Home / Advisory Network / AI & Intelligent Automation
AI & Intelligent Automation

AI Governance & Risk Lead

Role Summary

Builds and operates the governance frameworks that let regulated-industry clients deploy AI in production with confidence. Owns risk taxonomy design, evaluation harness construction, model approval workflows, and the audit-evidence pipelines that satisfy second-line model-risk review.

Designs governance to be operable, not aspirational. Insists that every approval decision be tied to evidence the regulator could reproduce. Pushes back equally hard on engineering teams who treat governance as bureaucracy and on risk teams who treat it as a sign-off ritual disconnected from production reality.

Skills

  • AI risk frameworks (NIST AI RMF, EU AI Act, ISO 42001)
  • Model risk management discipline (SR 11-7 lineage and modern adaptations)
  • AI risk taxonomy design and use-case classification
  • Evaluation methodology (offline benchmarks, online A/B, fairness audits)
  • LLM-specific failure modes (prompt injection, hallucination, exfiltration, denial-of-wallet)
  • Bias and fairness assessment for ML and LLM systems
  • Audit-evidence pipelines and continuous-control monitoring
  • Governance documentation generated from production systems, not authored separately
  • Model card and AI-BOM generation
  • AI safety controls (input filtering, output policy enforcement, abuse detection)
  • PII detection, redaction, and minimization in model pipelines
  • Privacy controls and data-subject-rights handling for AI training data
  • Second-line model-risk review processes
  • Regulator-facing examination preparation and response
  • Tabletop exercise design and red-team coordination
  • Cross-functional governance committee design (legal, security, business, risk)
  • Approval-gate definition and exception-handling protocols
  • Vendor model risk assessment and third-party AI due diligence

Capabilities & Focus Areas

  • AI risk taxonomy design tied to dollar thresholds and approval gates
  • Evaluation harness design with offline benchmarks and online A/B testing
  • Model approval workflows with cross-functional review
  • Audit-evidence pipelines and governance documentation as code
  • AI safety guardrail design (input filtering, output policy, jailbreak detection)
  • Coordination with model risk management, legal, and compliance teams
  • Regulator-facing audit preparation and response

Typical Engagement Patterns

  • Eight to sixteen week governance program design and rollout
  • Pre-launch governance reviews for new AI use cases
  • Regulator-facing audit preparation and response support
  • Embedded governance lead for clients standing up first-line AI risk programs
  • Tabletop exercises and red-team engagements ahead of regulatory exams

Outcomes Delivered

  • Governance programs that pass regulator inspection on first attempt
  • Risk taxonomies that engineering and risk teams both find usable
  • Approval workflows that move at production speed without skipping evidence
  • Audit packets generated automatically rather than assembled in a panic
  • AI use cases launched with explicit acceptance criteria, not vibes

Need this role for an engagement?

Brief us on the scope and timeline and we'll match a senior practitioner.

Get in touch →