Who We Are

At FCT, we are proud of our success and excited about our future potential. It is our employees' dedication and ongoing pursuit of excellence that has made us Canada's leading provider of title insurance. Our employees are encouraged to harness new ideas, to unleash their imaginations and to create innovative products and services, as well as persistently seek ways to improve our service and respond to our customers' needs. Our employees are people whose passion for their work, commitment to customers, contributions to the company and influence on its corporate culture are what create and grow FCT.

What We Do

The Director of Information Security – AI Governance leads the design and execution of the enterprise’s security governance strategy for Artificial Intelligence (AI) and Machine Learning (ML) systems. Reporting to the VP of Information Security GRC, this role establishes and enforces policies, controls, and risk management practices to ensure the secure, ethical, and compliant use of AI technologies across the enterprise.
This is a hands-on leadership role, requiring deep expertise in information security, vendor risk management, and regulatory compliance. The director will drive execution of AI-related risk assessments, define technical and procedural controls, and ensure that AI systems are secured against emerging threats while meeting regulatory and ethical obligations.

HOW YOU'LL CONTRIBUTE

• Design and implement an AI security governance framework, aligned with enterprise GRC objectives and integrated into existing cybersecurity and compliance programs.
• Develop, maintain, and enforce AI-specific information security policies, standards, and procedures — covering secure model development, data integrity, model access, third-party use, and post-deployment monitoring.
• Lead AI-specific security risk assessments, including threat modeling, control gap analysis, and secure architecture reviews for internal and vendor-developed AI/ML systems.
• Document AI-related security risks, controls, and mitigation strategies, ensuring traceability and alignment with enterprise risk registers, control libraries, and regulatory expectations.
• Oversee AI-focused third-party risk assessments, evaluating external vendors’ AI system design, privacy/security posture, data sourcing, and model behavior claims.
• Monitor the evolving AI threat landscape, including adversarial ML, data poisoning, model inversion, and misuse risks. Translate findings into actionable controls and security requirements.
• Collaborate with Legal, Privacy, Data Governance, IT, and Product teams to ensure AI systems comply with applicable regulations and guidance (e.g., NIST AI RMF, EU AI Act, FTC AI guidance, state legislation).
• Partner with technical security teams to Integrate AI capabilities into existing security infrastructure (e.g., SIEM, SOAR, EDR).
• Develop adversarial testing frameworks to validate model robustness and security.
• Provide leadership during AI-related security incidents, including investigation, root cause analysis, containment, and post-incident control design.
• Establish AI-related KPIs/KRIs, dashboards, and executive reporting that highlight risk posture, control coverage, and maturity of AI security governance.
• Serve as an internal advisor and thought leader on secure and responsible AI use, balancing innovation with risk reduction and regulatory alignment.
• Act as a key point of contact during regulatory exams, audits, and third-party reviews involving AI and model-related controls.
• Integrate AI governance processes and risk indicators into existing GRC tools (e.g., ServiceNow GRC, Archer, LogicGate) and enterprise control frameworks (NIST CSF, ISO 27001, SOC2, SOX, etc.).
• Partner with training and awareness team to develop and launch AI specific security trainings and awareness campaigns.

WHAT YOU'LL BRING

Required Education, Experience, Certification/Licensure

Leadership Responsibilities

• 10+ years of experience in information security or cybersecurity risk management
• 3–5 years leading governance or risk programs with AI/ML, model risk, or advanced analytics technologies
• Experience engaging with auditors, regulators, and legal teams in a cybersecurity context
• Manage and grow a team of GRC and AI security professionals; foster technical development, accountability, and delivery excellence.
• Lead cross-functional working groups and governance committees to define and drive AI security objectives.
• Represent the security function in enterprise AI steering forums, industry engagements, and regulatory collaborations.
• Contribute to long-term strategic planning for AI adoption and governance from a security lens.

In-depth understanding of:

• Information security frameworks (NIST, ISO 27001, CIS, FFIEC, etc.)
• AI governance models (NIST AI RMF, EU AI Act, OECD, ISO 42001)
• Cloud-native security, identity and access management (IAM), and data protection within AI/ML architectures
• Demonstrated success in:
  • AI/ML threat modeling and control design
  • Vendor risk assessments involving AI/ML components
  • Policy lifecycle management and regulatory mapping
• Experience with GRC tools and risk automation platforms (e.g., Archer, ServiceNow GRC)
• Excellent communication and executive presentation skills, with the ability to translate complex risks for varied audiences.
• Bachelor's degree in Information Security, Computer Science, Engineering, or a related field required.
• Advanced degree or formal training in AI security, data ethics, or regulatory compliance preferred.
• Preferred: CISM, CISSP, CRISC, or CGEIT
• Bonus: CIPP/US, CIPM, certifications in AI governance, responsible AI, or cloud security

Salary Range: $166,800.00 - $222,300.00

This hiring range is a reasonable estimate of the base pay range for this position at the time of posting.  Pay is based on a number of factors which may include job-related knowledge, skills, experience, business requirements and geographic location

What We Offer

By choice, we don’t simply accept individuality – we embrace it, we support it, and we thrive on it! Our People First Culture celebrates diversity, equity and inclusion not simply because it’s the right thing to do, but also because it’s the key to our success. We are proud to foster an authentic and inclusive workplace For All. You are free and encouraged to bring your entire, unique self to work. First American is an equal opportunity employer in every sense of the term.

First American will consider for employment all qualified applicants, including those with arrest or conviction records, in a manner consistent with the requirements of applicable state and local laws (e.g., the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act).

First American intends to conduct a review of an applicant’s criminal history in connection with a conditional offer. First American reasonably believes that a criminal history may have a direct, adverse and negative relationship with the following material job duties for this position potentially resulting in the withdrawal of the conditional offer of employment: handling of confidential, proprietary or trade secret information belonging to First American or its customers, administrating or facilitating financial transactions, and the ability to meet customer-imposed criminal history requirements.

Based on eligibility, First American offers a comprehensive benefits package including medical, dental, vision, 401k, PTO/paid sick leave and other great benefits like an employee stock purchase plan.