AI Risk & Compliance Analyst

AI Risk & Compliance Analyst

Manhattan NY or Charlotte NC - Hybrid

W2 Position

Overview

We are seeking an experienced AI Risk & Compliance Analyst to support the governance, assessment, and oversight of AI initiatives across the enterprise.

This is a hands-on role for a practitioner with direct experience in AI governance, AI risk management, responsible AI, regulatory compliance, and cross-functional stakeholder engagement. The ideal candidate will help strengthen AI governance processes by managing AI use case intake, conducting risk assessments, maintaining governance documentation, and ensuring alignment with evolving legal, privacy, security, and regulatory requirements.

This role requires strong collaboration skills, sound judgment, and the ability to balance innovation with responsible AI adoption.

Key Responsibilities

AI Governance & Risk Management

• Manage and enhance the AI use case intake and review process, including triage, risk classification, stakeholder routing, approval tracking, and follow-up activities.
• Conduct risk and compliance assessments for proposed and existing AI use cases, evaluating data usage, privacy, security, regulatory obligations, business impact, and required controls.
• Review AI-enabled tools, platforms, vendors, and business processes for risks related to:
  • Data privacy and confidentiality
  • Intellectual property protection
  • Bias and fairness
  • Model accuracy and hallucination risk
  • Automated decision-making
  • Transparency and explainability
  • Human oversight and accountability
  • Third-party and vendor risk

Governance Operations

• Maintain and improve the enterprise AI use case inventory, including ownership, vendors, data classifications, risk ratings, approvals, controls, exceptions, and review schedules.
• Translate regulatory, privacy, security, and compliance requirements into practical governance processes, assessment criteria, and control requirements.
• Support alignment with established AI governance frameworks, standards, and emerging regulatory expectations.
• Partner closely with Legal, Privacy, Security, Procurement, Technology, and business stakeholders to document approvals, mitigations, remediation plans, exceptions, and monitoring activities.

Third-Party AI Risk

• Support reviews of AI vendors and third-party solutions, including assessment of AI capabilities, data handling practices, contractual considerations, and governance commitments.

Documentation & Reporting

• Develop and maintain governance artifacts such as:
  • Intake forms
  • Risk assessment templates
  • Review checklists
  • Decision records
  • Process documentation
  • Control frameworks
• Track and report key governance metrics, including intake volumes, review cycle times, risk trends, remediation status, exceptions, and compliance alignment.

Required Qualifications

• 5+ years of experience in Governance, Risk, Compliance (GRC), Information Security, Privacy, Technology Risk, Audit, Third-Party Risk, Model Risk, or a related discipline.
• 2+ years of hands-on experience in AI Governance, Responsible AI, AI Risk Management, AI Compliance, Model Risk Management, Machine Learning Governance, or Emerging Technology Risk.
• Experience assessing AI and Generative AI use cases, including SaaS platforms, machine learning models, automated workflows, analytics solutions, and vendor-provided AI capabilities.
• Strong understanding of AI-related risks, including:
  • Data leakage and confidential data exposure
  • Privacy implications
  • Intellectual property concerns
  • Model accuracy and hallucinations
  • Bias and fairness
  • Automated decision-making risks
  • Transparency and explainability
  • Vendor dependency and concentration risk
• Knowledge of AI governance frameworks and regulatory guidance, including:
  • NIST AI Risk Management Framework (AI RMF)
  • ISO/IEC 42001
  • EU AI Act concepts
  • OECD AI Principles
  • Privacy and industry-specific AI regulations
• Strong foundation in GRC principles, including risk assessments, control evaluations, issue management, remediation tracking, audit readiness, and governance documentation.
• Familiarity with security and compliance frameworks such as NIST CSF, NIST 800-53, ISO 27001, COBIT, SOC 2, PCI-DSS, HIPAA, or SOX.
• Experience developing governance workflows, intake processes, risk assessment methodologies, or compliance documentation.
• Ability to work independently and manage multiple concurrent reviews in a fast-paced environment.
• Excellent written and verbal communication skills, with the ability to explain technical and regulatory concepts to diverse stakeholder groups.

Preferred Qualifications

• Experience designing, implementing, or improving enterprise AI governance programs.
• Experience managing AI system inventories, model inventories, or automated decisioning registries.
• Experience supporting governance initiatives within large, federated, or matrixed organizations.
• Familiarity with GRC and workflow platforms such as One Trust, Archer, Metric Stream, Jira, Service Now, SharePoint, or similar tools.
• Experience developing AI governance dashboards, executive reporting, KPIs, or operational metrics.
• Professional…