Job Details
We are seeking an AI Governance and Privacy Specialist who can operationalize responsible AI in real systems-especially agentic AI and LLM-enabled applications. This role blends governance and privacy expertise with enough software development fluency to create developer-ready guidance, implement controls-as-code patterns, and stand up measurable evaluation and monitoring workflows.
As a Senior Consultant, you will help clients and internal delivery teams move from AI principles to practices: risk tiering, model and agent inventories, technical guardrails, governance workflows integrated into the SDLC, and evidence artifacts suitable for audits and regulators.
Work You'll Do
You will lead and deliver AI governance, privacy, and security outcomes across the AI lifecycle, including:
• Designing pragmatic AI governance operating models (intake, risk tiering, approvals, documentation standards, exception handling, and audit readiness) with a focus on GenAI and agentic AI deployments.
• Building and maintaining AI system inventories (models, agents, tools, data sources, integrations), with clear ownership, intended use, risk classification, and change-control expectations.
• Conducting AI risk assessments for privacy, security, model risk, and misuse-including prompt injection, sensitive data exposure, excessive agency, and overreliance-and translating findings into implementable mitigations.
• Establishing technical control guidance for teams building agentic AI solutions: human-in-the-loop patterns, tool access controls, safe retrieval and grounding practices, logging/monitoring, token and data minimization, and incident response playbooks.
• Implementing "governance in the workflow" by integrating governance checkpoints into product and engineering delivery (architecture reviews, release gates, evaluation requirements, documentation automation, and evidence capture).
• Standing up or enhancing evaluation and monitoring approaches for GenAI systems: test plans, safety and quality metrics, red teaming workflows, and reporting dashboards for leaders and risk stakeholders.
• Partnering cross-functionally with Cybersecurity, Privacy, Legal, Risk, Engineering, and Data Science to drive adoption and ensure governance guidance is usable, measurable, and repeatable.
The Team
You will join a cross-functional group working at the intersection of cyber, privacy, governance, and emerging AI delivery. The team helps organizations scale AI responsibly by combining governance and engineering patterns so teams can innovate faster without compromising trust.
Qualifications
Required
• Bachelor's degree or equivalent practical experience.
• 4+ years of experience in one or more of the following: AI governance, data privacy, security risk management, compliance and controls, AI product risk, model risk management, or technology risk consulting.
• Demonstrated experience translating policies and regulatory expectations into operational workflows, artifacts, and controls (e.g., intake processes, inventories, decision logs, risk registers, RACI, playbooks).
• Working knowledge of AI/ML/LLM systems and delivery lifecycles sufficient to assess real deployment risks and mitigations (training vs. RAG vs. fine-tuning vs. tool use, data dependencies, integration patterns).
• Software development fluency: ability to collaborate with engineering teams on implementation details; ability to prototype or automate governance workflows in Python/SQL and to understand CI/CD and cloud deployment basics.
• Practical experience with privacy program execution and artifacts (PIAs/DPIAs, vendor reviews, data inventories, data minimization, retention, and access control principles).
• Ability to communicate clearly with both technical and non-technical stakeholders and produce executive-ready reporting.
• Ability to travel 0-50%, on average, based on client and project needs.
• Limited immigration sponsorship may be available.
Preferred
• Previous consulting or Big 4 experience.
• Hands-on experience operationalizing AI governance aligned to frameworks such as the NIST AI RMF and/or ISO/IEC 42001, with awareness of risk-based AI regulatory regimes (e.g., EU AI Act).
• Experience with GenAI safety and evaluation practices (prompt injection testing, jailbreak resilience, hallucination measurement, toxicity/harm scoring, grounding effectiveness).
• Familiarity with governance tooling and workflow platforms (e.g., OneTrust, GRC platforms, ticketing/workflow systems) and how to integrate them into engineering delivery.
• Certifications such as CIPP/US, CIPM, IAPP AIGP, CISM, or CISSP.
• Prior experience in cyber or enterprise security contexts (data security, identity, audit logging, secure SDLC).
• Experience designing Human-in-the-Loop escalation pathways, exception handling, and automated safety protocols for highly autonomous systems.
The wage range for this role takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs. The disclosed range estimate has not been adjusted for the applicable geographic differential associated with the location at which the position may be filled. At Deloitte, it is not typical for an individual to be hired at or near the top of the range for their role and compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range is $118,700 - 218,600.
You may also be eligible to participate in a discretionary annual incentive program, subject to the rules governing the program, whereby an award, if any, depends on various factors, including, without limitation, individual and organizational performance.
