Job Description
My Financial Services client is seeking to recruit a AI Security & Compliance Engineer / Specialist on an initial 6 month contract based in London. It is hybrid and will require 3x days onsite per week. \n\nYou will ensure the secure, ethical, and compliant development of AI solutions across the organisation.
This role is central to embedding security, privacy, and regulatory controls into the design and engineering of AI products-including Microsoft Copilot, custom AI agents, and broader generative AI applications.\n\nYou will work closely with engineering, architecture, legal, security and risk teams to define and implement controls across the AI lifecycle, ensuring alignment with internal policies and external regulations such as the EU AI Act, FCA guidance, and GDPR. A key part of this role involves leveraging Microsoft Purview to enforce data governance, classification, and compliance across AI systems.\n\nYou will also collaborate with the AI Governance Lead to assess and support the onboarding of new AI systems into the bank, ensuring that all solutions meet the required standards for security, transparency, and regulatory compliance.\n\nAccountabilities & Responsibilities\n\nSecure AI Engineering & Design Collaboration\n\nPartner with engineering teams to embed security-by-design and privacy-by-design principles into AI agents, copilots, and automation workflows.\nDefine and implement technical controls for:\nData access and protection\nModel transparency and explainability\nHuman oversight and fallback mechanisms\nAudit logging and traceability \n\nAI Risk & Compliance Architecture\n\nDesign and enforce compliance frameworks for high-risk AI systems, aligned with the EU AI Act, FCA/PRA AI Principles, and ISO/IEC 42001.\nConduct technical risk assessments on AI use cases, focusing on model behaviour, data governance, and user interaction.\nCollaborate on the development of model cards, risk registers, and post-market monitoring plans. \n\nMicrosoft Purview Integration\n\nUse Microsoft Purview to implement and manage:\nData classification and sensitivity labels\nData loss prevention (DLP) policies\nInformation protection and access controls\nCompliance reporting and audit trails for AI-related data flowsAI System Onboarding & Governance Support\n\nWork with the AI Governance Lead to assess new AI systems being introduced into the bank.\nEvaluate solutions for compliance with internal policies and external regulations.\nProvide technical input on risk mitigation strategies and onboarding documentation.
\n\nSecurity & DevSecOps Integration\n\nIntegrate AI security controls into CI/CD pipelines and MLOps workflows.\nUse tools such as Azure Key Vault, Microsoft Entra ID, and GitHub Actions for secure deployment and access management.\nMonitor AI systems using Azure Monitor, Log Analytics, and Application Insights. \n\nPolicy Implementation & Regulatory Alignment\n\nTranslate regulatory requirements into actionable engineering guidelines and reusable controls.\nEnsure AI systems avoid prohibited practices and meet obligations around:\nTransparency and user awareness\nData minimisation and lawful processing\nContinuous monitoring and incident response \n\nCross-Functional Collaboration & Governance\n\nPartner with legal, compliance, and architecture teams to align AI development with enterprise risk and governance frameworks.\nContribute to internal working groups on Responsible AI, AI governance, and ethical design.\nEducate stakeholders on emerging AI risks and mitigation strategies. \n\nQualification and skills:\n\nStrong technical background in AI/ML systems, with experience embedding security and compliance into product design.\nExpert-level knowledge of Microsoft Purview for data governance, classification, and compliance.\nFamiliarity with AI governance frameworks (e.g., NIST AI RMF, ISO/IEC 42001, Microsoft Responsible AI Standard).\nHands-on experience with:\nAzure AI services, Microsoft Copilot Studio, and Power Platform\nSecure deployment tools (e.g., Azure Key Vault, RBAC, CI/CD pipelines)\nData protection and privacy controls (e.g., DLP, masking, classification)\nKnowledge of regulatory frameworks including the EU AI Act, GDPR, and FCA guidance.\nExperience working in cross-functional teams across engineering, legal, and risk domains.\nExcellent communication and documentation skills, with the ability to translate complex requirements into technical solutions