Manager | Hybrid cloud | Bengaluru | Engineering | Hybrid Cloud Engineering
Deloitte · State of Karnataka, India
Deloitte · State of Karnataka, India
Job requisition ID :: 107229 Date: Jun 22, 2026 Location: Bengaluru Designation: Manager Entity: Deloitte Touche Tohmatsu India LLP **Manager | Hybrid cloud | Bengaluru | Engineering | Hybrid Cloud Engineering** - **Job requisition ID** : 107229 - **Location**: Bengaluru - **Entity**: Deloitte Touche Tohmatsu India LLP **Job Title: Manager – Security & Compliance Architect (AI Infrastructure)** **Role Overview** We are seeking a **Manager-level Security & Compliance Architect** to design and implement **secure, compliant, and resilient AI infrastructure platforms**, including **GenAI, ML pipelines, and data ecosystems**. This role will focus on embedding **security-by-design and compliance-by-default principles** across AI systems, ensuring protection of **data, models, and infrastructure** while aligning with regulatory and industry standards. **Key Responsibilities** **1. AI Security Architecture** - Design and implement **end-to-end security architecture** for AI/ML and GenAI platforms: - Model training and inference environments - LLM and API integrations - Data pipelines, vector databases, and orchestration frameworks - Define **secure reference architectures** for: - Cloud-native AI platforms (Azure, AWS, GCP) - Hybrid and multi-cloud deployments - Implement **defense-in-depth strategies** across AI systems **2. AI-Specific Threat Modeling & Risk Management** - Conduct **threat modeling for AI systems** covering: - Model poisoning - Prompt injection and jailbreaking - Data leakage and inference attacks - Identify and mitigate **AI-specific vulnerabilities** across: - Training data pipelines - Model artifacts and endpoints - Perform **risk assessments** and define mitigation strategies aligned to enterprise risk appetite **3. Compliance & Governance** - Ensure AI platforms adhere to global and regional standards such as: - ISO 27001, SOC 2, NIST, CIS benchmarks - GDPR, HIPAA (as applicable) - Emerging **AI regulations (e.g., EU AI Act, responsible AI guidelines)** - Define and implement: - **Data governance and privacy frameworks** - Model governance and lifecycle controls - Support **audit readiness, compliance reporting, and certifications** **4. Identity, Access & Data Security** - Define and implement: - **Zero Trust architecture** for AI platforms - Fine-grained **access controls (RBAC/ABAC)** - Secure: - Training and inference data - Model endpoints and APIs - Secrets, tokens, and embeddings - Implement **encryption strategies**: - Data at rest and in transit - Secure key management (HSM, KMS) **5. Secure AI Development & MLOps** - Embed security into: - **CI/CD and MLOps pipelines** - Model development and deployment lifecycle - Implement: - **Secure coding and model development best practices** - Dependency and artifact security (SBOMs, vulnerability scanning) - Establish controls for: - Model versioning and integrity - Supply chain security **6. Monitoring, Detection & Incident Response** - Design **security monitoring for AI platforms**: - Anomalies in model outputs - Data exfiltration attempts - Unauthorized access patterns - Integrate with enterprise: - SIEM / SOAR platforms - Threat intelligence systems - Define **incident response plans** for AI-specific risks - Conduct **security drills and simulations** **7. Tooling & Platform Enablement** - Implement and manage security tools such as: - Cloud-native security (Defender, GuardDuty, Security Command Center) - Container security (Aqua, Prisma, etc.) - API security & gateways - Evaluate and integrate **AI security tools** (prompt filtering, model monitoring, adversarial testing) - Build **automated guardrails** using policy-as-code **8. Stakeholder Engagement** - Work with: - AI/ML engineering teams - Data science and platform teams - Enterprise security and compliance groups - Translate technical risks into **business impact and compliance needs** - Support leadership with: - Security posture reporting - Risk dashboards and remediation plans **Required Qualifications** **Experience** - 8–12 years of experience in: - Cybersecurity architecture / cloud security - Compliance and risk management - 3–5+ years in **cloud-native or AI/ML environments** - Hands-on experience in **designing secure distributed systems** **Core Skills** - Deep understanding of: - Security architecture principles (Zero Trust, defense-in-depth) - Cloud security frameworks and controls - Compliance standards and regulatory frameworks - Strong knowledge of: - AI/ML lifecycle and associated risks - Data security and privacy engineering **Technical Skills** - Cloud Platforms: Azure, AWS, GCP - Security: - IAM, encryption, network security, secrets management - AI/ML: - LLM APIs, model pipelines, data pipelines - DevSecOps: - CI/CD security, SAST/DAST, container security - Tools: - SIEM (Splunk, Sentinel), vulnerability management, API security **Leadership & Consulting Skills** - Strong stakeholder management and communication skills - Ability to translate security into **business and compliance outcomes** - Experience working in **cross-functional teams and transformation programs** **Preferred Qualifications** - Certifications: - CISSP, CISM, CCSP - Azure Security Engineer / AWS Security Specialty - Exposure to: - Responsible AI frameworks - Privacy-enhancing technologies (PETs) - Experience in: - Multi-cloud and regulated environments (BFSI, healthcare, etc.)