AI Governance, Risk & Security Analyst

About The Position

Requirements

• 2–5 years of experience in cybersecurity, IT risk management, compliance, or public-sector technology roles.
• Understanding of artificial intelligence/machine learning concepts and AI lifecycle basics.
• Knowledge of information security principles, state IT security policies, and data protection requirements.
• Strong analytical and documentation skills with the ability to interpret regulations and apply them to technology systems.
• Ability to communicate clearly with technical and non-technical staff, leadership, and oversight bodies.

Nice To Haves

• Master’s degree in information security, Data Science, Public Administration, or related discipline.
• Experience working in state or local government.
• Knowledge of AI governance frameworks such as NIST AI RMF or ISO 42001.
• Certifications such as Security+, CC, CRISC, CISSP (associate), CIPP, or similar.
• Experience with procurement reviews, third party risk assessments, or statewide technology governance.

Responsibilities

• Assist in implementing statewide and agency-level AI governance frameworks, standards, and procedures.
• Support documentation requirements for AI use cases, including approvals, change management, audit trails, model descriptions, and compliance reports.
• Maintain alignment with state legislation, executive orders, and IT governance directives applicable to AI usage.
• Help ensure the agency’s AI activities adhere to principles of public transparency, fairness, and accountability.
• Conduct AI risk and impact assessments, including evaluations for privacy impact, algorithmic bias, ethical considerations, and public-sector compliance.
• Identify risks related to data integrity, bias, hallucinations, records retention, misuse, and accessibility.
• Support compliance efforts with state and federal laws, including public records requirements, security statutes, accessibility standards, and procurement policies.
• Assist with audit responses, legislative inquiries, and reporting obligations related to AI use.
• Evaluate the security posture of AI systems, including vendor-hosted solutions, cloud platforms, and internal models.
• Analyze potential vulnerabilities such as data leakage, model manipulation, prompt injection, and unauthorized access.
• Assist cybersecurity teams in applying state security controls to AI tools, including identity management, encryption, logging, and monitoring.
• Participate in third party and procurement reviews to identify risks associated with external AI providers.
• Maintain the agency’s inventory of AI systems, use cases, and risk levels.
• Document assessments, findings, mitigations, approvals, and governance decisions.
• Assist in preparing reports for statewide oversight bodies or legislative committees, as required by policy or statute.
• Provide guidance to staff on responsible AI use, disclosure requirements, and security considerations.
• Support development and delivery of training materials to raise awareness of AI risks and obligations in the public sector.
• Collaborate with IT, legal, compliance, procurement, and program teams to identify requirements and promote secure adoption.

Benefits

• Generous leave including 15 days of vacation, 15 days of sick leave and 11 paid holidays annually.
• A comprehensive Benefit Package with a generous benefit allowance to offset the cost of insurance premiums for employees and their eligible dependents.