The Director of Data & AI Governance, Risk, Compliance & Security leads the enterprise strategy and execution for governing data and AI responsibly, securely, and in compliance with global regulations. This role is accountable for establishing a unified control framework across data and AI lifecycle domains—including governance, risk management, security, privacy, and access controls—to enable trusted, compliant, and scalable use of data and AI across the enterprise.
This leader partners across IT, Legal, Cybersecurity, Compliance, and Business functions to balance innovation with risk mitigation while enabling self-service analytics, AI adoption, and digital transformation.
Responsibilities Strategy & Operating Model- Define and execute the enterprise Data & AI Governance, Risk, and Security strategy aligned with business and regulatory priorities
- Establish a governance operating model and stewardship integrating governance, risk, privacy, and access control disciplines
- Drive adoption of a “secure and compliant by design” framework across data platforms, AI models, and analytics solutions
Data & AI Governance- Lead enterprise data governance, including data ownership, stewardship, classification, and quality standards
- Establish governance frameworks for AI/ML models, including lifecycle management, explainability, and monitoring (bias, model & Agent drift)
- Define and enforce policies, standards, and controls for data and AI usage
Risk & Compliance- Develop and operationalize Data & AI risk management frameworks, including Data classification and handling, model risk, data risk, and third-party risk
- Ensure compliance with global regulations (e.g., GDPR, ITAR, EAR, export controls, emerging AI regulations)
- Lead risk assessments, audits, and regulatory engagements related to data and AI
- Embed governance controls into enterprise data platforms (e.g., EDW, data lakes, AI platforms)
- Own and drive Data & AI Audit readiness, compliance reporting, and regulatory response
Security, Privacy & Access Controls- Define and implement data security and privacy architecture, including encryption, masking, tokenization, and anonymization
- Establish enterprise access control frameworks (RBAC/ABAC), aligned with classification levels and least privilege principles
- Partner with Cybersecurity to ensure alignment with broader enterprise security strategy
- Oversee data privacy programs, including consent management, data minimization, and data subject rights
AI Governance & Responsible AI- Lead Responsible AI practices, including bias detection, fairness, transparency, and ethical use standards
- Establish approval, validation, and monitoring processes for AI models and GenAI solutions
- Mitigate risks such as AI model drift, hallucination, misuse, and AI whitewashing
Enablement & Culture- Enable self-service analytics and citizen development with appropriate guardrails and controls
- Drive enterprise-wide data literacy and governance adoption
- Build strong partnerships with business and technology leaders to embed governance into daily operations
Team Leadership- Lead and scale a high-performing organization across: Data & AI Governance, Risk and Compliance, Security, Privacy and Access Controls
- Define clear roles, accountability models, and performance metrics
Qualifications US PERSONS REQUIREMENTDue to compliance with U.S. export control laws and regulations, candidate must be a U.S. person, which is defined as, a U.S. citizen, a U.S. permanent resident, or have protected status in the U.S. under asylum or refugee status.
YOU MUST HAVE12+ years of experience in data governance, cybersecurity, risk, compliance, or AI governance
Proven leadership experience in building and leading enterprise-scale governance or security organizations
Strong knowledge of: Data governance frameworks (e.g., DAMA-DMBOK), AI/ML governance and risk management, Data security and access control management
Experience with cloud data platforms (e.g., Snowflake, Databricks, AWS/Azure/GovCloud)
Deep understanding of regulatory environments (ITAR, GDPR, CCPA, industry-specific regulations such as aerospace/defense if applicable)
Strong executive communication and stakeholder management skills
WE VALUEExperience in highly regulated industries (e.g., aerospace, defense, finance, healthcare)
Bachelor's Degree in Information Technology and Cybersecurity
Familiarity with NIST AI Risk Management Framework, ISO 27001, SOC2
Experience enabling data democratization with governance guardrails
Strong executive communication and stakeholder management skills