GDMS Senior AI Governance & Risk Specialist

General Dynamics Mission Systems, Inc•San Jose, CA

8d•$144,451 - $152,000

About The Position

GDMS operates one of the largest enterprise AI deployments in the defense industry, deeply embedded in the workforce. The governance challenge is to keep pace with AI adoption while ensuring all deployments meet risk, security, and compliance standards for mission-critical defense work. As a Sr. AI Governance & Risk Specialist on the Agentic AI Governance team, you will execute daily tasks to ensure GDMS AI deployments are safe, accountable, and trusted. This involves leading AI risk assessments, conducting governance audits, ensuring adherence to AI regulations, implementing corrective actions, and serving as a subject matter expert for engineering and program teams. You will work directly with agentic tools and applications to understand their behavior and governance needs. The role requires a blend of technical literacy and governance discipline, with the ability to assess risk precisely and translate controls into practical checks. You will collaborate with Legal, Privacy, Business Unit leads, AI Reliability Engineering, and Cybersecurity to maintain AI velocity without unacceptable risk. This foundational work bridges policy, risk, and technical implementation, demanding sound judgment and accountability.

Requirements

Bachelor's degree or equivalent is required or the combination of education and relevant work experience plus minimum of 8 years of relevant experience; or Master's degree plus a minimum of 6 years of relevant experience.
U.S. citizenship is required.
Collaborates and works effectively cross-functionally throughout the business, including with Legal, Information Technology, Cybersecurity, Security, and Contracts organizations.
Excellent computer and data management knowledge, including IT Security, Cybersecurity, and cloud infrastructure concepts as they apply to AI system risk.
Excellent ability to communicate comfortably with senior management, translating complex AI risk and governance topics into clear, decision-ready information.
Excellent ability to manage a risk profile and design effective mitigation strategies appropriate to AI and agentic system risk scenarios.
Working knowledge of NIST AI RMF, OMB AI guidance, FAR/DFARS AI requirements, DoD Responsible AI principles, CMMC implications, EU AI Act, GDPR, UK AI Governance Framework, ISO 42001, OECD AI Principles, and emerging state laws (Colorado, California, Virginia, Texas).
Hands-on familiarity with Microsoft Copilot, Microsoft Purview, OpenAI, Anthropic, Google, and open-source AI ecosystems; awareness of Palantir, Snowflake, Databricks, ServiceNow.
Understanding of Agentic AI 7-layer operating model, MCP architectures, tool calling, agent-to-agent communications, and human approval gates.
Excellent analytical, written, and presentation skills; demonstrated ability to produce governance documentation, policy materials, and stakeholder briefings of high quality.

Nice To Haves

Certifications highly sought include IAPP AI Governance Professional (AIGP), Certified Risk and Information Systems Control (CRISC), Advanced AI Risk (AAIR), ISO 42001.

Responsibilities

Conduct and lead comprehensive AI risk assessments and governance audits against emerging regulations for generative AI, LLM-based, and agentic applications; document findings, risk ratings, and mitigation strategies, and lead the implementation of corrective actions.
Evaluate and ensure adherence to government and corporate AI policies, standards, and regulations across the six layers: AI inventory and discovery; data governance; security and access controls; model assurance; human oversight; and compliance and audit.
Apply and maintain tiered governance frameworks calibrated to risk level, ensuring low-risk use cases clear quickly while mid- and high-risk applications receive appropriate scrutiny and escalation.
Maintain the enterprise AI use inventory and control framework, including system inventory, risk register, shadow AI detection, approved use catalog, and control mapping, with accurate and current governance tracking; support dashboard reporting and KPI monitoring for AI governance program health.
Prepare governance recommendations for approval and escalation, ensuring mid- and high-risk AI systems are escalated with clear risk rationale and decision support materials.
Support development of self-service governance tooling, checklists, and playbooks that enable program teams to adopt AI responsibly without requiring individual review for low-risk applications.
Assess risks specific to agentic AI systems and multi-agent architectures including tool-calling behavior, memory and retrieval systems, external API access, autonomous decision loops, and agent-to-agent communication patterns.
Apply failure mode analysis to evaluate behavioral boundaries, unintended action risks, adversarial prompt vulnerabilities, and out-of-scope execution risks for agentic deployments.
Evaluate and document human-in-the-loop (HITL) requirements and escalation thresholds appropriate to each agentic use case based on risk level, decision reversibility, and mission context.
Conduct hands-on evaluation of agentic tools and platforms including AI coding assistants, copilot-style applications, and multi-agent orchestration frameworks to ground governance assessments in actual system behavior rather than vendor documentation alone.
Implement measures to monitor and mitigate risks associated with AI systems and data flows across GDMS IT and network infrastructure; investigate and manage responses to AI governance incidents, anomalies, and inquiries, working to prevent and mitigate exposure.
Maintain AI governance policies for responsible AI deployment, integrating government and corporate AI requirements into policy, standards, procedures, and operational guidance; own the policy lifecycle from drafting through review, approval, and periodic refresh aligned to enterprise risk priorities and evolving regulatory expectations.
Translate regulatory requirements, including NIST AI RMF, OWASP Top 10 for LLMs, MITRE ATLAS, the EU AI Act, applicable U.S. Executive Orders on AI, and ISO 42001, into clear, actionable internal controls and assessment criteria without creating bureaucratic drag.
Monitor the evolving domestic and international AI regulatory landscape; identify changes with organizational impact and escalate findings with recommended policy responses.
Coordinate with Privacy, Legal, Cybersecurity, and IT leadership and assess compliance risk against emerging AI regulations, including the EU AI Act, applicable U.S. Executive Orders on AI, and evolving DoD and federal AI policy, identifying control gaps, quantifying exposure, and recommending corrective measures before requirements become binding obligations.
Produce compliance reporting on AI controls for internal audit, regulatory examination, and governance committee review, documenting control effectiveness, open findings, and remediation status; support audit readiness activities including evidence collection, control validation, and documentation packages suitable for internal and regulatory stakeholder consumption.
Perform ongoing monitoring and validation of deployed AI systems, including review of model performance, drift indicators, bias signals, and continued alignment with approved use scope.
Identify opportunities to apply AI and automation for continuous improvement of the AI governance program itself including automated risk attribution, KPI tracking, and telemetry-driven evidence.
Generate AI risk and governance reporting contributing to dashboards, risk posture summaries, and periodic reports for program leadership and cross-functional stakeholders.
Evaluate effectiveness of cybersecurity controls applied to AI systems (NIST CSF, NIST AI RMF), collaborating with the Cybersecurity organization to integrate governance without duplicating ownership.
Support vendor and third-party AI risk assessments, ensuring AI components from external providers meet GDMS contractual, regulatory, and governance requirements.