Principal, Cybersecurity & AI GRC
Job Responsibilities
Defines and evolves enterprise digital trust and AI enablement strategy, frameworks, and operating model and advises senior leadership on AI risk, privacy posture, and tradeoffs using business-relevant language.
Establishes policies and standards for responsible AI, privacy, data usage, transparency, and human oversight.
Integrates AI risk, privacy, and compliance into enterprise GRC and risk management processes.
Defines risk classification, approval workflows, and lifecycle governance for AI and digital capabilities.
Establish clear decision ownership, escalation models, and risk tolerance frameworks across the enterprise.
Led enablement for high-risk, high-impact AI, data, and digital initiatives.
Enables Product, Engineering, Analytics, and Business teams with clear, practical, and actionable guidance.
Defines and manages risk acceptance, exception handling, and escalation processes for AI and technology risk.
Partners with Legal and Privacy to operationalize regulatory requirements impacting AI, data, and automation.
Influences platform, vendor, and tooling strategy related to AI capabilities and embedded AI features.
Represents digital trust, AI, and privacy enablement in enterprise architecture, risk, and investment forums.
Qualifications
Bachelor’s degree in Computer Science, Business, or an IT-related discipline.
Minimum seven years of experience in GRC, privacy, security, enterprise risk, or technology enablement with increasing management responsibility.
Experience performing or leading: enterprise/security risk assessments, control design/testing, policy and standards development, TPRM programs, compliance/regulatory readiness programs, AI governance program design and implementation as well as experience in AI governance and compliance frameworks (NIST AI RMF, EU AI Act, ISO 42001), including AI risk classification, algorithmic impact assessments, responsible AI principles, and practical application within enterprise or client-facing advisory engagements.
Demonstrated expertise implementing and operationalizing cybersecurity frameworks and control programs: NIST CSF / NIST 800-53, ISO 27001/27002, CIS, NIST AI RMF, ISO 42001.
Successful completion of initial and periodically required trainings.
Obtaining a valid Food Handler's Card within 30 days of employment is a requirement of this position.
Pay
Pay Range: M3H: $157,000 - $220,000 / Annual
Within the range, individual pay is determined using various factors, including work location and experience.