The AI Governance, Risk & Compliance Program Manager leads the development and execution of Pillsbury’s AI governance program to support the responsible use of artificial intelligence across the Firm. This role focuses on AI compliance, risk management, policy development, internal governance, vendor oversight, and strategic program coordination to help ensure the Firm’s use of AI aligns with legal, regulatory, client, and business expectations.
This position works closely with GRC, IT, Information Security, Privacy, Legal, Chief AI Office, and business stakeholders to establish practical governance structures for third-party AI tools and internal AI systems, including AI-specific requirements that integrate into the Firm’s broader vendor risk management process. The Program Manager will help define the Firm’s approach to AI risk, interpret evolving requirements, draft and maintain AI-related policies and standards, and support both internal and client-facing governance needs.
KEY RESPONSIBILITIES
AI Governance Program Leadership
- Lead the day-to-day execution and ongoing maturity of the Firm’s AI governance, risk, and compliance program.
- Help define and operationalize the Firm’s governance framework for third-party and internal AI tools.
- Establish clear processes for AI intake, review, approval, documentation, and oversight.
- Partner with the Director, GRC, and Chief AI Officer to align AI governance priorities with Firm strategy and risk tolerance.
Policy Development & Interpretation
- Draft, maintain, and interpret AI-related policies, standards, procedures, and governance guidance for the Firm.
- Translate evolving legal, regulatory, and client expectations into practical internal requirements and operational controls.
- Provide policy interpretation and guidance to business and technology stakeholders on the appropriate use of AI-enabled tools.
- Help ensure AI governance documentation remains current, practical, and aligned with the Firm’s broader risk and compliance framework.
Vendor AI Governance
- Establish and maintain the AI governance framework, review standards, and control expectations used to assess third-party AI vendors.
- Partner with GRC Analysts responsible for third-party management to integrate AI-specific requirements into the Firm’s vendor review process.
- Provide consultation on higher-risk, complex, or novel AI vendor reviews, including issues related to data use, model behavior, human oversight, and regulatory exposure.
- Collaborate with Legal, Privacy, Information Security, Chief AI Office, and business stakeholders to define appropriate governance conditions for approved AI-enabled vendors.
- Help ensure approved AI vendors are subject to clear usage boundaries, documentation standards, and ongoing governance expectations.
- Lead governance activities for internal AI systems and AI-enabled workflows used by the Firm.
- Define requirements related to acceptable use, human oversight, output validation, escalation, transparency, and monitoring.
- Assess internal AI use cases for alignment with Firm policy, client expectations, and applicable legal and regulatory requirements.
- Ensure governance expectations are clearly documented for approved internal AI use cases, including risk considerations, controls, and oversight requirements.
- Monitor and interpret emerging AI laws, regulations, standards, and client requirements across key jurisdictions, including the U.S., UK, and EU.
- Advise internal stakeholders on the practical implications of AI-related legal and regulatory developments.
- Support the Firm’s efforts to maintain a defensible and scalable AI governance posture across jurisdictions.
- Identify areas where new or revised internal policy, process, or controls may be needed based on changes in the regulatory landscape.
- Lead or support responses to client-facing AI questionnaires, outside counsel guidelines, and other AI-related diligence requests.
- Help ensure the Firm can clearly and consistently articulate its governance approach for AI-related tools and use cases.
- Coordinate with internal stakeholders to gather, validate, and organize information needed for client and regulatory responses.
- Help design and maintain an auditable AI governance control environment for the Firm.
- Develop and maintain documentation, evidence, and governance artifacts to support internal audits, client reviews, regulatory inquiries, and potential future external assurance or certification efforts.
- Lead or support control mapping, gap assessments, remediation tracking, and evidence collection related to AI governance requirements.
- Partner with cross-functional stakeholders to evaluate the design and effectiveness of AI-related controls and governance processes.
- Monitor emerging AI assurance frameworks, certification models, and audit expectations to help position the Firm for future external validation if pursued.
- Help develop and deliver training and awareness materials related to responsible AI use.
- Provide practical, business-oriented guidance to attorneys and business professionals on the appropriate use of AI-enabled tools.
- Facilitate cross-functional working sessions, governance meetings, and program maturity initiatives.
- Track and report on key AI governance activities, risks, remediation items, and milestones for leadership.
REQUIRED EDUCATION, KNOWLEDGE & EXPERIENCE
- Bachelor's degree in Information Systems, Data Science, or related field preferred.
