Bachelor's degree or equivalent is required or the combination of education and relevant work experience plus minimum of 8 years of relevant experience; or Master's degree plus a minimum of 6 years of relevant experience.

Due to the nature of work performed within our facilities, U.S. citizenship is required.

Job Description

GDMS operates one of the largest enterprise AI deployments in the defense industry not as a pilot program, not as a proof of concept, but deeply embedded in how our workforce operates every day. Adoption is broad, active, and accelerating, spanning generative AI copilots, LLM-powered applications, and a rapidly growing portfolio of agentic and autonomous AI systems. The governance challenge is not getting people to use AI it is keeping pace with a workforce that already does, while ensuring every deployment meets the risk, security, and compliance standards that mission-critical defense work demands.

As a Sr. AI Governance & Risk Specialist, you will be a core practitioner on the Agentic AI Governance team, executing the day-to-day work that keeps GDMS AI deployment safe, accountable, and trusted. You will conduct and lead AI risk assessments, including real-time risk evaluation for active and in-flight deployments, perform governance audits, evaluate and ensure adherence to government and corporate AI regulations, lead implementation of corrective actions, and serve as a subject matter expert for engineering and program teams navigating the AI lifecycle. You will work directly with agentic tools and applications, bringing firsthand understanding of how they behave, where they fail, and what governance controls actually matter in practice.

This role requires a blend of technical literacy and governance discipline. You do not need to be a researcher or model trainer, but you must understand how AI systems work well enough to assess risk with precision rather than reflexive caution. The right candidate has used agentic tools hands-on, can evaluate an agentic workflow for failure modes, and can translate a NIST AI RMF control into a practical check a program team can execute. You will coordinate with Legal, Privacy, Business Unit leads, AI Reliability Engineering and the Cybersecurity organization to keep GDMS AI velocity ahead of the market without accumulating unacceptable risk. This is foundational work that bridges policy, risk, and technical implementation, requiring sound judgment, the ability to make independent stakeholder judgment calls, and direct accountability for the recommendations you put forward.

Key Responsibilities

AI Governance Execution & Assessment

• Conduct and lead comprehensive AI risk assessments and governance audits against emerging regulations for generative AI, LLM-based, and agentic applications; document findings, risk ratings, and mitigation strategies, and lead the implementation of corrective actions.
• Evaluate and ensure adherence to government and corporate AI policies, standards, and regulations across the six layers: AI inventory and discovery; data governance; security and access controls; model assurance; human oversight; and compliance and audit.
• Apply and maintain tiered governance frameworks calibrated to risk level, ensuring low-risk use cases clear quickly while mid- and high-risk applications receive appropriate scrutiny and escalation.
• Maintain the enterprise AI use inventory and control framework, including system inventory, risk register, shadow AI detection, approved use catalog, and control mapping, with accurate and current governance tracking; support dashboard reporting and KPI monitoring for AI governance program health.
• Prepare governance recommendations for approval and escalation, ensuring mid- and high-risk AI systems are escalated with clear risk rationale and decision support materials.
• Support development of self-service governance tooling, checklists, and playbooks that enable program teams to adopt AI responsibly without requiring individual review for low-risk applications.

Agentic AI Risk & Technical Assessment

• Assess risks specific to agentic AI systems and multi-agent architectures including tool-calling behavior, memory and retrieval systems, external API access, autonomous decision loops, and agent-to-agent communication patterns.
• Apply failure mode analysis to evaluate behavioral boundaries, unintended action risks, adversarial prompt vulnerabilities, and out-of-scope execution risks for agentic deployments.
• Evaluate and document human-in-the-loop (HITL) requirements and escalation thresholds appropriate to each agentic use case based on risk level, decision reversibility, and mission context.
• Conduct hands-on evaluation of agentic tools and platforms including AI coding assistants, copilot-style applications, and multi-agent orchestration frameworks to ground governance assessments in actual system behavior rather than vendor documentation alone.
• Implement measures to monitor and mitigate risks associated with AI systems and data flows across GDMS IT and network infrastructure; investigate and manage responses to AI governance incidents, anomalies, and inquiries, working to prevent and mitigate exposure.

