Job Title: AI Risk & Compliance Analyst
Location: Hybrid, onsite 3 days/week
Contract length: 6 months
Schedule: Fulltime, 40 hrs/week
Pay: $85/hr to $92.85/hr

What You'll Do

• Operate and improve the AI use case intake process, including triage, risk categorization, stakeholder routing, approval tracking, and follow-up
• Conduct AI risk and compliance reviews for proposed and existing AI use cases, including evaluation of data use, privacy, security, third-party risk, regulatory exposure, business impact, and control requirements
• Review AI-enabled tools, platforms, vendors, and processes for risks related to confidential data, sensitive data, automated decision-making, transparency, humanoversight, intellectual property, bias, accuracy, and regulatory obligations
• Maintain and improve the AI use case inventory, including owners, vendors, data types, risk ratings, approval status, required controls, exceptions, and review cadence
• Translate AI regulatory, privacy, security, and compliance expectations into practical intake questions, risk assessment criteria, control requirements, and decision records
• Support alignment with AI governance standards and regulatory expectations, and sector specific guidance
• Partner with Legal, Privacy, Security, Procurement, Technology, and business teams to document approvals, mitigations, exceptions, remediation actions, and ongoing monitoring requirements
• Support third-party AI risk reviews, including evaluation of vendor AI capabilities, data processing practices, contractual considerations, and governance commitments
• Develop or improve AI governance artifacts, including intake forms, review checklists, risk rating criteria, process documentation, decision templates, and reporting metrics
• Support reporting on AI governance activity, including intake volume, review cycle time, risk themes, open issues, remediation status, exceptions, and regulatory alignment

• 5+ years of experience in governance, risk, compliance, privacy, information security, technology risk, third-party risk, model risk, audit, or a related field
• 2+ years of direct, hands-on experience with AI governance, responsible AI, AI risk assessment, AI compliance, model risk management, machine learning governance, or emerging technology risk
• Experience reviewing AI use cases involving generative AI tools, SaaS platforms, machine learning models, automated workflows, analytics, or vendor-provided AI capabilities
• Experience evaluating AI risks such as data leakage, confidential data exposure, privacy impact, intellectual property concerns, hallucination or accuracy risk, bias, automated decision-making, transparency, vendor dependency, and human oversight
• Working knowledge of AI governance frameworks, standards, or regulatory guidance such as NIST AI RMF, ISO/IEC 42001, EU AI Act concepts, OECD AI principles, privacy regulations, or sector-specific AI guidance
• Strong understanding of GRC fundamentals, including risk assessment, control evaluation, issue tracking, remediation management, policy exceptions, audit-ready documentation, and stakeholder approvals
• Familiarity with security and compliance frameworks such as NIST CSF, NIST 800-53, ISO 27001, COBIT, SOC 2, PCI, HIPAA, or SOX
• Experience creating or improving intake forms, risk assessment templates, control mappings, decision records, process documentation, or governance workflows
• Ability to work independently, manage multiple concurrent reviews, and produce high-quality documentation with limited supervision
• Strong written and verbal communication skills, including the ability to explain AI risk and compliance concepts to non-specialist stakeholders

• Experience standing up or improving an AI governance intake and review process
• Experience maintaining an AI system, AI use case, model, or automated decisioning inventory
• Experience supporting AI governance in a federated, matrixed, or multi-business enterprise
• Experience with third-party AI risk management, GRC platforms, workflow tools, risk registers, Jira, SharePoint, OneTrust, MetricStream, Archer, or similar tools
• Experience developing AI governance metrics, dashboards, executive reporting, or operational KPIs
• Relevant certifications such as AIGP, CISA, CRISC, CISM, CISSP, CDPSE, ISO 27001, ISO 42001, or similar credentials