AI Security & Identity Lead

About Rimini Street, Inc.

Rimini Street, Inc. (Nasdaq: RMNI), a Russell 2000® Company, is a proven, trusted global provider of end-to-end, mission-critical enterprise software support, managed services and innovative Agentic AI ERP solutions, and is the leading third-party support provider for Oracle, SAP and VMware software.

Our comprehensive portfolio of unified solutions help run, manage, support, customize, configure, connect, protect, monitor, and optimize enterprise application, database and technology software, enabling our clients to achieve better business outcomes, significantly reduce costs and reallocate resources towards strategic projects.

The Company has signed thousands of contracts with Fortune Global 100, Fortune 500, midmarket, public sector and government organizations who selected Rimini Street as their trusted, proven mission-critical enterprise software solutions provider and achieved better operational outcomes, realized billions of US dollars in savings and funded AI and other innovation investments.

We are actively seeking a Security & Identity Lead - Agentic ERP Platform.This hybrid role is based in our Selangor or Penang office.

Position Summary

TheSecurity & Identity Lead owns the security architecture, identity management, and compliance posture of Rimini Street’s Agentic ERP Platform. This role is responsible for ensuring that AI agent interactions, data access, and system integrations meet enterprise security standards — designing authentication, authorization, and data isolation frameworks that protect customer environments — and for producing the audit evidence, compliance reporting, and customer-facing security posture that make those controls defensible to auditors and client security teams.

Reporting to the VP, Platform Engineering, this leader builds and runs the Malaysia-based security and compliance observability function — partnering with Platform Engineering, Operations, and Delivery across all three hubs. The ideal candidate combines deep security engineering expertise with practical experience securing cloud-native, multi-tenant platforms, and brings the leadership maturity to grow a small team and represent platform security to executive, audit, and customer audiences.

Essential Duties & Responsibilities

Security Architecture

• Design and implement the platform’s security architecture, covering authentication, authorization, encryption, and audit logging.
• Define trust boundaries and access control policies that govern agent-to-system and user-to-agent interactions.
• Establish data isolation and multi-tenancy security patterns that protect customer data across all platform layers.
• Conduct threat modelling and security risk assessments for new platform features and integrations, including AI-specific risks (prompt injection, indirect injection, RAG corpus contamination).
• Define and enforce security standards for API endpoints, data storage, inter-service communication, and air-gap deployment scenarios.

Identity & Access Management

• Design and implement IAM solutions including SSO, OAuth 2.0, OIDC, and SAML integrations for enterprise customers.
• Build role-based access control (RBAC) and attribute-based access control (ABAC) frameworks for platform users and agents, including policy-as-code (OPA/Rego) authoring and review.
• Implement token management, session handling, and credential lifecycle policies.
• Design customer identity federation patterns that integrate with enterprise identity providers.
• Establish service-to-service authentication and authorization for internal platform components, including mTLS and HashiCorp Vault-managed secrets.

Compliance, Audit & Observability

• Own platform compliance posture against relevant security frameworks (SOC 2, ISO 27001, GDPR, and industry-specific requirements).
• Lead operational and security observability that turns platform telemetry into compliance evidence, customer-facing posture reports, and audit artefacts.
• Establish data classification policies and implement appropriate controls for each classification level.
• Coordinate with Rimini Street’s corporate security and compliance teams to align platform security with organisational policies.
• Produce security documentation, including architecture decision records, threat models, and audit-ready compliance evidence.
• Support the Indemnification Control Owner with integrated quarterly configuration audit reports covering monitored vendor indemnification conditions.
• Own client-facing audit and security response: produce evidence packages on demand for client audits, regulatory reviews, and security questionnaires.

Security Operations

• Implement security scanning and vulnerability management for platform code, dependencies, and infrastructure (PII detection via Microsoft Presidio or equivalent).
• Align platform incident response with Rimini Street’s corporate security incident process.
• Conduct security code reviews and establish secure coding guidelines for engineering teams across all three delivery hubs.
• Monitor and respond to security advisories affecting platform dependencies and infrastructure.
• Perform periodic security assessments and coordinate penetration testing.

Team Leadership

• Lead the Malaysia-based security and compliance observability function, including direct management of the Observability & Governance Engineer.
• Grow the function over time as the platform scales — hiring, mentoring, and developing security and observability talent.
• Establish team processes for evidence production, audit response, and compliance reporting that balance rigour with delivery velocity.
• Represent platform security to executive, audit, customer, and partner audiences — translating technical controls into business-language posture reports.
• Partner with the Security & Identity Lead’s peers across hubs: Platform Engineering (security control implementation), AI/ML Lead (LLM observability integration), DevOps (CI/CD security), and Delivery (client security evidence).

Experience

• 8+ years of security engineering experience, with at least 3 years in a lead or management role.

• Proven experience designing security architectures for cloud-native, multi-tenant platforms.
• Hands-on experience implementing IAM solutions (SSO, OAuth 2.0, OIDC, SAML) in enterprise environments.
• Track record of producing audit evidence for SOC 2, ISO 27001, SOX, or equivalent regulatory frameworks.
• Experience leading security initiatives across distributed engineering teams and managing small direct-report teams.
• Background in enterprise software, ERP systems, or B2B platforms preferred.

