Privacy and Security Technical Assurance, Risk, Compliance and Integrity
- linkCopy link
- emailEmail a friend
This role may also be located in our Playa Vista, CA campus.
Applicants in the County of Los Angeles: Qualified applications with arrest or conviction records will be considered for employment in accordance with the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act.
In accordance with Washington state law, we are highlighting our comprehensive benefits package, which is available to all eligible US based employees. Benefits for this role include:
- Health, dental, vision, life, disability insurance
- Retirement Benefits: 401(k) with company match
- Paid Time Off: 20 days of vacation per year, accruing at a rate of 6.15 hours per pay period for the first five years of employment
- Sick Time: 40 hours/year (increased to 69 hours/year for Seattle) including 5 discretionary sick days per instance
- Maternity Leave (Short-Term Disability + Baby Bonding): 28-30 weeks
- Baby Bonding Leave: 18 weeks
- Holidays: 13 paid days per year
Minimum qualifications:
- Bachelor's degree in Computer Science, Cybersecurity, Engineering, or equivalent practical experience.
- 7 years of experience in cybersecurity, technical assurance, IT audit, pen testing, or working within a second line of defense risk management function.
- Experience with enterprise-wide or cross-functional technical project planning and execution, including partnering with legal, policy, or compliance teams.
- Experience designing and executing security control testing methodologies and risk assessments for software, infrastructure, or AI/ML systems.
Preferred qualifications:
- Advanced degree in Computer Science, Cybersecurity, Artificial Intelligence, or a related field.
- Professional AI security or audit certifications such as CISSP, CISA, CISM, AIGP, AAIA, ISO 27001/42001 Lead Auditor or equivalent technical certifications.
- Experience working within a technology company or "Big Tech" ecosystem, navigating complex, hyper-scale infrastructure and distributed risk environments.
- Proven experience operating in a second line of defense role, including providing separate tests, control testing, and oversight to first-line business and engineering teams.
- Deep technical understanding of AI/ML specific vulnerabilities (e.g., adversarial attacks, training data extraction, prompt injection).
About the job
The Risk, Compliance and Integrity organization (RCI) brings together critical compliance, assurance, risk, and governance functions across the company to help meet compliance needs and enable our businesses to innovate securely. Operating as a critical second line of defense, we manage our operations through risk-based prioritization, technical validation, oversight, and consistent engagement with product engineering and legal counsel.
In this role, you will demands a deep understanding of AI/ML architectures, offensive security testing methodologies, and threat modeling, coupled with the ability to separately test existing and emerging cybersecurity and AI controls. As a second-line leader, you will need the ability to collaborate effectively across the engineering organization, provide constructive issues, and influence at all levels.
In addition to a deep technical security foundation, this role requires exceptional program management capabilities. The successful person will have a demonstrated ability to track, report on, and effectively manage complex technical assurance initiatives from inception to completion. This includes defining clear testing objectives, establishing metrics, monitoring the first line's remediation progress, and ensuring timely and accurate reporting to engineering stakeholders and risk committees.
Individual pay is determined by factors including job-related skills, experience, and relevant education or training.
US: $136000 - $197000 (USD) + 15% bonus target + bonus + equity + benefits
Learn more about benefits at Google.
Responsibilities
- Provide separate oversight and issues as a critical second line of defense function, establishing and maintaining comprehensive technical assurance testing frameworks for AI/ML and traditional security ecosystems.
- Design and execute technical assurance testing across both existing and emerging cybersecurity and AI controls to validate their design and operating effectiveness.
- Lead and coordinate cross-functional security testing initiatives (e.g., targeted control validation, AI red teaming, architecture reviews) to separately assess risks across AI product areas and engineering teams.
- Advocate for AI security assurance, effectively communicating testing results, control deficiencies, threat models, and mitigation strategies to first-line technical leadership, legal counsel and executive stakeholders.
- Enhance awareness of emerging AI threats, translating testing insights into actionable engineering recommendations.
Information collected and processed as part of your Google Careers profile, and any job applications you choose to submit is subject to Google's Applicant and Candidate Privacy Policy.
Google is proud to be an equal opportunity and affirmative action employer. We are committed to building a workforce that is representative of the users we serve, creating a culture of belonging, and providing an equal employment opportunity regardless of race, creed, color, religion, gender, sexual orientation, gender identity/expression, national origin, disability, age, genetic information, veteran status, marital status, pregnancy or related condition (including breastfeeding), expecting or parents-to-be, criminal histories consistent with legal requirements, or any other basis protected by law. See also Google's EEO Policy, Know your rights: workplace discrimination is illegal, Belonging at Google, and How we hire.
If you have a need that requires accommodation, please let us know by completing our Accommodations for Applicants form.
Google is a global company and, in order to facilitate efficient collaboration and communication globally, English proficiency is a requirement for all roles unless stated otherwise in the job posting.
To all recruitment agencies: Google does not accept agency resumes. Please do not forward resumes to our jobs alias, Google employees, or any other organization location. Google is not responsible for any fees related to unsolicited resumes.
Equity is granted exclusively and discretionarily by Alphabet Inc. on the basis of an agreement concluded between you and Alphabet Inc. Alphabet Inc. is your sole contractual partner with respect to equity grants. GSU grants are not guaranteed, are discretionary, are subject to approval by the Alphabet Inc. board of directors or its delegate, the terms of the relevant Alphabet Inc. stock plan, and your grant agreement. They have no impact on statutory payments. Current or past grants do not confer an acquired right.