Privileged Identity, Privileged Access, and Governance; Conditional Access Policies (for AI IDs); CyberArk, Palo Alto's XSIAM and XSOAR platforms.
• Design and transition AI IAM service components into operation - operational manuals, support patterns, standard changes, request management.

AI Contract Matrix Security Governance Risk and Change Management

• Work alongside ContractMatrix product team to ensure that the solutions are designed securely from an access management perspective. Ensure adherence to the AI governance.
• Integrate security into the SDLC from the ground up, ensuring AI models and systems are secure by default.
• Define and enforce secure coding practices for AI/ML components and APIs.
• Identify and assess threats specific to AI systems, such as model inversion, data poisoning, adversarial attacks, and model theft.
• Implement model encryption, and access controls to prevent unauthorized use or tampering.
• Provide training and guidance to development teams on AI security risks and mitigations.
• Work on internal and external audits and implement findings against ISO27001 and ISO42001 security standards.
• Collaborate with Client Audit, GRC and product teams in responding to client audit requests as they relate to AI use at the firm.
• Perform detailed security analysis of application architectures to provide assurance.
• Understand threat modelling and participate in major incidents responses with IAM and AI components.
• Review and approve the IAM components of solution designs.
• Collaborate with cloud infrastructure teams to implement IAM and AI security design patterns.
• Ensure AI security controls are appropriately implemented in our environment and align with NIST and CIS benchmarks.
• Validate effectiveness of implemented security controls through technical analysis.
• Perform residual IAM risk assessments and document acceptance/rejection rationale.
• Scope and manage AI security testing including penetration tests and Red Teaming as well as remediation activities.
• Work closely with wider Information Security team to ensure compliance, assurance, risk management, monitoring, and other operational requirements related to IAM and AI are met. Ensure the IAM service follows and complies with IT and Information Security policies and regulatory standards.
• Work closely with relevant vendors to ensure optimised use of the supplied technologies and professional services.
• Serve as an escalation point for issues of non-compliance related to AI security, PAM, IAM and IGA policies and processes.

Leadership & Team Development

• Provide leadership and structured mentorship to identity and access management staff and AI platform teams and supporting their technical development.
• Oversee the design and management of the on-call support structure, ensuring appropriate coverage, escalation paths, and minimal disruption to business operations.
• Influence key senior stakeholders in adopting best practices for secure AI use in the firm.

KEY REQUIREMENTS
Essential

• Minimum of 10 years' experience in working with Microsoft identity products, namely Active Directory and Entra ID.
• Minimum of 7 years' experience working in architecture or information security, with at least 4 years focused on identity and access management.
• Current Azure certifications (e.g., Azure Security Engineer Associate).
• Strong knowledge of security and compliance standards and frameworks, such as ISO42001, ISO27001, MS CAF, and WAF.
• Excellent communication, leadership, and interpersonal skills, with the ability to collaborate across teams and with external parties such as MSSP.
• Ability to work effectively in a fast-paced, dynamic environment.
• A genuine passion for continuous learning and development in cybersecurity, staying up to date with the latest developments, trends, and technologies in the field.
• High level of personal integrity and ethics, demonstrating an appropriate level of judgement, handling any potentially high-pressure situations in a manner which upholds the highest ethical standards.

Desirable

• Bachelor's degree in Information Security, Computer Science, or a related field.
• Additional relevant security certifications e.g. CISSP, SABSA, TOGAF.
• Legal or professional services experience is highly desirable.
• Knowledge of additional cloud platforms e.g. AWS, GCP.
• Experience with zero trust architecture implementation and least privilege principles.
• Background in application security and secure SDLC practices.

Should you require additional support at any stage of the recruitment process due to a disability or a health condition, please do not hesitate to contact a member of our recruitment team who will work with you to provide any adjustments as required.
We are an equal opportunities recruiter and do not discriminate on the basis of race, colour, sex, religion, sexual orientation, national origin, disability, or any other protected characteristic.
We recognise that our people are our most valuable asset, which is reflected in the wide range of benefits that are available to our employees. Some of these benefits include: our occupational pension scheme, group income protection cover, private medical insurance, mental health resources and free apps, health and wellbeing services encompassing an onsite gym, wellbeing centre and GP service, emergency back-up care support, parental and special leave, holiday entitlement increasing with length of service, holiday trading, season ticket loans and online discounts and lifestyle management services.
Area of expertise
Information technology
Additional information - External
A&O Shearman is a global industry-leading law firm, with nearly 50 offices in 28 countries worldwide. Our fluency in English law, US law, and the laws of the world's most dynamic markets, enables us to provide unmatched insight and seamless delivery to clients. We work on challenging and important deals and disputes that have the potential to shape the future.
We offer exceptional opportunities for our people; opportunities to work for the world's leading businesses; to transform the status quo, and to deliver your best work, helping you and your career to thrive, while delivering unparalleled outcomes for our clients.
Whether you're helping clients solve complex challenges, transforming the ways we manage our business, or ensuring the smooth-running of our operations, this is an environment where you can belong and excel. We provide first-rate training and development, we are committed to an inclusive environment, and we provide support and ways of working that help you optimise your wellbeing.
What truly defines a career with us? We recruit the best and ask for the best of you. And together, we will redefine success.
Working arrangement
Hybrid (combination of office & remote working)

Skills Required