GRC AI Security Analyst

Executive Summary:

The IT HUB GRC AI Security Analyst is a key role within the Cyber AI Lab, responsible for securing and governing AI solutions and platforms across Equans. The position combines product ownership, platform administration, governance, and evangelization activities to ensure that AI initiatives are delivered securely, compliantly and in line with corporate risk appetite. Acting as the main interface between AI teams, GRC, Legal and security leadership, this role drives secure-by-design practices and promotes a strong cybersecurity culture around AI.

Role Evolution: The scope of the IT HUB AI Security Analyst role may evolve with the maturity of AI usage, regulatory changes and the development of new AI platforms within Equans.

Key Missions:

The IT HUB GRC AI Security Analyst delivers several core missions, ensuring that AI solutions and platforms are securely designed, operated and governed throughout their lifecycle.

• Act as Naaia Product Owner, supporting users needs and maintaining AI solutions compliance to the AI act and other applicable legislations.
• Follow up and leverage cybersecurity features in global AI platforms namely Microsoft Power Platform, Microsoft Agent Platform and Copilot Studio environments, to ensure proper cybersecurity governance in a rapidly evolving environment.
• Serve as Legal and GRC Single Point of Contact (SPOC) for AI-related security and compliance topics.
• Support on the SCISO SLS AI role: deploying group cybersecurity governance for the SLS AI. Conducting security risk analyses, audits, reporting, security assurance plans.
• Leverage contacts with products owners and local AI teams to build a global view of AI use cases and promote AI cybersecurity best practices across Equans.
• Ideally, contributing to the communication of the Cyber AI lab activities in the Cyber community, using any innovative channel (vlog, AI generated content…), demonstrating how AI changes the way we work at a basic, day to day level.

Mission Outcome: AI initiatives are delivered securely, in compliance with internal policies and external regulations, while enabling innovation and business value.

Required Profile:

The IT HUB GRC AI Security Analyst combines strong cybersecurity and governance knowledge with a solid understanding of AI platforms and business expectations. The role requires both technical literacy and the ability to communicate and influence across diverse stakeholders.

Education & Background:

• University degree in Computer Science, Information Security, Engineering or equivalent experience.
• Proven experience in cybersecurity, IT risk management, or GRC roles; exposure to AI/ML environments is a strong asset.
• Experience with Microsoft cloud and collaboration ecosystems (M365, Azure, Power Platform) highly appreciated.
• Professional Experience:
• Prior experience in a security analyst, GRC analyst, platform administrator or product owner role.
• Experience working in an international, multi-stakeholder environment.
• Familiarity with secure development lifecycle (SDLC) or MLOps/AI lifecycle practices is a plus.

Skills and Competencies:

A mix of technical, governance and soft skills is required to successfully deliver the missions of the IT HUB GRC AI Security Analyst.

Technical & Governance Skills:

• Good understanding of cybersecurity principles, risk management and security controls.
• Knowledge of relevant standards and regulations (e. g. ISO 27001, NIST, GDPR, upcoming AI regulations).
• Administration and governance of Microsoft Power Platform, Agent Platform and Copilot Studio (or equivalent tools).
• Understanding of AI/ML concepts and typical AI-related risks (bias, privacy, model and data security).
• Ability to perform and document risk analyses, audits and security assurance plans
• Strong communication skills, able to interact with technical teams, business stakeholders, Legal, GRC and management.
• Capacity to translate complex security requirements into clear, actionable guidance.
• Proactive, structured and result-oriented, with strong ownership and accountability.
• Evangelist mindset: ability to convince, educate and promote a security-by-design culture.
• Comfortable presenting (and potentially appearing on video) to share AI security insights.

Stakeholders and Collaboration:

The IT HUB GRC AI Security Analyst operates at the crossroads of technology, security, governance and business. Collaboration with a broad range of stakeholders is essential to ensure secure and compliant AI adoption.

• Cyber AI Lab teams developing cyber specific AI use cases.
• SLS AI for as SCISO and the SCISO community.
• GRC teams for contribution to the cybersecurity governance framework.
• Legal and Data Protection Officers for regulatory alignment and contractual topics related to AI.
• IT infrastructure and operations teams for Microsoft platforms configuration and cybersecurity controls deployment.
• Business units and local AI teams for understanding use cases, constraints and risk appetite.
• Cybersecurity community for cyber lab activities communication.

Success Criteria and KPIs:

Success in the IT HUB AI Security Analyst role is measured through both qualitative and quantitative indicators reflecting secure AI adoption, compliance and stakeholder satisfaction.

• Reduction of security and compliance findings on AI platforms and solutions (audits, risk assessments).
• Timely completion of AI-related risk analyses, security assurance plans and remediation actions.
• Correct usage of security configurations and governance features on agentic platforms: Power Platform, Agent Platform and Copilot Studio at the moment.
• Positive feedback from Cyber AI Lab, GRC, Legal and local AI teams regarding support and collaboration.
• Impact of communication initiatives a plus.