Director, AI Enterprise Risk Management
About the role
The Director, Artificial Intelligence Risk Management will lead and manage the design, implementation, and oversight of the firm's AI Risk Management Program within the Second Line of Defense (SLOD).
This role is responsible for providing management, independent review, challenge, and advisory support to ensure the organization's development and use of artificial intelligence — including generative AI — is safe, responsible, compliant, and aligned with the firm's risk appetite, ethical principles, and regulatory expectations.
Responsibilities
- Lead the development, maintenance, and ongoing enhancement of the enterprise AI Risk Management framework, policies, standards, procedures, and control expectations, aligned with industry-recognized frameworks such as the NIST AI Risk Management Framework and ISO/IEC 42001.
- Maintain and evolve the AI risk and control taxonomy, ensuring consistency with operational risk, model risk management, data governance, privacy, and technology risk frameworks.
- Oversee the development and use of risk management technologies and tooling used to inventory AI use cases, track risks, controls, issues, and approvals.
- Lead AI governance forums, providing independent challenge and driving risk oversight and escalation.
- Participate in and support enterprise governance forums, committees, and working groups related to AI, providing independent risk perspectives and recommendations.
- Develop and deliver training on the AI Risk Management program.
- Define and implement a consistent approach to measuring and monitoring AI-related risks, aligned with enterprise risk frameworks across domains (e.g., operational, model, data, technology risk).
- Analyze trends, emerging risks, and control performance related to AI risk exposures. Produce enterprise-level reporting and insights on AI risk posture, trends, and program effectiveness for senior management and governance forums.
- Develop and maintain AI use case risk assessment methodologies, including inherent risk identification, control evaluation, residual risk determination, and escalation criteria.
- Execute the second line of defense enterprise-level AI risk profile assessment to measure compliance with our approved risk appetite / tolerance.
- Embed AI risk considerations and requirements into other risk domain assessments (e.g., operational risk, model risk, third-party risk, data risk, privacy, and technology risk).
- Identify emerging AI risks related to bias, explainability, data quality, security, resilience, regulatory compliance, and customer impact.
- Lead effective independent review and challenge of first-line AI risk assessments, control design, mitigation strategies, and risk acceptance decisions.
- Execute and / or oversee quality assurance (QA) activities to assess adherence to AI risk management policies, standards, and governance requirements.
- Identify gaps, weaknesses, or inconsistencies in AI risk practices and ensure issues are documented, escalated, and tracked through remediation.
- Partner with other second-line risk domains to deliver integrated, holistic risk oversight of AI-enabled processes and products.
- Develop and deliver insightful, enterprise-level AI risk reporting that clearly communicates risk posture, trends, emerging issues, and program health.
- Prepare materials for senior management, governance committees, and external stakeholders that drive informed decision-making and timely action.
- Support regulatory exam support, internal audits, and management self-assessments related to AI governance and risk management.
- Serve as a trusted risk advisor to first-line leaders across Product Management, Technology, Data Science, Model Development, and Business Operations.
- Collaborate closely with Compliance, Legal, Privacy, Model Risk Management, Technology & Security Risk, and Operational Risk to ensure coordinated oversight of AI-related risks.
- Help the business understand AI risk requirements while enabling safe and compliant adoption of AI capabilities.
Requirements
- Bachelor’s degree or equivalent experience.
- Typically, 12 years of experience in risk management, technology risk, model risk management, data risk, or a related discipline within financial services or another highly regulated industry.
- Direct experience supporting or leading AI risk management framework, model governance, or emerging technology risk programs.
- Strong working knowledge of industry-recognized AI risk and governance frameworks, including the NIST AI Risk Management Framework and ISO/IEC 42001.
- Experience designing or executing risk assessments, governance frameworks, metrics, and reporting for complex risk domains.
- Excellent written and verbal communication skills, with the ability to clearly explain complex AI risks to technical and non-technical stakeholders.
- Strong analytical skills, sound judgment, and attention to detail.
- Proven ability to work independently, manage multiple priorities, and influence across a matrixed organization.
Qualifications
- Experience at a large financial institution developing and implementing AI risk management frameworks and governance practices.
- Hands-on experience building and operationalizing AI risk frameworks, assessments, and controls.
- Strong understanding of current and emerging AI trends (e.g., generative AI, LLMs) and associated risk considerations.
Skills
- Strong analytical skills.
- Excellent written and verbal communication skills.
- Strong attention to detail.
- Ability to work independently and manage multiple priorities.
- Ability to influence across a matrixed organization.
Benefits
Healthcare Coverage – Competitive medical (PPO/HDHP), dental, and vision plans as well as company contributions to your Health Savings Account (HSA) or pre-tax savings through flexible spending accounts (FSA) for commuting, health & dependent care expenses.
401(k) Retirement Plan – Featuring a 100% Company Safe Harbor Match on your first 6% deferral immediately upon eligibility.
Paid Time Off – Flexible Time Off for Exempt (salaried) employees, as well as generous PTO for Non-Exempt (hourly) employees, plus 11 paid company holidays and a paid volunteer day.
12 weeks of Paid Parental Leave Maven Family Planning – provides support through your Parenting journey including egg freezing, fertility, adoption, surrogacy, pregnancy, postpartum, early pediatrics, and returning to work.
And SO much more!
We continue to enhance our program, so be sure to check our Benefits page here for the latest.