About The RoleOpenLoop's mission is to bring care anywhere by powering telehealth solutions at scale. OpenLoop's GRC team is growing and we are looking for a Data & AI Governance Lead to support our AI and data governance programs. Deploying AI across the business and treating data as a core asset, we are dedicated to showing our customers that we govern responsibly. This role will run the AI governance program day to day, the use-case intake, the risk model, the standard, and the council, and help stand up the data governance program on the same model.
What You'll Do- Own and operate OpenLoop's AI governance program end-to-end - use-case intake, risk triage and scoring, the AI Use Case Register, issue tracking, and the AI Governance Council review cadence.
- Author and evolve OpenLoop's AI governance standard - the scoring rubric, risk taxonomy, and review framework - keeping it current with evolving AI risk frameworks and the U.S. regulatory landscape, including new federal executive orders and emerging state AI laws.
- Run intake and review to SLA: assess new AI use cases, document risk and regulatory exposure, set conditions of approval, and drive findings to closure.
- Prepare and lead AI Governance Council sessions - agenda, materials, and recommendations - so decisions get made, recorded, and acted on without escalation.
- Help stand up and then run OpenLoop's data governance program on the same model - the Data Governance Council, the data governance standard, the enterprise data classification scheme, and the data ownership and stewardship model.
- Measure adherence to the data governance standard across the operating teams, and report clearly where the organization is and is not meeting it.
- Partner with the teams that operate data day to day - Privacy, Data Security, Data Protection (DLP), Data Platform, and Data Engineering & Analytics - setting the standards they run against and measuring whether they're met.
- Govern the data that feeds AI systems as a priority slice of both programs - provenance, lineage, classification, and quality of training and inference data - so models are built on trustworthy, appropriately handled data.
- Assess AI vendor and model risk in partnership with Third-Party Risk, Security, and Legal - including standalone AI tools and AI features embedded in existing vendors.
- Maintain AI and data governance metrics, dashboards, and reporting. Translate AI and data risk posture into language the leadership team and board can act on.
- Support SOC 2, HITRUST, and HIPAA assurance activities related to AI and data governance controls.
- Use AI to run the program - automate your own governance workflows for intake, scoring, evidence gathering, and reporting, and keep improving them.
- Other duties as assigned.
Who You AreRequired- 5-7 years experience in GRC (governance, risk and compliance), with at least 2 years hands-on in AI/ML governance or AI risk management.
- Experience with AI and data governance, including oversight of data flows, and third-party risks.
- Experience with workflow automation, bringing specific hands-on experience with agentic tools like Claude Code.
- Experience with AI governance frameworks such as the NIST AI RMF, and the U.S. AI regulatory landscape, including new federal executive orders and emerging state AI laws.
- Experience building or operating an AI use-case intake, risk-scoring, and review process - registers, review boards, or AI governance councils.
- Working knowledge of a data governance operating model - classification, ownership and stewardship, lineage, and quality - ideally aligned to CDMC or DAMA-DMBOK.
- Proven experience standing up and running a data governance program
- Ability to author governance standards and risk taxonomies, and measuring adherence.
- Experience with healthcare data, HIPAA, and PHI handling.
- Strong analytical and writing skills - you can build a rubric, score a use case, and produce executive-ready reporting.
- Experienced with being an autonomous team player, in a lean, fast-moving environment.
Preferred Qualifications- AIGP (IAPP), ISO/IEC 42001 Lead Implementer, CIPP, CISA, or equivalent certifications.
- CDMC certification or hands-on experience standing up a data governance council, standard, or stewardship program.
- Experience supporting IPO readiness or SOC 2/HITRUST audit cycles.
- Experience governing third-party and embedded AI, and model risk.
- Familiarity with data lineage, classification, and catalog tooling.
Sound like a good fit? We'd love to meet you.
