Summary of Job Description:The Principal, Cybersecurity & AI GRC is a strategic advisor responsible for defining and sustaining enterprise-wide frameworks across AI risk, privacy, regulatory compliance, and technology and cyber risk. Reporting to the Head of Cybersecurity and Risk, this role establishes long-term direction, decision models, and guardrails that enable AI and data-driven innovation to align with Panda's values, regulatory obligations, and business objectives. The role is a principal-level enablement, oversight, and influence role that ensures teams can make informed, consistent decisions while protecting guests, associates, and the brand. Principle responsibilities include enterprise AI enablement strategy and operating model, Integrated GRC and privacy enablement, clear decision ownership, escalation, risk tolerance frameworks, and safe, compliant, and scalable AI adoption.
Job Responsibilities:- Defines and evolves enterprise digital trust and AI enablement strategy, frameworks, and operating model and advises senior leadership on AI risk, privacy posture, and tradeoffs using business-relevant language.
- Establishes policies and standards for responsible AI, privacy, data usage, transparency, and human oversight.
- Integrates AI risk, privacy, and compliance into enterprise GRC and risk management processes.
- Defines risk classification, approval workflows, and lifecycle governance for AI and digital capabilities.
- Establish clear decision ownership, escalation models, and risk tolerance frameworks across the enterprise
- Leads enablement for high-risk, high-impact AI, data, and digital initiatives. Enables Product, Engineering, Analytics, and Business teams with clear, practical, and actionable guidance.
- Defines and manages risk acceptance, exception handling, and escalation processes for AI and technology risk.
- Partners with Legal and Privacy to operationalize regulatory requirements impacting AI, data, and automation.
- Influences platform, vendor, and tooling strategy related to AI capabilities and embedded AI features.
- Represents digital trust, AI, and privacy enablement in enterprise architecture, risk, and investment forums.
How we reward you:- Hybrid Work schedule
- 401K with company match
- Yearly bonus opportunity*
- Full medical, dental, and vision insurance *
- On-site fitness center, biometric screen, and flu shot clinic
- Discounts at Panda restaurants, theme parks, and gym memberships
- Paid time off starting at 15 days with 7 federal holidays*
- Continuous education assistance and scholarships*
- Income protection including Disability, Life and AD&D insurance*
- Bereavement leave*
*Benefits available for eligible permanent full time associates
Your background & experience:- Bachelor's degree in Computer Science, Business, or an IT-related discipline
- Minimum seven years of experience in GRC, privacy, security, enterprise risk, or technology enablement with increasing management responsibility; experience performing or leading: enterprise/security risk assessments, control design/testing, policy and standards development, TPRM programs, compliance/regulatory readiness programs, AI governance program design and implementation as well as experience in AI governance and compliance frameworks (NIST AI RMF, EU AI Act, ISO 42001), including AI risk classification, algorithmic impact assessments, responsible AI principles, and practical application within enterprise or client-facing advisory engagements
- Demonstrated expertise implementing and operationalizing cybersecurity frameworks and control programs: NIST CSF / NIST 800-53, ISO 27001/27002, CIS, NIST AI RMF, ISO 42001
- Successful completion of initial and periodically required trainings.
- Obtaining a valid Food Handler's Card within 30 days of employment is a requirement of this position.
Pay Range: M3H: $157,000 - $220,000 / Annual
* Within the range, individual pay is determined using various factors, including work location and experience.
#LI-Hybrid