AI Security & Governance

Joao Coelho

Security Architect — AI Governance & GRC
I work on how organizations deploy AI agents securely and govern them defensibly: architecture, controls, policy, and the documentation that satisfies enterprise security reviews and regulatory audits.

What I do

AI security architecture. Designing self-hosted AI agent deployments with explicit trust boundaries, data flow controls, and audit-ready logging. Most of my hands-on work involves LLM-based agents using tool-calling and MCP integrations.
Governance & compliance. Mapping agent architectures to NIST AI RMF, ISO/IEC 42001, and SOC 2 Common Criteria. Building the documentation layer — policies, control mappings, questionnaire responses — that lets organizations prove their AI governance to auditors and enterprise customers.
Applied research & writing. I write regularly on AI governance, the EU AI Act, and emerging standards for agent-based systems. My master's research focuses on control frameworks for tool-using LLM agents in regulated environments.

Writing

Articles forthcoming as I publish through my master's program — follow on LinkedIn

LinkedIn Profile

about

Joao Coelho is a security architect focused on the governance and secure deployment of AI agents. He is completing a master's in Cybersecurity at NYU, with research on control frameworks for tool-using LLM agents in regulated industries. CISSP candidate, PMP holder. Based in Reston, VA. Currently Senior Associate, Security Engineering and Management at AIG.

Contact

Email: [email protected]
LinkedIn: https://www.linkedin.com/in/joaocoelho1/
For research collaborations, speaking, or advisory inquiries: get in touch by email.