Risk and Compliance Manager
Devoteam
ServiceNow
AI Risk and Governance Specialist
In All Media
full-time
Posted on:
Origin: • 🇧🇷 Brazil
Visit company websiteJob Level
SeniorLead
Tech Stack
PythonServiceNowSQL
About the role
- Design and run an end-to-end AI Risk Management program aligned to NIST AI RMF 1.0 and ISO/IEC 42001
- Maintain a central inventory of in-house and third-party AI systems and a risk register covering bias/fairness, robustness, privacy/PII, resilience, misuse, hallucinations, data leakage, drift, and security risks
- Operate the identify → assess → treat → accept → post-deployment monitoring lifecycle; implement telemetry, logging, guardrails, alerts, and issue handling
- Define policies, standards, control objectives, and evidence mapping to NIST AI RMF and ISO/IEC 42001 clauses; cross-reference ISO/IEC 23894
- Coordinate red teaming and assurance (safety, fairness/bias, privacy, jailbreak/prompt-injection testing); arrange independent validation for high-risk models
- Integrate AI risk reviews for vendors and align with CISO and Legal/Privacy; cross-walk to OCC 2011-12/SR 11-7 for financial institutions
- Ensure AI controls and documentation consider U.S. state privacy regimes (e.g., CCPA/CPRA, Colorado CPA)
- Prepare for EU AI Act deployer duties: risk management, data governance, logging, human oversight, post-market monitoring, incident reporting
- Run committees, publish dashboards and executive reports, and deliver role-based enablement and training
Requirements
- 7–10+ years in risk management/governance/GRC
- 3+ years specifically in AI/ML or model risk
- Hands-on with NIST AI RMF 1.0
- Working knowledge of ISO/IEC 42001 and familiarity with ISO/IEC 23894
- If financial services: strong knowledge of SR 11-7 and OCC 2011-12
- Demonstrated implementation of technical controls: model monitoring/telemetry (drift, performance, bias), dataset traceability, LLM evaluations and safety testing (including prompt-injection defenses), PII handling and privacy-by-design
- Excellent English (written/oral); Spanish and/or Portuguese are a plus
- Time-zone overlap (ET/PT) and experience operating in a near-shore delivery model
- Nice-to-have: Python/SQL literacy for audits and telemetry analysis
- Experience with GRC tools (Archer, ServiceNow)
- Familiarity with MLOps (MLflow, model registry)
- Exposure to AI governance platforms
- Working familiarity with U.S. privacy regimes (CCPA/CPRA, Colorado CPA) for profiling/automated decision-making
Similar jobs on JobTailor
System Access Administrator
Aviso Wealth
AzurePythonServiceNow
Consultant, Cybersecurity
CREO
AzureCloudCyber SecurityPythonServiceNowTerraformVault
Technical Risk Mitigation Engineer II - Remote
Velera
CloudPythonServiceNow
Principal Cybersecurity Engineer - Battery Storage
Plus Power
Cyber SecurityPythonRust