AI Risk & Compliance Analyst

Lead governance, risk assessment, and compliance activities specific to AI/ML systems, LLM integrations, AI agents, and retrieval-augmented workflows

Partner with the Senior Security Engineer, AI/ML to integrate risk assessment findings into GRC frameworks and translate technical risk into governance requirements

Develop, maintain, and refine AI risk and compliance controls aligned with relevant frameworks, including ISO/IEC 27001, NIST Cybersecurity Framework, NIST AI Risk Management Framework, EU AI Act, GDPR, and other applicable standards

Execute risk assessments for new AI vendors, LLM platforms, AI APIs, and enterprise AI tools, including third-party risk scoring, control mapping, and remediation tracking

Manage the vendor risk assessment lifecycle for AI/ML related suppliers, ensuring documented controls, evidence collection, and follow-up on remediation items

Support audit activities, capturing evidence and coordinating cross-functional stakeholders for internal and external compliance reviews involving AI systems

Develop and maintain AI-specific GRC policies, standards, and procedures that map to AI risk domains, explainability requirements, and compliance obligations

Facilitate AI risk and compliance reporting to leadership, including risk dashboards, trend analysis, control effectiveness measurements, and key metrics

Monitor emerging AI governance requirements, guidance, and best practices, translating them into GRC program updates and compliance recommendations

Support security incident documentation and post-incident analysis for AI system events, coordinating with Legal and Security teams to ensure appropriate governance response

6+ years of experience in Governance, Risk & Compliance, including risk assessment, policy development, audit coordination, and third-party risk management

Demonstrated experience performing governance or risk assessments for AI/ML systems, including LLM integrations, model pipelines, AI agents, or data-driven algorithmic systems

Experience translating AI-specific risks (i.e., data poisoning, prompt injection, model misuse, data leakage, explainability gaps) into documented control requirements and governance standards

Hands-on experience conducting third-party risk assessments for AI vendors, LLM platforms, AI APIs, or machine learning service providers

Experience mapping AI-related risks and controls to frameworks such as ISO/IEC 27001, NIST CSF, NIST AI RMF, ISO/IEC 42001, GDPR, PCI DSS, or similar standards

Strong understanding of data governance concepts relevant to AI systems, including training data lineage, data retention, model output handling, and human oversight requirements

Experience supporting regulatory readiness or compliance efforts related to AI systems

Proven ability to collaborate with engineering and security teams to validate control implementation and remediation

Experience with GRC tools, risk registers, and evidence-based compliance workflows

Bachelor’s degree in Information Security, Computer Science, Business Risk, Compliance, or a related field, relevant certifications CISA, CISM, CRISC, CISSP, AIGP, or equivalent practical experience