Assistant/ Deputy Manager- AI Security (Information Technology) (IT-046)

Job Function

Information Technology (Cybersecurity) 

Job Summary

The AI Security Manager leads the design, implementation, and continuous improvement of AI-specific security controls across ST Logistics. The role is accountable for defending the organisation against AI-powered external threats — deepfake-driven business email compromise, AI-generated phishing, synthetic identity attacks — and for securing the internal use of AI systems, copilots, and agentic platforms. The post-holder serves as the technical authority on AI security and partners with Technology GRC, Internal Audit, and the AI Assurance Manager to deliver a complete defensive posture for AI within ST Logistics.

Job Responsibilities/Key Tasks(External)

Key Responsibilities

• Define and own the AI Security strategy aligned with ST Logistics' enterprise security framework and the Group's risk posture.
• Establish secure-by-design architecture patterns for AI/ML systems built, procured, or integrated by ST Logistics — covering generative AI, agentic systems, traditional ML, and third-party AI features embedded in vendor platforms.
• Defend against AI-powered external threats, including deepfake-driven business email compromise targeting finance and procurement, AI-generated spear-phishing campaigns against operations and customer service, synthetic-identity attacks against vendor and carrier onboarding, and AI-augmented social engineering aimed at executives.
• Secure internal AI agents, copilots, and automation — implementing controls against prompt injection, output filtering, agent sandboxing, tool-use restrictions, credential scoping, and continuous monitoring of agent behaviour.
• Lead AI red-teaming and adversarial testing of internal AI systems, either in-house or through commissioned third parties, and drive remediation of findings through to closure.
• Embed AI-aware detections within the SIEM and SOC pipeline; partner with the SOC to develop response playbooks for AI-related incidents (deepfake BEC, model abuse, agent escape, data exfiltration via AI tooling).
• Maintain alignment with NIST AI RMF, ISO/IEC 42001, MITRE ATLAS, OWASP LLM Top 10, the IMDA Model AI Governance Framework, MAS guidance on AI risk where applicable, and the EU AI Act for cross-border operations.
• Serve as the technical authority on AI security for senior stakeholders, with periodic reporting to the Risk Committee and Board.
• Build and maintain an AI security awareness programme, with targeted modules for high-risk functions (finance, procurement, executive office, customer service, vendor management).
• Manage relationships with AI security vendors, MSSPs, and external red-team providers; own the related budget.
• Partner closely with the AI Assurance Manager to remediate findings raised during assurance reviews.

Job Requirements

• Bachelor’s degree in computer science, Cybersecurity, Engineering, or a related discipline.
• Minimum 8 years' experience in cybersecurity, with at least 3 years focused on AI/ML security or MLSecOps.
• Hands-on experience securing production AI systems — generative AI, agentic systems, or ML pipelines.
• Demonstrated ability to translate complex AI risk into board-level narrative.
• Senior security certification such as CISSP, CISM, or equivalent.
• Working knowledge of NIST AI RMF, ISO/IEC 42001, OWASP LLM Top 10, and MITRE ATLAS.
• Experience in logistics, supply chain, defence-adjacent, or critical infrastructure sectors.
• Familiarity with AI red-teaming tooling such as Garak, PyRIT, or the Adversarial Robustness Toolbox.
• Cloud AI security expertise (Azure OpenAI, AWS Bedrock, Google Vertex AI).
• Exposure to Singapore CCoP-CII or critical-information-infrastructure security requirements.
• Strong written and verbal communication skills, with executive-level stakeholder presence.

Professional Qualifications & Relevant Experience

• Bachelor’s degree in computer science, Cybersecurity, Engineering, or a related discipline.
• Minimum 8 years' experience in cybersecurity, with at least 3 years focused on AI/ML security or MLSecOps.
• Hands-on experience securing production AI systems — generative AI, agentic systems, or ML pipelines.
• Demonstrated ability to translate complex AI risk into board-level narrative.
• Senior security certification such as CISSP, CISM, or equivalent.
• Working knowledge of NIST AI RMF, ISO/IEC 42001, OWASP LLM Top 10, and MITRE ATLAS.
• Experience in logistics, supply chain, defence-adjacent, or critical infrastructure sectors.
• Familiarity with AI red-teaming tooling such as Garak, PyRIT, or the Adversarial Robustness Toolbox.
• Cloud AI security expertise (Azure OpenAI, AWS Bedrock, Google Vertex AI).
• Exposure to Singapore CCoP-CII or critical-information-infrastructure security requirements.
• Strong written and verbal communication skills, with executive-level stakeholder presence.