Job Summary: We are seeking an AI security specialist to define and evolve security controls, assess risks, and design technical and operational safeguards. Key Highlights: 1. Be part of the most innovative bank in Western Europe. 2. Personalized onboarding and mentoring program. 3. Individual training itinerary with access to an online platform. BARCELONA, B, ES, 08028 CaixaBank is a financial group operating under a socially responsible universal banking model with a long-term vision, grounded in quality, proximity, and specialization. It offers a tailored value proposition of products and services for each segment, embracing innovation as a strategic challenge and a defining trait of its culture. Its leading position in retail banking in Spain and Portugal enables it to play a key role in contributing to sustainable economic growth. What projects do we develop? The rapid adoption of Artificial Intelligence (AI), generative AI, and autonomous agents in critical organizational processes is significantly expanding the risk surface, introducing threats not fully covered by traditional cybersecurity models. Currently, AI and cybersecurity governance—as well as AI models, agents, and AI-driven decision chains—require specific controls across their entire lifecycle: design, training, deployment, and real-time operation. In this context, it is essential to identify and hire a specialist profile in AI and agent security, possessing deep expertise both in classical cybersecurity and in emerging AI-specific risks, to ensure safe, controlled, and regulation-compliant AI usage. Job Location This position is based at CaixaBank’s Central Services in Barcelona. Candidate Profile: Must be capable of integrating into the Prevent & Detect Cybersecurity team, adapting defined processes and controls for AI environments to align with other domains (Prevention, Detection, Response). Responsibilities * Define and evolve security controls specifically for AI models and agents. * Assess risks associated with new AI and agent use cases prior to deployment. * Design technical and operational guardrails for the use of generative AI and autonomous agents. * Collaborate with AI governance, technology risk, CSIRT, and CyberSOC teams. * Ensure runtime security for AI applications and agents. * Contribute to internal frameworks for AI penetration testing and security evaluation. Minimum Requirements * Solid experience in cybersecurity, focused on complex and critical corporate environments (banking, regulated sectors, or large enterprises). * Specific knowledge of AI-related security risks—including generative AI and autonomous agents—beyond traditional cybersecurity. * Ability to assess risks associated with AI models, agents, and components throughout their full lifecycle (design, training, deployment, and operation). * Experience protecting sensitive data in AI environments where AI consumes or generates critical information, ensuring no exposure and controlled usage. * Knowledge of AI-specific threats such as prompt injection and input/output manipulation. * Data exfiltration via models or agents. * Abuse of autonomous agents and AI-driven decision chains. * Experience in runtime security for AI applications, models, and agents—including continuous monitoring and detection of anomalous behavior. * Ability to define and implement technical and operational guardrails for generative AI and agent usage (action limits, access controls, validations). * Knowledge of cloud architectures and hybrid environments where AI models and agents operate (AWS, Azure, GCP, Salesforce), and their security implications. * Experience with AI security evaluation and testing frameworks—including generative AI penetration testing and review of prompts and agent workflows. * Ability to work cross-functionally. * Orientation toward enabling secure AI usage, avoiding purely restrictive approaches that hinder innovation. * Critical thinking and risk-oriented mindset applied to emerging technologies. * Strong communication skills to explain complex AI risks to non-technical stakeholders and governance bodies. * Continuous improvement mindset, given the rapid evolution of AI threats and technologies. * Technical autonomy and leadership to define standards and criteria in an emerging field. What do we offer? * Be part of the most innovative bank in Western Europe, according to The Innovators awards by the U.S. magazine Global Finance. * Personalized onboarding and mentoring program for your professional development. * Individual training itinerary with access to our online platform, offering an extensive catalog of self-paced learning resources to foster your continuous growth. * You will have a comprehensive health insurance plan fully covered at no cost to you. Additionally, you will be enrolled in the Pension Plan, to which CaixaBank will make contributions with your future in mind. * Flexible compensation applicable to transportation, training, languages, childcare, among others. * Flexibility measures (remote work, flexible start times). * We hold the Top Employer certification, recognizing us as one of the best companies to work for. Job profile Establish, implement, and monitor security policies to anticipate, identify, and mitigate emerging security risks within the organization—including operational security and fraud arising from banking activities, as well as cybersecurity stemming from new internet-based risks. Competencies **HARD SKILLS** CONFLICT, THREAT AND VULNERABILITY MANAGEMENT SECURITY PLATFORMS SECURITY ARCHITECTURE TECHNICAL DOCUMENTATION APPLICATION SECURITY CLOUD AND INFRASTRUCTURE SECURITY INFORMATION SECURITY TECHNOLOGIES CYBERSECURITY PROCEDURES NETWORKS AND SECURITY SECURITY PLATFORM MANAGEMENT AND MONITORING**SOFT SKILLS** ALLIANCES – COLLABORATION AND CROSS-FUNCTIONALITY ALLIANCES – COMMUNICATION ALLIANCES – INFLUENCE ALLIANCES – CUSTOMER ORIENTATION HUMANISM – COMMUNICATION AND EMPATHY HUMANISM – LEADERSHIP AND TEAM DEVELOPMENT / SELF-LEADERSHIP ANTICIPATION – ANTICIPATION AND CHANGE MANAGEMENT EMPOWERMENT – RESULTS ORIENTATION DIVERSITY – PROMOTING DIVERSITY