AI Vendor Security Reviews: Lead security assessments of third-party AI/ML vendors across a high-volume pipeline, evaluating architecture, data handling, and access controls against enterprise risk standards. Security Framework Design: Develop and maintain the enterprise Google Cloud Platform AI Security Framework, defining approved security postures and controls for cloud AI services, agentic systems, and MCP servers. Gateway & Infrastructure Architecture: Design security controls for LLM gateways (Kong), including prompt injection defense, PII sanitization, and OAuth 2.1/PKCE-secured MCP deployments. Risk & Compliance Analysis: Identify architecture gaps, PCI/DPA compliance issues, and access control weaknesses; document findings with clear remediation requirements. Stakeholder Coordination: Partner with Legal, Privacy, and engineering teams to resolve security blockers and inform vendor contract decisions. Executive Reporting: Deliver concise status updates translating technical risk into business-ready decisions for leadership.