Technical Skills

Required

• Identity protocols: OAuth 2.0, OpenID Connect, SAML 2.0, and JWT/JWS/JWE.
• Authentication and authorisation frameworks: Keycloak, Auth0, Okta, or equivalent.
• Policy-as-code: OPA/Rego authoring, review, and integration with platform services.
• Secrets management: HashiCorp Vault or equivalent enterprise secret store.
• Application security: OWASP Top 10, secure coding practices, and security code review.
• AI-specific security: prompt injection defence, indirect injection mitigations, RAG corpus integrity, model access controls.
• PII detection and data masking (Microsoft Presidio or equivalent).
• Encryption: TLS/mTLS, data-at-rest encryption, key management, and certificate lifecycle.
• API security: rate limiting, input validation, CORS, and API gateway security patterns.
• Cloud security: AWS or Azure security services, IAM policies, VPC networking, and secrets management.
• Air-gap and disconnected deployment security: secrets distribution, certificate lifecycle, update propagation.
• Python and/or Java for security tooling and integration development.
• Git version control and CI/CD security integration (SAST, DAST, SCA).

Preferred

• Experience with PostgreSQL security: row-level security, encryption extensions, and audit logging.
• Knowledge of container and Kubernetes security (pod security policies, network policies, service mesh).
• Familiarity with infrastructure-as-code security (Terraform, CloudFormation scanning).
• Experience with LLM observability tooling (LangFuse or equivalent) and operational telemetry interpretation for AI systems.
• Experience with security information and event management (SIEM) tools.
• Exposure to Zero Trust architecture principles and implementation.
• Experience with hardware security modules (HSM) or cloud KMS.
• Familiarity with AI assurance frameworks (AIUC-1 or equivalent).
• Experience with third-party MCP / agent security models or LLM gateway security patterns (rate limiting at the model layer, prompt firewall, output filtering).

Skills & Competencies

• Security-first mindset; designs systems with defence-in-depth and least-privilege principles.

• Evidence-oriented; understands that compliance is about producing defensible records, not just collecting data.
• Strong people leadership; able to grow and retain a small, high-performing security and observability team.
• Customer-facing maturity; can represent platform security to external auditors, client security teams, and executive audiences.
• Strong analytical skills; able to assess complex systems for security risks and design proportionate controls.
• Collaborative; works effectively with engineering teams to integrate security without impeding delivery velocity.
• Pragmatic; balances security rigour with business needs and development speed.
• Clear communicator; able to articulate security risks, trade-offs, and compliance posture to technical and executive audiences.
• Self-motivated and effective in a remote environment.
• Fluent in English (written and verbal).

Desired Qualifications

• Bachelor’s or Master’s degree in Computer Science, Cybersecurity, or related field.

• Security certifications: CISSP, CISM, CEH, or AWS Security Specialty.
• Compliance or audit-related certifications (CISA, ISO 27001 Lead Auditor, or equivalent).
• Experience in enterprise software companies or B2B SaaS platforms.
• Published security research or contributions to security-focused open-source projects.

Location & Travel

Location:Hybrid -Selangor or Penang office.

Travel:Minimal; occasional travel for team meetings or training

Language:Fluent English required (written and verbal)

Why Rimini Street?

We are looking for talented, passionate people to help us build our future atRimini Street. We hire only the best, the most extraordinary professionals and provide compensation, bonuses, and benefits to match the skills of our top-performing team members. Do you thrive in a fast-paced environment, enjoy growing together, and get excited about learning new skills? Are you looking for an opportunity to make a true impact as part of a team of extraordinary professionals? This is the place for you.

Our work is challenging and meaningful. We start and end each day with a sense of achievement and purpose guided by our core values, the Four Cs: 

• Company
  • We dream big and innovate boldly.  

• Colleagues
  • We work with extraordinary people who create a culture of mutual respect and collaboration. 

• Clients
  • We relentlessly pursue solutions that help clients achieve their goals. Our unmatched client care is rooted in our passion for exceptional service. 

• Community 
  • We believe in leaving the world a better place than we found it. With the Rimini Street Foundation, we’ve made positive impacts in six continents for over 425 charities.

Accelerating Company Growth

• Nasdaq-listed under ticker symbolRMNI since October 2017 
• Over 6,300+ signed contracts to date, including Fortune 500 and Global 100 companies
• Over 2,000 team members in 23 countries
• US and international recognition for industry leadership and philanthropic efforts. See all of our awards and recognitions here: https://www.riministreet.com/company/awards/ 

Rimini Street is committed to creating a diverse and inclusive environment and is proud to be an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to age, race, color, religion, national origin, sexual orientation, gender or gender identity, disability, protected veteran status, or any other characteristic protected by law. 

To learn more about how Rimini Street is redefining the enterprise software support industry, visithttp://www.riministreet.com 

Please Note: Rimini Street does not accept resumes submitted by recruiting/staffing firms unless specifically requested by Human Resources.  Unsolicited resumes will be ineligible for referral fees.