Summary Of Responsibilities Safeguard Malaysia's national payment rails against sophisticated, AI-enabled cyber-threats by owning the strategy, design, and continuous improvement of PayNet's Secure AI Development Framework (SADF) and related security controls. As a senior technical leader, you will drive research programmes, architect end-to-end defences, mentor engineers, and partner with regulators to ensure PayNet's AI systems remain trustworthy, resilient, and compliant. Key Areas Of Responsibilities Strategic Leadership & Governance Define the multi-year AI security roadmap, aligning SADF milestones with PayNet's risk appetite, cybersecurity strategy, corporate strategy, and regulatory requirements such as , BNM's RMiT and NACSA's CSA 2024 guidelines Execute and oversee the implementation of the AI security roadmap Present quarterly AI risk posture updates to the CISO and Board Risk Committees. Advanced Research & Threat Hunting Lead red/blue-team exercises on adversarial ML, model extraction, data poisoning, and prompt-injection against production LLM services. Publish peer-reviewed white-papers and threat intelligence briefs that influence industry best practice.. Continuously research and apply new ways to attack and defend LLM-enabled products and services Secure AI Architecture & Engineering Design reference architectures for robust training pipelines, encrypted model artefact registries, and in-line LLM firewalling. Implement and oversee code reviews, IaC templates, and CI/CD gates enforcing OWASP best practices and NIST AI RMF controls. Framework Development (SADF) Own SADF requirements, threat models, test harnesses, and compliance checklists; ensure artefacts are version-controlled and reproducible (MLflow / DVC). Integrate bias & robustness evaluation, differential privacy, and SBOM generation into every model promotion. Incident Response & Forensics Act as AI security SME during cyber incidents; develop playbooks for model rollback, drift detection, and malicious payload sanitisation. Conduct post-mortems and drive remediation across engineering squads. Regulatory & Ecosystem Engagement Track regional and global AI-cyber regulations (MAS TRM, ISO 42001) and advise Risk, Legal/Compliance, and Legal, and senior management on implementation gaps. Represent PayNet in Bank Negara working groups and speak at industry events. People & Knowledge Development Mentor engineers, guide interns, and deliver internal masterclasses on topics such as secure prompt engineering and homomorphic encryption. Foster a culture of secure coding, pair programming, and continuous learning. Qualifications Experience Minimum 8 years in cybersecurity or ML security, with 3+ years leading AI/ML security initiatives in regulated environments. Demonstrable track record shipping or securing production-grade ML/LLM systems. Education Bachelor's degree in Computer Science, Software Engineering, Data Science, Cybersecurity, AI, or related field. Master's or PhD in Information Security, Machine Learning, or equivalent is highly advantageous. Technical Mastery Expert Python; strong in PyTorch / TensorFlow, DVC/MLflow, Docker/Kubernetes Deep knowledge of adversarial ML, differential privacy, secure federated learning, and cryptographic protocols. Cloud security (AWS / GCP / Azure) and IaC (Terraform/CDK) at production scale. Security Certifications At least one: CISSP, GIAC GWEB/GWAPT/GMLE, OSCP, or CCSK. Bonus: MITRE ATT&CK (ML) certifications, AWS Security Specialty. Leadership & Communication Proven ability to lead cross-functional teams, influence executives, and translate complex research into actionable controls. Strong written & verbal communication; published blogs, conference talks, or patents. NICE TO HAVE Experience with payment messaging standards (ISO 20022, DuitNow, RPTP) and Malaysian financial regulations (BNM, MCMC). Contributions to open-source AI security tooling (e.g., Adversarial Robustness Toolbox, TracIn, Llama Guard). Familiarity with GenAI policy enforcement (RLHF, RLAIF, content filters) and real-time LLM observability platforms. Show more Show less