AI GRC Program Manager
Pillsbury Winthrop Shaw Pittman LLP · Nashville, TN · 1 wk ago
Information Technology$125k–$135k/yrFull-time
Key Responsibilities
- Lead the day-to-day execution and ongoing maturity of the Firm’s AI governance, risk, and compliance program.
- Help define and operationalize the Firm’s governance framework for third-party and internal AI tools.
- Establish clear processes for AI intake, review, approval, documentation, and oversight.
- Partner with the Director, GRC, and Chief AI Officer to align AI governance priorities with Firm strategy and risk tolerance.
Policy Development & Interpretation
- Draft, maintain, and interpret AI-related policies, standards, procedures, and governance guidance for the Firm.
- Translate evolving legal, regulatory, and client expectations into practical internal requirements and operational controls.
- Provide policy interpretation and guidance to business and technology stakeholders on the appropriate use of AI-enabled tools.
- Help ensure AI governance documentation remains current, practical, and aligned with the Firm’s broader risk and compliance framework.
Vendor AI Governance
- Establish and maintain the AI governance framework, review standards, and control expectations used to assess third-party AI vendors.
- Partner with GRC Analysts responsible for third-party management to integrate AI-specific requirements into the Firm’s vendor review process.
- Provide consultation on higher-risk, complex, or novel AI vendor reviews, including issues related to data use, model behavior, human oversight, and regulatory exposure.
- Collaborate with Legal, Privacy, Information Security, Chief AI Office, and business stakeholders to define appropriate governance conditions for approved AI-enabled vendors.
- Help ensure approved AI vendors are subject to clear usage boundaries, documentation standards, and ongoing governance expectations.
Internal AI Governance
- Lead governance activities for internal AI systems and AI-enabled workflows used by the Firm.
- Define requirements related to acceptable use, human oversight, output validation, escalation, transparency, and monitoring.
- Assess internal AI use cases for alignment with Firm policy, client expectations, and applicable legal and regulatory requirements.
- Ensure governance expectations are clearly documented for approved internal AI use cases, including risk considerations, controls, and oversight requirements.
Regulatory Compliance & Strategic Guidance
- Monitor and interpret emerging AI laws, regulations, standards, and client requirements across key jurisdictions, including the U.S., UK, and EU.
- Advise internal stakeholders on the practical implications of AI-related legal and regulatory developments.
- Support the Firm’s efforts to maintain a defensible and scalable AI governance posture across jurisdictions.
- Identify areas where new or revised internal policy, process, or controls may be needed based on changes in the regulatory landscape.
Client-Facing Governance
- Lead or support responses to client-facing AI questionnaires, outside counsel guidelines, and other AI-related diligence requests.
- Help ensure the Firm can clearly and consistently articulate its governance approach for AI-related tools and use cases.
- Coordinate with internal stakeholders to gather, validate, and organize information needed for client and regulatory responses.
Audit Readiness, Controls & Assurance
- Help design and maintain an auditable AI governance control environment for the Firm.
- Develop and maintain documentation, evidence, and governance artifacts to support internal audits, client reviews, regulatory inquiries, and potential future external assurance or certification efforts.
- Lead or support control mapping, gap assessments, remediation tracking, and evidence collection related to AI governance requirements.
- Partner with cross-functional stakeholders to evaluate the design and effectiveness of AI-related controls and governance processes.
- Monitor emerging AI assurance frameworks, certification models, and audit expectations to help position the Firm for future external validation if pursued.
Training, Awareness & Cross-Functional Coordination
- Help develop and deliver training and awareness materials related to responsible AI use.
- Provide practical, business-oriented guidance to attorneys and business professionals on the appropriate use of AI-enabled tools.
- Facilitate cross-functional working sessions, governance meetings, and program maturity initiatives.
- Track and report on key AI governance activities, risks, remediation items, and milestones for leadership.
Required Education, Knowledge & Experience
- Bachelor's degree in Information Systems, Data Science, or related field preferred.
- 7+ years of experience in governance, risk, compliance, privacy, information security, technology risk, regulatory compliance, or related discipline.
- Experience leading or managing cross-functional governance or compliance programs in an enterprise or professional services environment.
- Familiarity with AI governance concepts and risks, including third-party AI vendors, generative AI tools, and internal AI use cases.
- Familiarity with AI-related regulatory developments in the U.S., UK, and EU.
- Experience drafting, interpreting, and implementing policies, standards, procedures, or governance frameworks.
- Experience supporting audits, assessments, control reviews, or compliance readiness activities.
- Experience working cross-functionally with Legal, IT, Security, Privacy, and business stakeholders.
- Strong understanding of confidentiality, data protection, and risk management principles.
- Ability to translate complex legal, regulatory, or technical issues into clear, business-oriented guidance.
- Strong organizational skills, sound judgment, and attention to detail.
Preferred Qualifications
- Experience supporting AI governance, privacy, compliance, or technology risk efforts in a law firm or professional services environment.
- Experience supporting client-facing questionnaires, outside counsel guidelines, or similar diligence processes.
- Experience reviewing vendor security documentation, privacy materials, contracts, and product data flows.
- Knowledge of governance and control frameworks such as ISO 27001, NIST, or related privacy and security standards.
- Familiarity with emerging AI assurance frameworks, responsible AI control models, or certification approaches.
- Relevant certifications in compliance, privacy, security, governance, or risk management are a plus.
- Strong written and verbal communication.
- Strategic thinking and program leadership.
- Governance and compliance mindset.
- Analytical problem-solving.
- Sound judgment and risk balancing.
- Policy drafting and interpretation.
- Ability to manage multiple workstreams simultaneously.
- Cross-functional collaboration and stakeholder management.
Physical Requirements
- Ability to sit and stand for extended periods.
- Ability to lift up to 15 pounds.
Compensation Range
The expected salary range for this position is $125,000 - $135,000. Final compensation will be determined based on several factors, including but not limited to, relevant experience, qualifications, skill set, and geographic location.