NEW JOB OPENING
AI RISK & COMPLIANCE ANALYST
IN New York City, NY, USA!

Requirements:

• 5+ years of experience in governance, risk, compliance, privacy, information security, technology risk, third party risk, model risk management, audit, or a related field.

• 2+ years of direct, hands on experience with AI governance, responsible AI, AI risk assessment, AI compliance, machine learning governance, or emerging technology risk.

• 2+ years of experience reviewing AI use cases involving generative AI, SaaS platforms, machine learning models, automated workflows, analytics, or vendor provided AI capabilities.

• 2+ years of experience evaluating AI risks such as data leakage, confidential data exposure, privacy impacts, intellectual property concerns, hallucination or accuracy risk, bias, automated decision making, transparency, vendor dependency, and human oversight.

• 2+ years of working knowledge of AI governance frameworks, standards, or regulatory guidance (e.g., NIST AI RMF, ISO/IEC 42001, EU AI Act concepts, OECD AI principles, privacy regulations, or sector specific AI guidance).

• 5+ years of experience applying GRC fundamentals, including risk assessment, control evaluation, issue tracking, remediation management, policy exceptions, audit ready documentation, and stakeholder approvals.

• 3+ years of familiarity with security and compliance frameworks such as NIST CSF, NIST 800 53, ISO 27001, COBIT, SOC 2, PCI, HIPAA, or SOX.

• 3+ years of experience creating or improving intake forms, risk assessment templates, control mappings, decision records, process documentation, or governance workflows.

• Proven ability to work independently, manage multiple concurrent reviews, and deliver high quality documentation with limited supervision.

• Strong written and verbal communication skills, with the ability to explain AI risk and compliance concepts to non technical and non specialist stakeholders.



Preferred Qualifications:

• 2+ years of experience standing up or significantly improving an AI governance intake and review process.

• 2+ years of experience maintaining an AI system, AI use case, model, or automated decision making inventory.

• 2+ years of experience supporting AI governance in a federated, matrixed, or multi business enterprise environment.

• 2+ years of experience with third party AI risk management and GRC tooling, including platforms such as Jira, SharePoint, OneTrust, MetricStream, Archer, or similar workflow and risk management tools.

• 1+ year of experience developing AI governance metrics, dashboards, executive level reporting, or operational KPIs.

• Relevant professional certifications (e.g., AIGP, CISA, CRISC, CISM, CISSP, CDPSE, ISO 27001, ISO 42001, or comparable credentials).



Summary:

• We are seeking an experienced AI Risk & Compliance Analyst to support the intake, assessment, documentation, and ongoing governance of AI use cases across the enterprise.

• This hands-on role focuses on improving AI governance workflows, conducting risk and compliance reviews, maintaining clear documentation, and ensuring alignment with evolving legal, regulatory, privacy, security, and responsible AI expectations.

• Operating within a federated environment, this role requires strong stakeholder management, sound judgment, and the ability to enable responsible AI adoption while minimizing unnecessary friction for business teams.



Responsibilities:

• Operate and continuously improve the AI use case intake process, including triage, risk categorization, stakeholder routing, approval tracking, and follow-up.

• Conduct AI risk and compliance assessments for proposed and existing AI use cases, evaluating data usage, privacy, security, third party risk, regulatory exposure, business impact, and control requirements.

• Review AI-enabled tools, platforms, vendors, and processes for risks related to confidential and sensitive data, automated decision making, transparency, human oversight, intellectual property, bias, accuracy, and regulatory obligations.

• Maintain and enhance the enterprise AI use case inventory, including owners, vendors, data types, risk ratings, approval status, required controls, exceptions, and review cadence.

• Translate AI regulatory, privacy, security, and compliance requirements into practical intake questions, risk criteria, control requirements, and documented decision records.

• Support alignment with internal AI governance standards, external regulatory expectations, and sector specific guidance.

• Partner with Legal, Privacy, Security, Procurement, Technology, and business stakeholders to document approvals, mitigations, exceptions, remediation actions, and ongoing monitoring requirements.

• Support third party AI risk reviews, including evaluation of vendor AI capabilities, data processing practices, contractual considerations, and governance commitments.

• Develop and improve AI governance artifacts such as intake forms, review checklists, risk rating criteria, process documentation, decision templates, and reporting metrics.

• Support reporting and analytics on AI governance activities, including intake volume, review cycle times, key risk themes, remediation status, exceptions, and regulatory alignment.

• **Only those lawfully authorized to work in the designated country associated with the position will be considered.**

• **Please note that all Position start dates and duration are estimates and may be reduced or lengthened based upon a client’s business needs and requirements.**