AI Governance Engineer
talabat · Dubai, United Arab Emirates
Apply & track with Apply EdgeCompany Descriptiontalabat is the leading on-demand food and non-food delivery platform in MENA, operating across 8 countries and processing hundreds of millions of orders annually. We're part of Delivery Hero, the global leader in online food delivery and q-commerce, and we're engineering-first.The Role - AI Governance EngineerYou own the standard-setting, testing, and independent verification of AI agent safety, quality, and compliance as our agent fleet grows. You're not building agents or operating them. You're the person who defines what "safe, correct, and compliant" means, tests for it independently, scales that testing as agent count grows, and drives accountability when something breaks. As agent count climbs, you'll scale through risk-tiering and reusable test libraries.As our AI agent fleet grows, we need someone to own the standard-setting, testing, and independent verification of safety, quality, and compliance. You're not building or operating agents—you're the person who defines what "safe, correct, and compliant" means, tests for it at scale, and drives accountability. You'll use AI tools as your default to do governance work at speed while knowing where humans must stay in the loop.What You'll Own:AI Safety:Architect adversarial payload libraries and red-teaming frameworks that Engineering teams use to self-test their agentsAuthor the reusable red-teaming library (payload templates and attack patterns) that covers the OWASP Top Vulnerabilities for LLM Applications and your specific agent patternsEnable teams to verify data leakage prevention and tool guardrails autonomously through standardized verification suitesProvide periodic red-team campaigns and automated regression scripts that empower teams to own their safety postureEnable teams to verify data leakage prevention and tool guardrails autonomously through standardized verification suiteQuality:Build hallucination testing policies, bias assessment templates, and drift monitoring frameworks as consumable servicesEnable teams to integrate evaluation methodologies directly into CI/CD pipelines, ensuring quality is built-in by designProvide automated triggers that allow teams to spot-check production conversations and maintain high qualityCompliance & Brand Success:Translate regulatory obligations into actionable technical checklists and mapping tools that Engineering can execute independentlyProvide frameworks for auditability and brand safety sampling, operationalizing compliance requirements in real-timeBridge Legal and Engineering with technical verification tools—governance as an accelerator, not a roadblockGovernance Intelligence:Maintain a bird's-eye view of all AI products through automated monitoring and reporting of governance metricsConduct periodic maturity assessments against global frameworks (NIST AI RMF, EU AI Act) and provide roadmaps for compliance gapsLiaise with teams to troubleshoot and reach target scores when metrics fall below thresholdsYour Profile:You have extensive experience building and testing systems where safety, compliance, or safety matter. You've done red-teaming or adversarial testing on LLM applications, or you've worked in AI Engineering, QA automation, compliance engineering or red-teaming with credible ability to transfer those skills to AI risks. You understand data access control models (IAM, row-level security, policy-based access control). You know how RAG pipelines and agent tool-calling work. You can code (Python preferred) to build test harnesses, automate scans, and parse logsWhat Sets You Apart:You speak the language of security, engineering, data, and legal—constantly translating between them. You're comfortable with technical pushback and can articulate trade-offs between governance strictness and agent velocity. You've shipped governance standards or compliance processes across teams and worked in regulated environments (fintech, healthtech, finserv, government). You understand prompt injection defence patterns, know OWASP Top Vulnerabilities for LLMs as reference material, can independently evaluate governance frameworks, and make decisions under ambiguity while owning the outcomes.How You'll Progress:Initial Phase: Audit all agents, define governance taxonomy, execute first red-team campaigns, build cross-functional relationships, establish findings workflowOperationalize: Deploy reusable red-teaming libraries, automated regression testing, data leakage standards, hallucination evaluation frameworks, and brand safety reviewsScale & Stratify: Implement risk-tiering logic, scale automated red-teaming, build self-serve governance libraries, deploy drift monitoring dashboardsEmbedded & Strategic: Fully automated governance with zero silent drift incidents; governance viewed as enabler, not blocker; influence how teams design safety from first principles