Job Description:
DXC Technology helps global organisations run mission‑critical systems and transform their operations with the power of technology, innovation, and secure digital platforms. Across the UK, DXC supports government, defence, and highly regulated customers with solutions that meet the highest standards of security, governance, and operational resilience.
As we continue our evolution toward becoming an AI‑enabled enterprise, we are investing in roles that ensure innovation is delivered safely, securely, and in full alignment with the UK’s regulatory and security landscape.
We are seeking a highly skilled UK Secure Account AI Tooling Officer to safeguard the security, compliance, and operational integrity of all corporate tools, systems, and applications used across DXC — with a particular focus on UK Secure Accounts (UKSA) and sensitive or regulated business areas. Operating within DXC’s vision of becoming an AI‑enabled enterprise, the role ensures that tooling and AI adoption deliver measurable value while fully aligning with security, governance, and regulatory expectations.This role provides deep subject‑matter expertise in secure tooling, AI risk assessment, and governance. The post‑holder leads evaluations of corporate and secure‑domain tools, conducts AI‑specific risk and impact assessments, and ensures that all platforms meet data sovereignty, compliance, and operational requirements. By collaborating closely with Cyber Security, Corporate SMEs, UKSA stakeholders, and technical teams, the role maintains a balanced approach that enables innovation while protecting critical workloads.As the UK Secure Accounts AI Tooling Officer you will play a pivotal role in shaping and assuring DXC’s secure tooling ecosystem, advising on safe AI-enabled transformation, monitoring geopolitical and regulatory risk, and ensuring consistent alignment with Cyber, Tooling, and AI governance frameworks. Through strong leadership, expert guidance, and structured oversight, the post‑holder enables DXC teams to adopt and operate tools with confidence, safety, and compliance always.
The UK Secure Accounts AI Tooling Officer should establish an AI board which can manage impact assessment submissions outside of the corporate process for UK Secure accounts.
Key Responsibilities
AI fluency and enablement across DXC
1. Lead the development of AI knowledge, confidence, and capability across DXC, particularly within UK Secure Accounts (UKSA) and Platform teams.
2. Serve as the primary point of contact (“Go‑To Person”) for AI‑related guidance, best practices, and process updates for SRG and UKSA.
3. Keeping up to date with the latest UK GOV AI planning and sharing these with the UK Secure teams and accounts.
4. Be part of the DXC AI Academy.
5. Support/guide and help undertake AI Impact Assessment (Enablement) when requested by UKSA.
6. Advise UK Secured on licensing of AI Tools and undertaking Supply Chain AI impact assessments.
7. Deliver demonstrations, knowledge‑sharing sessions, and practical enablement activities that showcase the effective and safe use of AI tools, including Copilot.
8. Actively contribute to the DXC AI Community by engaging in discussions on tooling, training roadmaps, and emerging AI capabilities.
9. Provide ongoing support and advisory on AI governance, responsible AI practices, and safe adoption across teams.
Champion a Secure by Design approach to AI development, ensuring that security, privacy, safety, and responsible-use controls are integrated proactively—not retrofitted—across the entire AI lifecycle.
Tooling Guidance, Requirements and Technical Input
10. Provide initial expert guidance on tooling requirements and recommended solutions for UK Secure vs Corporate Tooling environments.
11. Understand and advise on corporate tooling life cycles and how these differ for secured platforms.
12. Attend corporate technical review including AI forums with DXC Corporate SME and share outcomes, risks, and opportunities with UK Secured teams.
Data Sovereignty, Monitoring and Compliance
13. Demonstrate strong knowledge of data sovereignty considerations throughout the tool lifecycle.
14. Manage or utilise data sovereignty dashboards/monitoring tools to track physical data location at each lifecycle stage.
15. Assess risks related to data residency, information classification, cross-border flow, third-party hosting, and geopolitical exposure.
16. Ensure tooling aligns with organisational data protection, export control, and sovereignty policies.
17. Partner with SRG and DXC Corporate SMEs to enhance DXC4411 and related policies, aligning them with ISO27001/27017/27018, CE+, and other certification requirements.
AI Risk Assessments, Impact Statements and Assurance
18. Produce formal risk and impact statements from corporate tools and any adaptations required to support UK Secure Accounts.
19. Conduct impact assessments on behalf of UKSA and collaborate with the assigned DXC Project Manager.
20. Perform tooling reviews when tasked by the SRG UK Cyber Security Lead, providing recommendations and assurance statements.