Information for applicants with a need for accommodation: https://www2.deloitte.com/us/en/pages/careers/articles/join-deloitte-assistance-for-disabled-applicants.html
As a Senior Consultant, you will help clients and internal delivery teams move from AI principles to practices: risk tiering, model and agent inventories, technical guardrails, governance workflows integrated into the SDLC, and evidence artifacts suitable for audits and regulators.
Work You'll Do
Watch this video to learn more about Deloitte LLP
You will lead and deliver AI governance, privacy, and security outcomes across the AI lifecycle, including:
• Designing pragmatic AI governance operating models (intake, risk tiering, approvals, documentation standards, exception handling, and audit readiness) with a focus on GenAI and agentic AI deployments.
• Building and maintaining AI system inventories (models, agents, tools, data sources, integrations), with clear ownership, intended use, risk classification, and change-control expectations.
• Conducting AI risk assessments for privacy, security, model risk, and misuse-including prompt injection, sensitive data exposure, excessive agency, and overreliance-and translating findings into implementable mitigations.
• Establishing technical control guidance for teams building agentic AI solutions: human-in-the-loop patterns, tool access controls, safe retrieval and grounding practices, logging/monitoring, token and data minimization, and incident response playbooks.
• Implementing "governance in the workflow" by integrating governance checkpoints into product and engineering delivery (architecture reviews, release gates, evaluation requirements, documentation automation, and evidence capture).
• Standing up or enhancing evaluation and monitoring approaches for GenAI systems: test plans, safety and quality metrics, red teaming workflows, and reporting dashboards for leaders and risk stakeholders.
• Partnering cross-functionally with Cybersecurity, Privacy, Legal, Risk, Engineering, and Data Science to drive adoption and ensure governance guidance is usable, measurable, and repeatable.
The Team
You will join a cross-functional group working at the intersection of cyber, privacy, governance, and emerging AI delivery. The team helps organizations scale AI responsibly by combining governance and engineering patterns so teams can innovate faster without compromising trust.
Qualifications
Required
• Bachelor's degree or equivalent practical experience.
• 4+ years of experience in one or more of the following: AI governance, data privacy, security risk management, compliance and controls, AI product risk, model risk management, or technology risk consulting.
• Demonstrated experience translating policies and regulatory expectations into operational workflows, artifacts, and controls (e.g., intake processes, inventories, decision logs, risk registers, RACI, playbooks).
• Working knowledge of AI/ML/LLM systems and delivery lifecycles sufficient to assess real deployment risks and mitigations (training vs. RAG vs. fine-tuning vs. tool use, data dependencies, integration patterns).
• Software development fluency: ability to collaborate with engineering teams on implementation details; ability to prototype or automate governance workflows in Python/SQL and to understand CI/CD and cloud deployment basics.
• Practical experience with privacy program execution and artifacts (PIAs/DPIAs, vendor reviews, data inventories, data minimization, retention, and access control principles).
• Ability to communicate clearly with both technical and non-technical stakeholders and produce executive-ready reporting.
• Ability to travel 0-50%, on average, based on client and project needs.
• Limited immigration sponsorship may be available.
Preferred
• Previous consulting or Big 4 experience.
• Hands-on experience operationalizing AI governance aligned to frameworks such as the NIST AI RMF and/or ISO/IEC 42001, with awareness of risk-based AI regulatory regimes (e.g., EU AI Act).
• Experience with GenAI safety and evaluation practices (prompt injection testing, jailbreak resilience, hallucination measurement, toxicity/harm scoring, grounding effectiveness).
• Familiarity with governance tooling and workflow platforms (e.g., OneTrust, GRC platforms, ticketing/workflow systems) and how to integrate them into engineering delivery.
• Certifications such as CIPP/US, CIPM, IAPP AIGP, CISM, or CISSP.
• Prior experience in cyber or enterprise security contexts (data security, identity, audit logging, secure SDLC).
• Experience designing Human-in-the-Loop escalation pathways, exception handling, and automated safety protocols for highly autonomous systems.
The wage range for this role takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs. The disclosed range estimate has not been adjusted for the applicable geographic differential associated with the location at which the position may be filled. At Deloitte, it is not typical for an individual to be hired at or near the top of the range for their role and compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range is $118,700 - 218,600.
You may also be eligible to participate in a discretionary annual incentive program, subject to the rules governing the program, whereby an award, if any, depends on various factors, including, without limitation, individual and organizational performance.
Information for applicants with a need for accommodation: https://www2.deloitte.com/us/en/pages/careers/articles/join-deloitte-assistance-for-disabled-applicants.html
Company Details
Deloitte LLP
New York City, NY, United States
Don't imagine what's next. Discover it. We provide industry-leading audit & assurance services, consulting, tax and advisory services to many of... Read more