- 7+ years of experience in governance, risk, compliance, privacy, information security, technology risk, regulatory compliance, or related discipline.
- Experience leading or managing cross-functional governance or compliance programs in an enterprise or professional services environment.
- Familiarity with AI governance concepts and risks, including third-party AI vendors, generative AI tools, and internal AI use cases.
- Familiarity with AI-related regulatory developments in the U.S., UK, and EU.
- Experience drafting, interpreting, and implementing policies, standards, procedures, or governance frameworks.
- Experience supporting audits, assessments, control reviews, or compliance readiness activities.
- Experience working cross-functionally with Legal, IT, Security, Privacy, and business stakeholders.
- Strong understanding of confidentiality, data protection, and risk management principles.
- Ability to translate complex legal, regulatory, or technical issues into clear, business-oriented guidance.
- Strong organizational skills, sound judgment, and attention to detail.
PREFERRED QUALIFICATIONS
- Experience supporting AI governance, privacy, compliance, or technology risk efforts in a law firm or professional services environment.
- Experience supporting client-facing questionnaires, outside counsel guidelines, or similar diligence processes.
- Experience reviewing vendor security documentation, privacy materials, contracts, and product data flows.
- Knowledge of governance and control frameworks such as ISO 27001, NIST, or related privacy and security standards.
- Familiarity with emerging AI assurance frameworks, responsible AI control models, or certification approaches.
- Relevant certifications in compliance, privacy, security, governance, or risk management are a plus.
- Strong written and verbal communication
- Strategic thinking and program leadership
- Governance and compliance mindset
- Analytical problem-solving
- Sound judgment and risk balancing
- Policy drafting and interpretation
- Ability to manage multiple workstreams simultaneously
- Cross-functional collaboration and stakeholder management
PHYSICAL REQUIREMENTS
- Ability to sit and stand for extended periods.
- Ability to lift up to 15 pounds.
The expected salary range for this position is $125,000 - $135,000. Final compensation will be determined based on several factors, including but not limited to, relevant experience, qualifications, skill set, and geographic location.
Pillsbury Winthrop Shaw Pittman LLP is an Equal Opportunity Employer.
If you require an accommodation in order to apply for a position, please contact us at [email protected].
Skills Required
- 7+ years in governance, risk, compliance, privacy, information security, technology risk, regulatory compliance, or related discipline
- Experience leading or managing cross-functional governance or compliance programs in an enterprise or professional services environment
- Familiarity with AI governance concepts and risks, including third-party AI vendors, generative AI tools, and internal AI use cases
- Familiarity with AI-related regulatory developments in the U.S., UK, and EU
- Experience drafting, interpreting, and implementing policies, standards, procedures, or governance frameworks
- Experience supporting audits, assessments, control reviews, or compliance readiness activities
- Experience working cross-functionally with Legal, IT, Information Security, Privacy, and business stakeholders
- Strong understanding of confidentiality, data protection, and risk management principles
- Ability to translate complex legal, regulatory, or technical issues into clear, business-oriented guidance
- Strong organizational skills, sound judgment, and attention to detail
- Bachelor's degree in Information Systems, Data Science, or related field
- Experience supporting AI governance, privacy, compliance, or technology risk efforts in a law firm or professional services environment
- Experience supporting client-facing questionnaires, outside counsel guidelines, or similar diligence processes
- Experience reviewing vendor security documentation, privacy materials, contracts, and product data flows
- Knowledge of governance and control frameworks such as ISO 27001 or NIST
- Familiarity with emerging AI assurance frameworks, responsible AI control models, or certification approaches
- Relevant certifications in compliance, privacy, security, governance, or risk management
- Ability to sit and stand for extended periods and lift up to 15 pounds
What We Do
Pillsbury Winthrop Shaw Pittman LLP is an international law firm with a particular focus on the technology & media, energy, financial services, and real estate & construction sectors. Recognized by legal research firm BTI Consulting as one of the top 20 firms for client service, Pillsbury and its lawyers are highly regarded for their forward-thinking approach, their enthusiasm for collaborating across disciplines and their authoritative commercial awareness. To learn more, visit pillsburylaw.com. To join the Pillsbury Network LinkedIn group for current and alumni attorneys and staff, go to http://www.linkedin.com/groups?gid=1043837 Comment policy for this page: We reserve the right to remove any post that we deem offensive, inappropriate, or irrelevant to the purpose of this site.




.jpg)


