Compensation
Salary undisclosedDescription
Scale AI sits at the intersection of frontier AI, enterprise software, and national security. We safeguard high-value assets: proprietary AI data and infrastructure, a global contributor ecosystem, and sensitive enterprise and government customer data.
As our International Head of Security, you will own and unify Scale’s security strategy across our non-US affairs: Global Public Sector and non-US Enterprise deals. You will drive the execution, customer engagements and compliance with frameworks such as GDPR, ISO27001, UK Cyber Essentials Plus, the EU AI Act, NIS2 and country-specific sovereignty requirements while staying tightly aligned to our global secure-by-default architecture set by the Head of Security.
As we expand into FDE-led Agentic Applications while continuing to serve our data and model customers, our security surface area spans internal systems, external products, distributed contributors, and high-assurance government environments. You are a builder who believes security is a product feature, not a hurdle — and who can raise both our defensive maturity and our ambition in frontier AI security.
What You'll Do
Execute the Global Security Strategy Across International Markets
- Drive execution of Scale's multi-year secure-by-default roadmap across non-US markets, surfacing regional needs into global architecture decisions.
- Translate regional regulatory requirements (GDPR, ISO 27001/27017/27018, SOC 2, UK Cyber Essentials Plus, EU AI Act, NIS2, and country-specific data residency / sovereign-cloud rules) into concrete engineering controls.
- Track regional security metrics and accountability, and represent the international perspective in global prioritisation, audits, and roadmap reviews.
Lead Regional Security Engineering & Threat Detection
- Own the regional execution of identity, fine-grained RBAC, secrets management, CI/CD hardening, encryption, logging, and infrastructure protection with a particular focus on cross-border data flows and in-region telemetry.
- Stand up high-fidelity detection and response capabilities that meet local time zone coverage, breach-notification timelines, and regulator expectations.
- Drive systemic risk reduction through platform-level controls, partnering with the global security engineering team rather than building parallel stacks.
Secure Products, Data, and AI Systems for International Customers
- Ensure enterprise-grade protection of customer data, proprietary datasets, and AI assets across regional deployments, including support for in-region processing, encryption with customer-managed keys, and data-localisation commitments.
- Design and enforce robust multi-tenant isolation, fine-grained RBAC, and privilege lifecycle management across customer environments serving international enterprises and public sector buyers.
- Address AI-specific attack surfaces; prompt injection, tool abuse in agentic workflows, data exfiltration, and model/data integrity risks.
- Champion secure SDLC practices, threat modeling, and code review standards within FDE teams.
Lead Insider Risk & Contributor Integrity Across International Populations
- Partner with Product and Operations to reduce fraud, account compromise, collusion, and identity-based abuse without degrading platform usability, particularly in higher-risk regions.
- Implement strong auditability, privilege governance, and behavioural anomaly detection across sensitive workflows in a way that is defensible to international regulators.
Be the Lead Security Partner for International Customers & Governments
- Serve as the lead security partner in international enterprise and public sector engagements; running customer security reviews, supporting regulator interactions, and shaping trust narratives across the UK, EU, MENA, and beyond.
- Drive execution of the international clearable-infrastructure plan without fragmenting the core platform.
- Partner with Sales, Legal, and Compliance to streamline security reviews and build durable customer confidence.
Qualifications
Required
- 8+ years in cybersecurity (security engineering, product security, detection/response, or cloud security), with at least 4 years leading or formally mentoring engineers in high-growth or enterprise environments.
- Demonstrated experience building and scaling security programs that materially improved risk posture.
- Strong technical depth in cloud-native security (AWS / GCP / Azure), IAM / Zero Trust, infrastructure security, logging and monitoring, and secure SDLC practices.
- Hands-on familiarity with GDPR, ISO 27001, SOC 2, UK Cyber Essentials Plus, NIS2, and the EU AI Act.
- Experience managing insider risk or securing environments with significant third-party, contractor, or marketplace-style user populations.
- Ability to operate cross-functionally with Engineering, Product, Legal, Compliance, Sales, and Public Sector stakeholders.
- Right to work in the UK. Comfortable traveling regularly; willing to be vetted for country-specific clearances where customer engagements require it.
Preferred / Differentiators
- Experience securing AI / ML platforms, LLM-based systems, or agentic applications
- Familiarity with AI-specific threat vectors such as training data poisoning, prompt injection, tool/plugin abuse, and protection of model-related IP.
- Experience operating at the intersection of enterprise SaaS and government or national security customers.
- Working knowledge of GCC (Gulf Cooperation Council) sovereign compliance and privacy regulations (such as UAE DESC CSP and Qatar NCSA NISCF/NIA)
- Proven ability to build secure-by-design multi-tenant systems serving FTSE 100 / Euro Stoxx 50 / global Fortune 500 clients across multiple regulatory regimes.
- Experience leading red-teaming, adversarial testing, or offense-informed defense programs.
- Active or eligible for UK clearance (SC or DV), NATO clearance, or equivalent in another allied jurisdiction.
Stack
- Posted
- Jul 15, 2026
- Last seen
- Jul 15, 2026
- First seen
- Jul 15, 2026




