Senior Risk Manager – AI Focus

Start: ASAP Length: 6 months Location: On-site in Stockholm 5 days a week Utilization: 100 %, full-time About the Company The client is a high-growth legal AI SaaS company. Demand for AI capabilities - new models, integrations, connectors, and internal automations - is accelerating across the organisation, and we're committed to delivering on that demand responsibly. To do so, they need to scale their ability to assess, manage, and communicate the risks these systems introduce. What You'll Do • Lead hands-on technical reviews of requested AI automations, integrations, and connectors before they go live. This means setting up sandbox environments, actually using the systems, probing how they behave, and deliberately trying to break them - testing for prompt injection, data exfiltration paths, permission escalation, overly broad scopes, insecure defaults, and unexpected data flows - to surface real risks rather than theoretical ones. • Translate findings into clear, decision-ready risk assessments: well-structured risk statements with likelihood and impact scores, residual risk after controls, and concrete recommendations. Keep senior leadership informed in language they can act on. • Build out and mature the company's AI risk intake process so that new AI requests and other identified enterprise risks feed into a consistent, prioritised, and auditable pipeline. Contribute to the design and implementation of secure AI solutions and guardrails - technical, procedural, and contractual - that allow the business to move quickly without accumulating unmanaged risk. Required Experience • Direct, hands-on experience in information security and AI risk management over the past one to two years, working at the current frontier of AI and SaaS risk. You should have kept pace with the evolving threat landscape around LLMs, agentic systems, MCP servers, connector ecosystems, and AI-integrated SaaS. • Demonstrable experience conducting end-to-end risk assessments: scoping, technical investigation, risk phrasing, scoring methodologies (both qualitative and quantitative), treatment planning, and communicating outcomes to executives and boards. Not checkbox risk registers - actual risk management. • Technically versatile. Comfortable setting up sandbox environments, reading API documentation critically, testing integrations and connectors, and reasoning about authentication, authorisation, data flows, and blast radius. Able to go deep enough to identify what could realistically go wrong and articulate it in terms a non-technical executive can act on. Preferred • Experience building AI guardrails - technical controls, policy-as-code, evaluation pipelines, and monitoring. • Familiarity with ISO/IEC 23894, ISO/IEC 42001, the NIST AI Risk Management Framework, and emerging AI regulation such as the EU AI Act and sector-specific guidance. • Background in high-growth SaaS scale-ups.