Haystack
← Back to Jobs
Other

AI Risk & Compliance Analyst

ICONMANew York, NY🇺🇸United StatesPosted 13 Jul 2026

Quick Overview

Work Type
Hybrid
Level
Mid Senior

Job Description

Our Client, a Global Services and Media company, is looking for an AI Risk & Compliance Analyst for their New York, NY location.
 
Responsibilities:

  • Operate and improve the AI use case intake process, including triage, risk categorization, stakeholder routing, approval tracking, and follow-up.
  • Conduct AI risk and compliance reviews for proposed and existing AI use cases, including evaluation of data use, privacy, security, third-party risk, regulatory exposure, business impact, and control requirements.
  • Review AI-enabled tools, platforms, vendors, and processes for risks related to confidential data, sensitive data, automated decision-making, transparency, human oversight, intellectual property, bias, accuracy, and regulatory obligations.
  • Maintain and improve the AI use case inventory, including owners, vendors, data types, risk ratings, approval status, required controls, exceptions, and review cadence.
  • Translate AI regulatory, privacy, security, and compliance expectations into practical intake questions, risk assessment criteria, control requirements, and decision records.
  • Support alignment with AI governance standards and regulatory expectations, and sector specific guidance.
  • Partner with Legal, Privacy, Security, Procurement, Technology, and business teams to document approvals, mitigations, exceptions, remediation actions, and ongoing monitoring requirements.
  • Support third-party AI risk reviews, including evaluation of vendor AI capabilities, data processing practices, contractual considerations, and governance commitments.
  • Develop or improve AI governance artifacts, including intake forms, review checklists, risk rating criteria, process documentation, decision templates, and reporting metrics.
  • Support reporting on AI governance activity, including intake volume, review cycle time, risk themes, open issues, remediation status, exceptions, and regulatory alignment.
 
Requirements:
  • 5+ years of experience in governance, risk, compliance, privacy, information security, technology risk, third-party risk, model risk, audit, or a related field.
  • 2+ years of direct, hands-on experience with AI governance, responsible AI, AI risk assessment, AI compliance, model risk management, machine learning governance, or emerging technology risk.
  • Experience reviewing AI use cases involving generative AI tools, SaaS platforms, machine learning models, automated workflows, analytics, or vendor-provided AI capabilities.
  • Experience evaluating AI risks such as data leakage, confidential data exposure, privacy impact, intellectual property concerns, hallucination or accuracy risk, bias, automated decision-making, transparency, vendor dependency, and human oversight.
  • Working knowledge of AI governance frameworks, standards, or regulatory guidance such as NIST AI RMF, ISO/IEC 42001, EU AI Act concepts, OECD AI principles, privacy regulations, or sector-specific AI guidance.
  • Strong understanding of GRC fundamentals, including risk assessment, control evaluation, issue tracking, remediation management, policy exceptions, audit-ready documentation, and stakeholder approvals.
  • Familiarity with security and compliance frameworks such as NIST CSF, NIST 800-53, ISO 27001, COBIT, SOC 2, PCI, HIPAA, or SOX.
  • Experience creating or improving intake forms, risk assessment templates, control mappings, decision records, process documentation, or governance workflows.
  • Ability to work independently, manage multiple concurrent reviews, and produce high quality documentation with limited supervision.
  • Strong written and verbal communication skills, including the ability to explain AI risk and compliance concepts to non-specialist stakeholders.

Preferred Experience
  • Experience standing up or improving an AI governance intake and review process.
  • Experience maintaining an AI system, AI use case, model, or automated decisioning inventory.
  • Experience supporting AI governance in a federated, matrixed, or multi-business enterprise.
  • Experience with third-party AI risk management, GRC platforms, workflow tools, risk registers, Jira, SharePoint, OneTrust, MetricStream, Archer, or similar tools.
  • Experience developing AI governance metrics, dashboards, executive reporting, or operational KPIs.
  • Relevant certifications such as AIGP, CISA, CRISC, CISM, CISSP, CDPSE, ISO 27001, ISO 42001, or similar credentials.
 
Why Should You Apply?
  • Excellent growth and advancement opportunities

 

Skills

Machine Learning
SOC 2
Compliance
Generative AI
HIPAA
Intellectual Property
Jira
Procurement
Risk Assessment
Risk Management
Triage

Similar jobs