UK Secured AI Tooling Officer

Location: GBR - ANY CITY

Time Type: Full time

Job Description

Job Description:

The UK Secure Accounts AI Tooling Officer should establish an AI board which can manage impact assessment submissions outside of the corporate process for UK Secure accounts.

Key Responsibilities

AI fluency and enablement across DXC

• Lead the development of AI knowledge, confidence, and capability across DXC, particularly within UK Secure Accounts (UKSA) and Platform teams.
• Serve as the primary point of contact (“Go‑To Person”) for AI‑related guidance, best practices, and process updates for SRG and UKSA.
• Keeping up to date with the latest UK GOV AI planning and sharing these with the UK Secure teams and accounts.
• Be part of the DXC AI Academy.
• Support/guide and help undertake AI Impact Assessment (Enablement) when requested by UKSA.
• Advise UK Secured on licensing of AI Tools and undertaking Supply Chain AI impact assessments.
• Deliver demonstrations, knowledge‑sharing sessions, and practical enablement activities that showcase the effective and safe use of AI tools, including Copilot.
• Actively contribute to the DXC AI Community by engaging in discussions on tooling, training roadmaps, and emerging AI capabilities.
• Provide ongoing support and advisory on AI governance, responsible AI practices, and safe adoption across teams.

Champion a Secure by Design approach to AI development, ensuring that security, privacy, safety, and responsible-use controls are integrated proactively—not retrofitted—across the entire AI lifecycle.

Tooling Guidance, Requirements and Technical Input

• Provide initial expert guidance on tooling requirements and recommended solutions for UK Secure vs Corporate Tooling environments.
• Understand and advise on corporate tooling life cycles and how these differ for secured platforms.
• Attend corporate technical review including AI forums with DXC Corporate SME and share outcomes, risks, and opportunities with UK Secured teams.

Data Sovereignty, Monitoring and Compliance

• Demonstrate strong knowledge of data sovereignty considerations throughout the tool lifecycle.
• Manage or utilise data sovereignty dashboards/monitoring tools to track physical data location at each lifecycle stage.
• Assess risks related to data residency, information classification, cross-border flow, third-party hosting, and geopolitical exposure.
• Ensure tooling aligns with organisational data protection, export control, and sovereignty policies.
• Partner with SRG and DXC Corporate SMEs to enhance DXC4411 and related policies, aligning them with ISO27001/27017/27018, CE+, and other certification requirements.

AI Risk Assessments, Impact Statements and Assurance

• Produce formal risk and impact statements from corporate tools and any adaptations required to support UK Secure Accounts.
• Conduct impact assessments on behalf of UKSA and collaborate with the assigned DXC Project Manager.
• Perform tooling reviews when tasked by the SRG UK Cyber Security Lead, providing recommendations and assurance statements.
• Support both internal and external audits where tooling or control compliance are in scope.

Governance, Policy Application and Lifecycle Management

• Understand and apply Cyber Security Policies, Tooling Policies, and the broader organisational control environment.
• Develop clear recommendations for UKSA and ensure follow-up actions are tracked and completed.
• Maintain oversight of the full tooling lifecycle across Corporate and Secured ecosystems, from onboarding through decommissioning.

 Stakeholder Management and Strategic Relationships

• Build strong relationships with key stakeholders, including UK Secure Accounts (UKSA) SDL/TSM/TAM, DXC Corporate teams, Cyber Assurance teams, and SRG functions.
• Provide consultancy to UKSA, including key recommended actions, suggested risk mitigations, and ongoing guidance to meet transformation obligations.

 Road mapping, Reporting and Senior Leadership Engagement

• Maintain the roadmap of all tooling-related risks logged within SRG.
• Prepare and provide tooling risk updates to Senior Management or Senior Information Risk Officer (SIRO) – monthly.
• Report regularly on future corporate IT requirements, changes in the CORE application landscape, new offerings, and potential risks stemming from corporate tool deprecations.

 Critical Tools, Geopolitics and Emerging Technologies

• Advise on critical systems and identify risks when corporate tools are phased out or replaced by DXC.
• Demonstrate good understanding of geo-political factors and their potential impact on data sovereignty, vendor risk, and tooling strategies.
• Possess a strong understanding of AI frameworks and how AI-enabled tools align with organisational risk and security standards.

Operational Balance and Collaboration

• Work closely with other security teams to achieve a balanced, secure, and efficient use of corporate tooling.
• Ensure secure adoption while avoiding unnecessary operational restrictions.

Essential Skills and Experience

• UK National with eligibility for security clearance
• Strong experience in tooling assurance including AI, cyber security, technology risk, or IT governance.
• Solid understanding of AI data sovereignty, data residency, information classification and cross‑border data controls and GDPR.
• Experience producing general and AI risk and impact assessments for tools, systems, or platforms.
• Knowledge of geopolitical risk factors and how they influence vendor and tooling decisions.
• Familiarity with corporate and secure platform environments, including differences in risk exposure.
• Understanding of AI governance frameworks and AI risk principles.
• Effective communication skills with the ability to brief SIRO-level stakeholders.
• Ability to collaborate across technical, operational, and senior leadership groups.
• Experience supporting audits, with knowledge of controls and regulatory obligations.

Key Competencies

• Risk-based decision-making.
• Strong analytical capability
• Attention to technical details.
• Excellent stakeholder engagement
• Clear written and verbal communication. Able articulate and present to a wider audience where needed.
• Strategic awareness of geopolitical influences
• Proactive mindset and continuous improvement focus on tooling.
• Balanced approach to security and operational performance

Professional Certifications (Highly Desirable)

• AI Compliance Qualifications.
• CRISC – Certified in Risk and Information Systems Control.
• CGRC (formerly CAP) – Certified in Governance, Risk & Compliance
• CISA / CISM / CISSP / CompTIA+
• CCSP – Certified Cloud Security Professional
• Azure/AWS
• Knowledge of key business Tools.

Any Technical Qualifications (Tooling & Platforms) – will help.

• CoPilot/CoPilot365/ChatGPT/GitHub
• SIEM tools (Splunk, Sentinel, QRadar)
• Vulnerability management platforms (Qualys, Tenable, Rapid7)
• Identity tools (SailPoint, Azure AD, CyberArk)
• Endpoint security tools (Defender, CrowdStrike, Trellix)
• GRC platforms (ServiceNow GRC, Archer, MetricStream)
• Cloud tooling (Azure, AWS, GCP)

Data Protection & Privacy Qualifications

Useful if tooling touches customer or personal data:

• CIPP/E – Certified Information Privacy Professional (Europe)
• CIPM – Certified Information Privacy Manager
• GDPR Practitioner certificate

At DXC Technology, we believe strong connections and community are key to our success. Our work model prioritizes in-person collaboration while offering flexibility to support wellbeing, productivity, individual work styles, and life circumstances. We’re committed to fostering an inclusive environment where everyone can thrive.

Recruitment fraud is a scheme in which fictitious job opportunities are offered to job seekers typically through online services, such as false websites, or through unsolicited emails claiming to be from the company. These emails may request recipients to provide personal information or to make payments as part of their illegitimate recruiting process. DXC does not make offers of employment via social media networks and DXC never asks for any money or payments from applicants at any point in the recruitment process, nor ask a job seeker to purchase IT or other equipment on our behalf. More information on employment scams is available here.