AI Risk & Compliance Analyst
Job Title: AI Risk & Compliance Analyst
Location: Hybrid, onsite 3 days/week
Contract length: 6 months
Schedule: Fulltime, 40 hrs/week
Pay: $85/hr to $92.85/hr
What You'll Do
Required Experience
Preferred Experience
Location: Hybrid, onsite 3 days/week
Contract length: 6 months
Schedule: Fulltime, 40 hrs/week
Pay: $85/hr to $92.85/hr
What You'll Do
- Operate and improve the AI use case intake process, including triage, risk categorization, stakeholder routing, approval tracking, and follow-up
- Conduct AI risk and compliance reviews for proposed and existing AI use cases, including evaluation of data use, privacy, security, third-party risk, regulatory exposure, business impact, and control requirements
- Review AI-enabled tools, platforms, vendors, and processes for risks related to confidential data, sensitive data, automated decision-making, transparency, humanoversight, intellectual property, bias, accuracy, and regulatory obligations
- Maintain and improve the AI use case inventory, including owners, vendors, data types, risk ratings, approval status, required controls, exceptions, and review cadence
- Translate AI regulatory, privacy, security, and compliance expectations into practical intake questions, risk assessment criteria, control requirements, and decision records
- Support alignment with AI governance standards and regulatory expectations, and sector specific guidance
- Partner with Legal, Privacy, Security, Procurement, Technology, and business teams to document approvals, mitigations, exceptions, remediation actions, and ongoing monitoring requirements
- Support third-party AI risk reviews, including evaluation of vendor AI capabilities, data processing practices, contractual considerations, and governance commitments
- Develop or improve AI governance artifacts, including intake forms, review checklists, risk rating criteria, process documentation, decision templates, and reporting metrics
- Support reporting on AI governance activity, including intake volume, review cycle time, risk themes, open issues, remediation status, exceptions, and regulatory alignment
Required Experience
- 5+ years of experience in governance, risk, compliance, privacy, information security, technology risk, third-party risk, model risk, audit, or a related field
- 2+ years of direct, hands-on experience with AI governance, responsible AI, AI risk assessment, AI compliance, model risk management, machine learning governance, or emerging technology risk
- Experience reviewing AI use cases involving generative AI tools, SaaS platforms, machine learning models, automated workflows, analytics, or vendor-provided AI capabilities
- Experience evaluating AI risks such as data leakage, confidential data exposure, privacy impact, intellectual property concerns, hallucination or accuracy risk, bias, automated decision-making, transparency, vendor dependency, and human oversight
- Working knowledge of AI governance frameworks, standards, or regulatory guidance such as NIST AI RMF, ISO/IEC 42001, EU AI Act concepts, OECD AI principles, privacy regulations, or sector-specific AI guidance
- Strong understanding of GRC fundamentals, including risk assessment, control evaluation, issue tracking, remediation management, policy exceptions, audit-ready documentation, and stakeholder approvals
- Familiarity with security and compliance frameworks such as NIST CSF, NIST 800-53, ISO 27001, COBIT, SOC 2, PCI, HIPAA, or SOX
- Experience creating or improving intake forms, risk assessment templates, control mappings, decision records, process documentation, or governance workflows
- Ability to work independently, manage multiple concurrent reviews, and produce high-quality documentation with limited supervision
- Strong written and verbal communication skills, including the ability to explain AI risk and compliance concepts to non-specialist stakeholders
Preferred Experience
- Experience standing up or improving an AI governance intake and review process
- Experience maintaining an AI system, AI use case, model, or automated decisioning inventory
- Experience supporting AI governance in a federated, matrixed, or multi-business enterprise
- Experience with third-party AI risk management, GRC platforms, workflow tools, risk registers, Jira, SharePoint, OneTrust, MetricStream, Archer, or similar tools
- Experience developing AI governance metrics, dashboards, executive reporting, or operational KPIs
- Relevant certifications such as AIGP, CISA, CRISC, CISM, CISSP, CDPSE, ISO 27001, ISO 42001, or similar credentials