AI Risk & Compliance Analyst

Our Client, a Global Services and Media company, is looking for an AI Risk & Compliance Analyst for their New York, NY location.
 
Responsibilities:

• Operate and improve the AI use case intake process, including triage, risk categorization, stakeholder routing, approval tracking, and follow-up.
• Conduct AI risk and compliance reviews for proposed and existing AI use cases, including evaluation of data use, privacy, security, third-party risk, regulatory exposure, business impact, and control requirements.
• Review AI-enabled tools, platforms, vendors, and processes for risks related to confidential data, sensitive data, automated decision-making, transparency, human oversight, intellectual property, bias, accuracy, and regulatory obligations.
• Maintain and improve the AI use case inventory, including owners, vendors, data types, risk ratings, approval status, required controls, exceptions, and review cadence.
• Translate AI regulatory, privacy, security, and compliance expectations into practical intake questions, risk assessment criteria, control requirements, and decision records.
• Support alignment with AI governance standards and regulatory expectations, and sector specific guidance.
• Partner with Legal, Privacy, Security, Procurement, Technology, and business teams to document approvals, mitigations, exceptions, remediation actions, and ongoing monitoring requirements.
• Support third-party AI risk reviews, including evaluation of vendor AI capabilities, data processing practices, contractual considerations, and governance commitments.
• Develop or improve AI governance artifacts, including intake forms, review checklists, risk rating criteria, process documentation, decision templates, and reporting metrics.
• Support reporting on AI governance activity, including intake volume, review cycle time, risk themes, open issues, remediation status, exceptions, and regulatory alignment.

• 5+ years of experience in governance, risk, compliance, privacy, information security, technology risk, third-party risk, model risk, audit, or a related field.
• 2+ years of direct, hands-on experience with AI governance, responsible AI, AI risk assessment, AI compliance, model risk management, machine learning governance, or emerging technology risk.
• Experience reviewing AI use cases involving generative AI tools, SaaS platforms, machine learning models, automated workflows, analytics, or vendor-provided AI capabilities.
• Experience evaluating AI risks such as data leakage, confidential data exposure, privacy impact, intellectual property concerns, hallucination or accuracy risk, bias, automated decision-making, transparency, vendor dependency, and human oversight.
• Working knowledge of AI governance frameworks, standards, or regulatory guidance such as NIST AI RMF, ISO/IEC 42001, EU AI Act concepts, OECD AI principles, privacy regulations, or sector-specific AI guidance.
• Strong understanding of GRC fundamentals, including risk assessment, control evaluation, issue tracking, remediation management, policy exceptions, audit-ready documentation, and stakeholder approvals.
• Familiarity with security and compliance frameworks such as NIST CSF, NIST 800-53, ISO 27001, COBIT, SOC 2, PCI, HIPAA, or SOX.
• Experience creating or improving intake forms, risk assessment templates, control mappings, decision records, process documentation, or governance workflows.
• Ability to work independently, manage multiple concurrent reviews, and produce high quality documentation with limited supervision.
• Strong written and verbal communication skills, including the ability to explain AI risk and compliance concepts to non-specialist stakeholders.

• Experience standing up or improving an AI governance intake and review process.
• Experience maintaining an AI system, AI use case, model, or automated decisioning inventory.
• Experience supporting AI governance in a federated, matrixed, or multi-business enterprise.
• Experience with third-party AI risk management, GRC platforms, workflow tools, risk registers, Jira, SharePoint, OneTrust, MetricStream, Archer, or similar tools.
• Experience developing AI governance metrics, dashboards, executive reporting, or operational KPIs.
• Relevant certifications such as AIGP, CISA, CRISC, CISM, CISSP, CDPSE, ISO 27001, ISO 42001, or similar credentials.

• Excellent growth and advancement opportunities