Senior AI & Security Assurance Engineer

About Woven by ToyotaWoven by Toyota is enabling Toyota’s once-in-a-century transformation into a mobility company. Inspired by a legacy of innovating for the benefit of others, our mission is to challenge the current state of mobility through human-centric innovation — expanding what “mobility” means and how it serves society.
Our work centers on four pillars: AD/ADAS, our autonomous driving and advanced driver assist technologies; Arene, our software development platform for software-defined vehicles; Woven City, a test course for mobility; and Cloud & AI, the digital infrastructure powering our collaborative foundation. Business-critical functions empower these teams to execute, and together, we’re working toward one bold goal: a world with zero accidents and enhanced well-being for all.
=========================================================================
TEAMThe security team at Woven by Toyota is on the cutting edge of many challenging security problems.We identify emerging security threats in autonomous vehicles and help design more secure systems.We work closely with internal platform teams to provide a secure development environment through tooling and automation, allowing developers to innovate quickly without compromising security.
WHO ARE WE LOOKING FOR?We are looking for a Senior AI & Security Assurance Engineer to lead AI (Artificial intelligence) & security risk management engagements such as technical risk assessments pertaining to Woven by Toyota's businesses and engineering work.
You will identify risks and vulnerabilities across Woven’s AI/ML (Machine Learning) stack  by working with diverse internal and external stakeholders of varied technical and business backgrounds. You will work with technical product teams including ML mathematical modeling and infrastructure teams. You will assess their risks and manage those risks through the ML lifecycle from data collection to model end of life. You will be expected to work with both highly technical teams and senior management. 
While this is an assurance position, given the cutting edge nature of the ML projects that we work on, we are seeking a candidate with strong technical insight. The candidate will be expected to discuss code and ML model vulnerabilities with technical teams with limited supervision. 
Woven by Toyota Security demands high standards, so a passion and discipline around ML & Security Assurance and delivery is critical. A high level of ownership and accountability is a must. In this role you will report to an engineering manager, in a hybrid capacity requiring your presence onsite three days per week.

RESPONSIBILITIES

• Lead/perform AI/ML risk assessment engagements for AI/ML products (IoT, autonomous driving, AI infrastructure, etc.), enterprise, and related information systems or processes
• Manage technical, process and human related AI/ML risks and ensure compliance for information security policies and regulatory requirements by conducting technical, procedural and operational review of business processes and system controls
• As the technical Trustworthy AI/ML SME, coordinate and support governance teams and in privacy, security, safety and fairness functions to manage company-wide AI/ML risk through technical, process and policy controls
• Communicate and escalate risk issues to the appropriate level and department from frontline teams to senior management 
• Evaluate technology and business-related controls for integrating AI/ML business and information system security and risk mitigation efforts for products and enterprise
• Manage AI/ML third party risk with both internal and external stakeholders

MINIMUM QUALIFICATIONS

• 6+ years experience in AI and/or Information Security
• 3+ years technical experience de-risking and/or securing products incorporating AI/ML
• 1+ year of Trustworthy AI/ML experience across the ML stack (mathematical model to low level infrastructure/hardware) and ML life cycle (data to model EOL)
• 1+ year of experience with AI regulatory compliance and AI risk management frameworks (e.g., ISO 42001, NIST AI RMF, Mitre ATLAS, EU AI act)
• Understanding of the AI/ML life cycle and associated Data, model, framework, infrastructure and general hardware risks
• Knowledge of AI security, privacy, safety, traceability, trustworthy AI tooling, implementation and their limitations (cleverhans/ART/Nvidia guardrails etc).
• Ability to understand code bugs and vulnerabilities (e.g. Python, ML compilers, etc.)
• Technical expertise in the Trustworthy AI/ML & security field and experience with architecture reviews with the ability to challenge technical teams
• Experience with multiple risk assessment methods including threat modeling (STRIDE, etc.)
• High level of independence and autonomy in leading and performing engagements, including conducting AI risk stakeholder hearings, with a diverse set of stakeholders  
• Excellent written and verbal communication skills and ability to adapt communication to the audience skillset and level of responsibilities

NICE TO HAVES

• 5+ years of technical AI/ML or security experience out of the required 6+ years of AI and/or Information Security experience
• 1+ year of hands on experience developing MLOps or AI/ML platforms and tools
• 3 years+ Trustworthy AI/ML experience
• 3+ years of experience in Information Risk Management, IT audit or Security Governance
• Hands-on experience with AI safety,  traceability, trustworthy AI  tooling and implementation (cleverhans/ART/Nvidia guardrails etc)
• 3+ years of experience with regulatory compliance and information security management frameworks (e.g., ISO27001/ISO27002, NIST CSF)
• Experience in highly regulated industries, ideally with retail product exposure and impact
• Experience in security technical assessments of networks, operating systems, cloud environments, etc.
• Experience building enterprise governance, risk, and compliance programs
• Japanese language proficiency

=========================================================================Important Points・All interviews will be arranged via Google Meet, unless otherwise stated.・The same job descriptions are available in both English and Japanese; therefore, we kindly ask that you apply to only one version.・We kindly request that you submit your resume in English, if possible. However, Japanese resumes are also acceptable. Please note that, depending on the English proficiency requirements of the role, we may request an English version of your resume later in the process.
WHAT WE OFFER・Competitive Salary - Based on experience・Work Hours - Flexible working time・Paid Holiday - 20 days per year (prorated)・Sick Leave - 6 days per year (prorated)・Holiday - Sat & Sun, Japanese National Holidays, and other days defined by our company・Japanese Social Insurance - Health Insurance, Pension, Workers’ Comp, and Unemployment Insurance, Long-term care insurance・Housing Allowance・Retirement Benefits・Rental Cars Support・In-house Training Program (software study/language study)
Our Commitment・We are an equal opportunity employer and value diversity.・Any information we receive from you will be used only in the hiring and onboarding process. Please see our privacy notice for more details.