Rodeo
ResourcesPartnersSign in

The Citation Group

AI Security & Risk Analyst

Wilmslow
Posted about 17 hours ago
Sign up to applySee more jobs like this

How your CV stacks up

1Upload CV
2Analyse CV
3Improve CV

Upload your CV to see how well it fits this job role

?%

AI Security & Risk Analyst

Reporting to: Group Director of Information Security
Team: Information Security
Location: Hybrid

Role Purpose

To own AI security and risk at Citation Group. Getting deep into how AI systems, integrations, and agentic workflows are built, connected, and exposed, and ensuring that what gets deployed is safe, understood, and controlled. The successful candidate will have genuine technical curiosity about how AI systems work under the hood, the security instinct to identify what could go wrong, and the confidence to act on their findings with senior stakeholders. This role sits at the frontier of an emerging discipline. It will suit someone who thrives on the pace of change, and who wants to build deep expertise in AI security as the field develops.

Key Responsibilities

Integration Risk Assessment

  • Lead and perform security and risk assessments across all AI use cases, including new tools, workflows, agentic systems, and platform integrations, assessing each against the company's risk framework.
  • Develop and maintain a deep working understanding of how MCP servers, API connections, permission scopes, and agentic frameworks function in practice, and what each means for data exposure, privilege escalation, and system integrity.
  • Assess the attack surface introduced by AI integrations, including prompt injection vectors, tool misuse in agentic pipelines, and unintended data flows across connected systems.
  • Work from minimal information provided by requesters, proactively identifying the right questions to ask and the right evidence to seek, to produce actionable, proportionate risk assessments.
  • Read and interrogate vendor security documentation, API specifications, and integration architecture diagrams independently, without reliance on the requester to interpret them.
  • Manage identified risks through to treatment, working with relevant teams to design and implement controls.

LLM & Agentic Security

  • Assess the specific risks introduced by large language models and agentic AI systems, including prompt injection, jailbreaking, indirect prompt injection via external data sources, and unintended tool invocation.
  • Evaluate agentic workflows for excessive permissions, insufficient human oversight, and potential for uncontrolled action chains.
  • Stay current with the evolving LLM and agentic threat landscape, bringing emerging attack patterns into the risk assessment process as they develop.

Reasons to use Rodeo

I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?

Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.

Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.

Start with a chat, not a search bar

Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.

P

Graduate Consultant — 2026 Scheme

PwC·London, UK
£35,000/yr

Why you're a good match

Strong

Your economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.

See breakdown
Save jobNot relevant
View details

It searches the market for you

Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.

Why you're a good match

You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.

See breakdown
Strong

Experience fit

Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.

See breakdown
Strong

Only hits

No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.

AI Asset Management & Shadow AI

  • Maintain an accurate and current AI asset register, with clear visibility of what is deployed across the group, by whom, and for what purpose.
  • Proactively identify shadow AI deployments and ungoverned integrations using available tooling and assess the risks they present.
  • Recognise that the risk profile of deployed tools can change as vendors release updates and new capabilities, and ensure all new risks are reviewed and treated.

Service Transition

  • Include operational readiness as a component of AI risk assessment, ensuring that the continued support, maintenance, monitoring, and ownership of new AI solutions are considered before deployment.
  • Work with the AI team and IT Service Desk to ensure AI security and risk considerations are factored into service transition planning.

AI Governance

  • Serve as the subject matter expert on AI security and risk within the AI Governance Committee, providing technical input and challenge to ensure decisions are grounded in an accurate understanding of risk.
  • Translate technical findings into clear, actionable guidance that non-technical stakeholders can act on.
  • Contribute to the AI policy, ensuring it reflects the current threat and integration landscape rather than theoretical risk.
  • Support the translation of regulatory developments, including the EU AI Act, ICO guidance, and ISO 42001, into practical governance actions.

Required Experience and Skills

  • Technical Security Background: A solid technical foundation with hands-on experience assessing the security of systems, integrations, and APIs. Comfortable reading API documentation, vendor security disclosures, and integration architecture diagrams independently. Able to identify and articulate risks that requesters have not considered.
  • AI & Agentic Systems Knowledge: A working understanding of how LLMs, agentic AI, MCP servers, and AI integration patterns function, and the security risks they introduce, including prompt injection, tool misuse, data leakage, permissions that exceed what the integration requires, and unintended agentic behaviour.
  • Risk Experience: Demonstrable experience assessing and managing technology risks involving new tools and integrations, ideally including AI integration scenarios involving critical business systems.
  • Ownership Mindset: A completer finisher who doesn't just identify risk but drives it to resolution, whether that means designing a control, working with a vendor, or building the process from scratch. Does not leave security and risk tasks half done with minimal supervision.
  • Regulatory Awareness: Working knowledge of the emerging AI regulatory landscape, including the EU AI Act and ISO 42001, and the ability to translate requirements into practical actions.
  • Adaptability: Comfortable operating in a fast-moving and unpredictable landscape where the technology, risks, and the regulatory environment are all evolving simultaneously. This role would suit someone moving from a cloud security, application security, or technical risk background who has a genuine passion for AI and wants to build expertise at the frontier of the discipline.

Get help with your application

Your very own career expert that helps elevate your application to the next level.

Get help applying for this job

About Us

We are Citation. We are far from your average service provider. Our colleagues bring their brilliant selves to work every day and we create an environment where they can shine. We are a nice bunch. We don’t do office politics or “that’s not my job”. We listen, support and take ownership.

We have been proudly delivering valuable HR and Health and Safety services to SMEs across the UK for over 20 years. Passionate about service, we’re on a mission to revolutionise our colleagues’ and clients’ experience by employing brilliant people who are experts at what they do and smile whilst they are doing it.

Working for Citation you will have access to 25 days holiday, plus your birthday off work, gym membership discount, healthcare, childcare vouchers, the opportunity to purchase extra leave, pension contributions and more.

It’s a great place to work because of the people we employ. Fun and professional, we want likeminded individuals who love to love their job (no ‘mood hoovers’ here thanks!) and want the Company to succeed.

So, if our culture sounds like a good fit for you and you want to be part of our success story, then send us your details.

Trusted by 25,000+ job seekers

“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”

Jessica, London

Get help applying for this job

Skills

Technical Security
Risk Assessment
AI Systems
Integration Architecture
Vendor Security
API Documentation
Large Language Models
Agentic AI
Data Exposure
Regulatory Awareness
Adaptability
Ownership Mindset
Shadow AI
Operational Readiness
AI Governance
Prompt Injection

Location

Wilmslow, England, United Kingdom

Sign up to applySee more jobs like this