AI Risk & Compliance Analyst
About the role
This hands-on position focuses on AI risk management, responsible AI, and regulatory compliance, with collaboration across Legal, Privacy, Security, Procurement, Technology, and business stakeholders.
Responsibilities
- Manage and enhance the AI use case intake and review process, including triage, risk classification, stakeholder routing, approval tracking, and follow-up activities.
- Conduct risk and compliance assessments for proposed and existing AI use cases, evaluating data usage, privacy, security, regulatory obligations, business impact, and required controls.
- Review AI-enabled tools, platforms, vendors, and business processes for risks related to data privacy and confidentiality, intellectual property protection, bias and fairness, model accuracy and hallucination risk, automated decision-making, transparency and explainability, human oversight and accountability, and third-party and vendor risk.
- Maintain and improve the enterprise AI use case inventory, including ownership, vendors, data classifications, risk ratings, approvals, controls, exceptions, and review schedules.
- Translate regulatory, privacy, security, and compliance requirements into practical governance processes, assessment criteria, and control requirements.
- Support alignment with established AI governance frameworks, standards, and emerging regulatory expectations.
- Partner with Legal, Privacy, Security, Procurement, Technology, and business stakeholders to document approvals, mitigations, remediation plans, exceptions, and monitoring activities.
- Support reviews of AI vendors and third-party solutions, including assessment of AI capabilities, data handling practices, contractual considerations, and governance commitments.
- Develop and maintain governance artifacts including intake forms, risk assessment templates, review checklists, decision records, process documentation, and control frameworks.
- Track and report key governance metrics, including intake volumes, review cycle times, risk trends, remediation status, exceptions, and compliance alignment.
Requirements
- 5+ years of experience in Governance, Risk, Compliance (GRC), Information Security, Privacy, Technology Risk, Audit, Third-Party Risk, Model Risk, or a related discipline.
- 2+ years of hands-on experience in AI Governance, Responsible AI, AI Risk Management, AI Compliance, Model Risk Management, Machine Learning Governance, or Emerging Technology Risk.
- Experience assessing AI and Generative AI use cases, including SaaS platforms, machine learning models, automated workflows, analytics solutions, and vendor-provided AI capabilities.
- Strong understanding of AI-related risks, including data leakage and confidential data exposure, privacy implications, intellectual property concerns, model accuracy and hallucinations, bias and fairness, automated decision-making risks, transparency and explainability, and vendor dependency and concentration risk.
- Knowledge of AI governance frameworks and regulatory guidance, including NIST AI Risk Management Framework (AI RMF), ISO/IEC 42001, EU AI Act concepts, and OECD AI Principles.
- Strong foundation in GRC principles, including risk assessments, control evaluations, issue management, remediation tracking, audit readiness, and governance documentation.
- Familiarity with security and compliance frameworks such as NIST CSF, NIST 800-53, ISO 27001, COBIT, SOC 2, PCI-DSS, HIPAA, or SOX.
- Experience developing governance workflows, intake processes, risk assessment methodologies, or compliance documentation.
- Ability to work independently and manage multiple concurrent reviews in a fast-paced environment.
- Excellent written and verbal communication skills, with the ability to explain technical and regulatory concepts to diverse stakeholder groups.
Preferred Qualifications
- Experience designing, implementing, or improving enterprise AI governance programs.
- Experience managing AI system inventories, model inventories, or automated decisioning registries.
- Experience supporting governance initiatives within large, federated, or matrixed organizations.
- Familiarity with GRC and workflow platforms such as OneTrust, Archer, MetricStream, Jira, ServiceNow, SharePoint, or similar tools.
- Experience developing AI governance dashboards, executive reporting, KPIs, or operational metrics.
- Professional certifications such as AIGP, CISA, CRISC, CISM, CISSP, CDPSE, ISO 27001, ISO 42001, or equivalent governance, risk, or compliance credentials.
About Delphi-US
Delphi-US is a national IT Services firm based in Newport, Rhode Island. Delphi attracts our nation's best and brightest Technical & Professional Talent and positions our nation's finest employers to further their competitive advantages. Delphi's core technical focus includes Data Intelligence Engineering & Analytics, AI/ML Operational Excellence, DevOps & Cloud Computing, Health IT & Life Sciences, and Energy Management/Power Systems; serving domains from sensitive national energy sectors to critical financial services, biomed, life sciences & pharma, major government & municipal institutions, and much of the USA's Fortune 500 corporations. Delphi Associates are deployed on critical IT Projects where their consultative business acumen, comprehensive technical expertise, and committed service mission drives our client's success. Our proprietary skill-based and cultural matching process results in higher qualified project teams, custom curated for our client's specific technical & functional goals. We are supremely experienced, friendly, professional, and ready to advocate on your behalf. Delphi has an indelible understanding of employer expectations, a track record of project success and we deliver lasting results.