21. Support both internal and external audits where tooling or control compliance are in scope.
Governance, Policy Application and Lifecycle Management
22. Understand and apply Cyber Security Policies, Tooling Policies, and the broader organisational control environment.
23. Develop clear recommendations for UKSA and ensure follow-up actions are tracked and completed.
24. Maintain oversight of the full tooling lifecycle across Corporate and Secured ecosystems, from onboarding through decommissioning.
Stakeholder Management and Strategic Relationships
25. Build strong relationships with key stakeholders, including UK Secure Accounts (UKSA) SDL/TSM/TAM, DXC Corporate teams, Cyber Assurance teams, and SRG functions.
26. Provide consultancy to UKSA, including key recommended actions, suggested risk mitigations, and ongoing guidance to meet transformation obligations.
Road mapping, Reporting and Senior Leadership Engagement
27. Maintain the roadmap of all tooling-related risks logged within SRG.
28. Prepare and provide tooling risk updates to Senior Management or Senior Information Risk Officer (SIRO) – monthly.
29. Report regularly on future corporate IT requirements, changes in the CORE application landscape, new offerings, and potential risks stemming from corporate tool deprecations.
Critical Tools, Geopolitics and Emerging Technologies
30. Advise on critical systems and identify risks when corporate tools are phased out or replaced by DXC.
31. Demonstrate good understanding of geo-political factors and their potential impact on data sovereignty, vendor risk, and tooling strategies.
32. Possess a strong understanding of AI frameworks and how AI-enabled tools align with organisational risk and security standards.
Operational Balance and Collaboration
33. Work closely with other security teams to achieve a balanced, secure, and efficient use of corporate tooling.
34. Ensure secure adoption while avoiding unnecessary operational restrictions.
Essential Skills and Experience
35. UK National with eligibility for security clearance
36. Strong experience in tooling assurance including AI, cyber security, technology risk, or IT governance.
37. Solid understanding of AI data sovereignty, data residency, information classification and cross‑border data controls and GDPR.
38. Experience producing general and AI risk and impact assessments for tools, systems, or platforms.
39. Knowledge of geopolitical risk factors and how they influence vendor and tooling decisions.
40. Familiarity with corporate and secure platform environments, including differences in risk exposure.
41. Understanding of AI governance frameworks and AI risk principles.
42. Effective communication skills with the ability to brief SIRO-level stakeholders.
43. Ability to collaborate across technical, operational, and senior leadership groups.
44. Experience supporting audits, with knowledge of controls and regulatory obligations.
Key Competencies
45. Risk-based decision-making.
46. Strong analytical capability
47. Attention to technical details.
48. Excellent stakeholder engagement
49. Clear written and verbal communication. Able articulate and present to a wider audience where needed.
50. Strategic awareness of geopolitical influences
51. Proactive mindset and continuous improvement focus on tooling.
52. Balanced approach to security and operational performance
Professional Certifications (Highly Desirable)
53. AI Compliance Qualifications.
54. CRISC – Certified in Risk and Information Systems Control
55. CGRC (formerly CAP) – Certified in Governance, Risk & Compliance
56. CISA / CISM / CISSP / CompTIA+
57. CCSP – Certified Cloud Security Professional
58. Azure/AWS
59. Knowledge of key business Tools.
Any Technical Qualifications (Tooling & Platforms) – will help.
60. CoPilot/CoPilot365/ChatGPT/GitHub
61. SIEM tools (Splunk, Sentinel, QRadar)
62. Vulnerability management platforms (Qualys, Tenable, Rapid7)
63. Identity tools (SailPoint, Azure AD, CyberArk)
64. Endpoint security tools (Defender, CrowdStrike, Trellix)
65. GRC platforms (ServiceNow GRC, Archer, MetricStream)
66. Cloud tooling (Azure, AWS, GCP)
Data Protection & Privacy Qualifications
Useful if tooling touches customer or personal data:
67. CIPP/E – Certified Information Privacy Professional (Europe)
68. CIPM – Certified Information Privacy Manager
69. GDPR Practitioner certificate
At DXC Technology, we believe strong connections and community are key to our success. Our work model prioritizes in-person collaboration while offering flexibility to support wellbeing, productivity, individual work styles, and life circumstances. We’re committed to fostering an inclusive environment where everyone can thrive.