Driving AI strategy within the Information Security department with a focus on leveraging AI technologies to augment or replace existing security technologies designed to protect TradeStation and its customers Enabling TradeStation to rapidly adopt and leverage AI technologies across the enterprise while protecting sensitive data, TradeStation’s infrastructures, and our customers Understanding existing and emerging AI-based security threats and recommending/designing appropriate countermeasures at all levels including networking, application, and others Serving as a subject matter expert on AI technologies including LLM’s, MCP’s, development tools and workflows, used across the TradeStation enterprise and recommending / implementing appropriate security controls as well as advising stakeholders across the organization on security-related AI matters Identify current security controls, processes, and technologies that may be improved through migration to AI-based tooling Recommend appropriate changes and lead initiatives for measurable improvement Educate, mentor, and advise other members of the Security team on the implementation, management, and use of new security AI tooling Design, test, and implement strategies to address malicious activity that leverages AI for complex and time-sensitive attack methods Build AI-assisted SOC / detection enablement, applying AI technologies to security operations Develop and deliver security metrics and trend data to assist the organization’s understanding of overall AI security risk Serve as a trusted advisor to multiple stakeholders, both technical and nontechnical, across the company in protecting information as we rapidly adopt new AI technologies Identify risks associated with internal AI usage and recommend appropriate controls Perform risk assessments on proposed AI initiatives and technologies Provide expertise to product and development leadership on AI security aspects of customer-facing AI technologies Evaluate AI tools, APIs, and vendors for security posture before adoption (e.g., data retention policies, model access controls, terms of service risk) Monitor evolving AI threat landscape (prompt injection, jailbreaking, model poisoning, adversarial inputs) and translating findings into actionable guidance for the team Enforce controls to prevent sensitive/regulated data (PII, PCI, trading data) from being inadvertently exposed through AI prompts or tools Draft and maintain AI-specific security policies and acceptable use standards (this is distinct from general GRC work and fits the role well) Maintain awareness of what AI tools are in use across the enterprise, including unsanctioned/shadow AI, and developing a process to manage it A strong information security knowledge foundation including security principles, frameworks, risk mitigation, etc. Strong understanding of artificial intelligence concepts, technologies, and methods including, but not limited to: large language models (LLM’s) such as Claude, ChatGPT, and others, AI-based development tools such as CoPilot and others, model context protocol (MCPs), and their application to information security programs, as well as AI risk mitigation Familiarity with OWASP Top 10 for LLMs / MITRE ATLAS Familiarity with API security, specifically around MCP and LLM integration Hands-on prompt engineering / security testing experience with knowledge of how attacks against AI technologies both in theory and in practice Experience leveraging AI technologies to improve efficiency, reduce risk, and enhance security operations Operational excellence: Strong project management mindset with exceptional organizational skills and attention to detail Autonomy and judgment: Ability to work independently, make sound decisions, and know when to escalate or seek guidance Follow-through: Proven track record of driving initiatives to completion and following up with stakeholders on assigned tasks Communication skills: Excellent written and verbal communication skills, including the ability to facilitate meetings, document complex topics clearly, and interact professionally with all organizational levels AI proficiency: Demonstrated ability to leverage AI tools to enhance work quality, accelerate tasks, and solve problems creatively Risk assessment & documentation: Ability to support or conduct security risk assessments, document risk details clearly, and track remediation activities to closure Incident response familiarity: Understanding of incident response processes, documentation requirements, and the coordination needed to support response and post-incident activities Collaboration: Ability to work effectively across IT, Compliance, ERM, and business units to achieve shared objectives Adaptability: Comfortable operating in dynamic environments where priorities shift and requirements evolve Problem Solving: Practical problem-solving approach that balances process with pragmatism Strong proficiency with Microsoft Office, collaboration tools (Jira, Confluence, SharePoint), and project management practices Must have a passion for information security and AI, a strong desire to learn and apply new knowledge Working knowledge of cloud security in AWS and Azure environments preferred Experience in financial services, fintech, or other highly regulated industries preferred Familiarity with Agile, SDLC, and CI/CD concepts preferred Knowledge of incident response frameworks and processes preferred Demonstrated progression toward a security career path and willingness to pursue relevant certifications preferred Bachelor's degree in Information Technology, Computer Science, Information Security, or related field; OR equivalent combination of relevant education, training, and experience Minimum 7 years professional experience in information security in hands-on roles such as security engineering and/or application security Must be located within the US states of Florida, Texas, Illinois, New York, New Jersey, Colorado, Idaho, Massachusetts, Michigan Minnesota, Missouri, North Carolina, South Carolina, Utah, or Virginia Must be able to work core US Eastern Time hours as well as other times as needed Ability to travel to company offices, including international offices, or other locations occasionally as needed for meetings, training, to perform work tasks, etc. One or more industry-recognized security certifications: CISSP, CISM, CISA, CRISC, Security+, CASP+, CySA+, GAISE or other GIAC certifications preferred Collaborative work environment Competitive Salaries Yearly bonus Comprehensive benefits for you and your family starting Day 1 Flexible Paid Time Off Remote working environment TradeStation Account employee benefits, as well as full access to trading education materials Pay Range (US) $170-190K (Countries outside of the US have differing ranges in accordance with local labor markets)