Chief Risk & Compliance Officer (CRCO), Technology & Artificial Intelligence

TIAA•Charlotte, NC

9d•Onsite

About The Position

Leads the design and implementation of a technology and AI risk management framework, establishing standards, policies, controls and key risk indicators to identify, assess, monitor, and mitigate risks across the full technology and AI ecosystem. Oversees cybersecurity risk governance, partnering with the Chief Information Security Officer (CISO) to ensure that cyber threats, vulnerability management, and incident response capabilities align with the organization's risk appetite and regulatory obligations. Drives the organization's Responsible AI program in close coordination with the AI Center of Excellence to evolve governance structures for AI risk management as AI capabilities in the industry expand and mature, including model validation, bias detection, explainability standards and ongoing monitoring of AI systems in production. Ensures compliance with applicable technology and AI-related regulations, frameworks, and emerging standards, including but not limited to New York Department of Financial Services (NYDFS) regulations, SEC cybersecurity disclosure rules, NIST AI Risk Management Framework, EU AI Act considerations, and relevant state and federal data privacy laws (e.g., CCPA, state biometric privacy laws). Partners with data governance and privacy leadership to manage risks associated with data collection, storage, use, and sharing, including third-party data risks and AI training data integrity. Leads risk assessment processes for new technology investments, vendor relationships, and third-party/fourth-party technology dependencies, ensuring due diligence and ongoing oversight of critical technology suppliers and third-party providers. Advises executive and business leadership on technology and AI risk implications of strategic initiatives, ensuring risk and compliance considerations are integrated into technology roadmaps, platform modernization efforts, and AI deployment decisions. Chairs or participates in technology risk and AI governance committees, providing timely and transparent reporting to senior leadership and the Board on the risk profile of the technology and AI portfolio. Identifies and responds to emerging risks from the rapid evolution of generative AI, large language models, agentic AI systems, and other frontier technologies (e.g., quantum computing), developing proactive mitigation strategies and organizational guardrails. Manages the performance and professional development of a team of technology risk, compliance and AI governance professionals, providing regular feedback, coaching, and development planning to build organizational capability in this rapidly evolving domain. Collaborates closely with Internal Audit and other Risk & Compliance functions to ensure technology and AI risk and compliance coverage is integrated into broader enterprise risk, compliance and audit programs.

Requirements

10+ years of progressive experience in technology risk, compliance, cybersecurity, or AI governance within a complex, regulated financial services environment.
University degree required
Strong interpersonal skills and the ability to interact effectively with people at all levels of the organization.
Ability to think critically and strategically, finding creative and practical solutions to achieve objectives while managing complex risks.
Excellent oral and written communication skills, including the ability to deliver effective presentations.
Ability to adapt to and support change in dynamic risk environments.
Demonstrated ability to work collaboratively with cross-functional groups and provide tactical support to senior management.
A highly collaborative team player who can effectively manage and influence relationships that are widely dispersed both functionally and geographically.

Nice To Haves

Demonstrated experience with AI risk frameworks and emerging regulatory requirements strongly preferred.
Experience with New York Department of Financial Services (NYDFS) Regulation 500 compliance also desired.
advanced degree in Computer Science, Information Systems, Risk Management, Law, or a related field preferred.
Professional certifications such as CISM, CISA, CISSP, or equivalent AI governance credentials are a plus.

Responsibilities

Leads the design and implementation of a technology and AI risk management framework, establishing standards, policies, controls and key risk indicators to identify, assess, monitor, and mitigate risks across the full technology and AI ecosystem.
Oversees cybersecurity risk governance, partnering with the Chief Information Security Officer (CISO) to ensure that cyber threats, vulnerability management, and incident response capabilities align with the organization's risk appetite and regulatory obligations.
Drives the organization's Responsible AI program in close coordination with the AI Center of Excellence to evolve governance structures for AI risk management as AI capabilities in the industry expand and mature, including model validation, bias detection, explainability standards and ongoing monitoring of AI systems in production.
Ensures compliance with applicable technology and AI-related regulations, frameworks, and emerging standards, including but not limited to New York Department of Financial Services (NYDFS) regulations, SEC cybersecurity disclosure rules, NIST AI Risk Management Framework, EU AI Act considerations, and relevant state and federal data privacy laws (e.g., CCPA, state biometric privacy laws).
Partners with data governance and privacy leadership to manage risks associated with data collection, storage, use, and sharing, including third-party data risks and AI training data integrity.
Leads risk assessment processes for new technology investments, vendor relationships, and third-party/fourth-party technology dependencies, ensuring due diligence and ongoing oversight of critical technology suppliers and third-party providers.
Advises executive and business leadership on technology and AI risk implications of strategic initiatives, ensuring risk and compliance considerations are integrated into technology roadmaps, platform modernization efforts, and AI deployment decisions.
Chairs or participates in technology risk and AI governance committees, providing timely and transparent reporting to senior leadership and the Board on the risk profile of the technology and AI portfolio.
Identifies and responds to emerging risks from the rapid evolution of generative AI, large language models, agentic AI systems, and other frontier technologies (e.g., quantum computing), developing proactive mitigation strategies and organizational guardrails.
Manages the performance and professional development of a team of technology risk, compliance and AI governance professionals, providing regular feedback, coaching, and development planning to build organizational capability in this rapidly evolving domain.
Collaborates closely with Internal Audit and other Risk & Compliance functions to ensure technology and AI risk and compliance coverage is integrated into broader enterprise risk, compliance and audit programs.