Policy, Standards & Regulatory Compliance

• Maintain AI governance policies for responsible AI deployment, integrating government and corporate AI requirements into policy, standards, procedures, and operational guidance; own the policy lifecycle from drafting through review, approval, and periodic refresh aligned to enterprise risk priorities and evolving regulatory expectations.
• Translate regulatory requirements, including NIST AI RMF, OWASP Top 10 for LLMs, MITRE ATLAS, the EU AI Act, applicable U.S. Executive Orders on AI, and ISO 42001, into clear, actionable internal controls and assessment criteria without creating bureaucratic drag.
• Monitor the evolving domestic and international AI regulatory landscape; identify changes with organizational impact and escalate findings with recommended policy responses.
• Coordinate with Privacy, Legal, Cybersecurity, and IT leadership and assess compliance risk against emerging AI regulations, including the EU AI Act, applicable U.S. Executive Orders on AI, and evolving DoD and federal AI policy, identifying control gaps, quantifying exposure, and recommending corrective measures before requirements become binding obligations.
• Produce compliance reporting on AI controls for internal audit, regulatory examination, and governance committee review, documenting control effectiveness, open findings, and remediation status; support audit readiness activities including evidence collection, control validation, and documentation packages suitable for internal and regulatory stakeholder consumption.

Risk Monitoring, Reporting & Controls Assurance

• Perform ongoing monitoring and validation of deployed AI systems, including review of model performance, drift indicators, bias signals, and continued alignment with approved use scope.
• Identify opportunities to apply AI and automation for continuous improvement of the AI governance program itself including automated risk attribution, KPI tracking, and telemetry-driven evidence.
• Generate AI risk and governance reporting contributing to dashboards, risk posture summaries, and periodic reports for program leadership and cross-functional stakeholders.
• Evaluate effectiveness of cybersecurity controls applied to AI systems (NIST CSF, NIST AI RMF), collaborating with the Cybersecurity organization to integrate governance without duplicating ownership.
• Support vendor and third-party AI risk assessments, ensuring AI components from external providers meet GDMS contractual, regulatory, and governance requirements.

Knowledge, Skills & Abilities

• Collaborates and works effectively cross-functionally throughout the business, including with Legal, Information Technology, Cybersecurity, Security, and Contracts organizations.
• Excellent computer and data management knowledge, including IT Security, Cybersecurity, and cloud infrastructure concepts as they apply to AI system risk.
• Excellent ability to communicate comfortably with senior management, translating complex AI risk and governance topics into clear, decision-ready information.
• Excellent ability to manage a risk profile and design effective mitigation strategies appropriate to AI and agentic system risk scenarios.
• Working knowledge of NIST AI RMF, OMB AI guidance, FAR/DFARS AI requirements, DoD Responsible AI principles, CMMC implications, EU AI Act, GDPR, UK AI Governance Framework, ISO 42001, OECD AI Principles, and emerging state laws (Colorado, California, Virginia, Texas).
• Hands-on familiarity with Microsoft Copilot, Microsoft Purview, OpenAI, Anthropic, Google, and open-source AI ecosystems; awareness of Palantir, Snowflake, Databricks, ServiceNow.
• Understanding of Agentic AI 7-layer operating model, MCP architectures, tool calling, agent-to-agent communications, and human approval gates.
• Excellent analytical, written, and presentation skills; demonstrated ability to produce governance documentation, policy materials, and stakeholder briefings of high quality.

Education and Experience

• Bachelor's degree or equivalent is required, or the combination of education and relevant work experience, plus a minimum of 8 years of relevant experience; or
• Master's degree plus a minimum of 6 years of relevant experience in AI governance, technology risk, cybersecurity GRC, responsible AI, or AI/ML compliance.
• Certifications highly sought include IAPP AI Governance Professional (AIGP), Certified Risk and Information Systems Control (CRISC), Advanced AI Risk (AAIR), ISO 42001.