Cyber AI Governance and Privacy Senior Consultant

Deloitte Deloitte · Consulting

This role focuses on operationalizing responsible AI, particularly for agentic AI and LLM-enabled applications, by blending governance and privacy expertise with software development fluency. It involves creating developer-ready guidance, implementing controls-as-code, and establishing evaluation and monitoring workflows. The consultant will help clients move from AI principles to practices, including risk tiering, model inventories, technical guardrails, and governance integration into the SDLC, ensuring audit-readiness.

What you'd actually do

  1. Designing and implementing AI governance operating models, intake workflows, risk tiering, approvals, documentation standards, exception handling, and audit-ready evidence processes for generative AI and agentic AI deployments.
  2. Building and maintaining inventories for models, agents, tools, data sources, and integrations, with defined ownership, intended use, risk classification, and change-control requirements.
  3. Conducting risk assessments across privacy, security, model risk, and misuse scenarios, including prompt injection, sensitive data exposure, excessive agency, and overreliance, and translating findings into implementable mitigations.
  4. Establishing technical control guidance for teams building agentic AI solutions, including human-in-the-loop patterns, tool access controls, retrieval and grounding practices, logging, monitoring, token and data minimization, and incident response playbooks.
  5. Integrating governance checkpoints into product and engineering delivery through architecture reviews, release gates, evaluation requirements, documentation automation, evidence capture, dashboards, and cross-functional collaboration with Cybersecurity, Privacy, Legal, Risk, Engineering, and Data Science teams.

Skills

Required

  • 4+ years of experience in AI governance, data privacy, security risk management, compliance and controls, AI product risk, model risk management, or technology risk consulting.
  • Experience translating policies and regulatory expectations into operational workflows and artifacts, including intake processes, inventories, decision logs, risk registers, responsibility assignment matrices, playbooks, privacy impact assessments, and data protection impact assessments.
  • Experience assessing AI, machine learning, and LLM deployment patterns, including training, retrieval-augmented generation, fine-tuning, tool use, data dependencies, and integration patterns, and defining mitigations for privacy, security, model risk, and misuse.
  • Experience prototyping or automating governance workflows using Python or Structured Query Language and working with continuous integration and continuous deployment pipelines and cloud deployment
  • Ability to work independently and collaborate as part of a team
  • Effective written and verbal communication skills
  • Meticulous attention to detail and quality of work product
  • Ability to build and sustain professional relationships
  • Ability to lead projects or workstreams
  • Ability to manage and prioritize multiple tasks in a fast-paced and dynamic environment
  • Strong interpersonal skills and professional demeanor
  • Ability to meet deadlines
  • Ability to provide clear guidance to others

What the JD emphasized

  • operationalize responsible AI
  • agentic AI
  • LLM-enabled applications
  • controls-as-code
  • measurable evaluation and monitoring workflows
  • risk tiering
  • model and agent inventories
  • technical guardrails
  • governance workflows integrated into the SDLC
  • evidence artifacts suitable for audits and regulators
  • privacy
  • security
  • model risk
  • misuse scenarios
  • prompt injection
  • sensitive data exposure
  • excessive agency
  • overreliance
  • human-in-the-loop patterns
  • tool access controls
  • retrieval and grounding practices
  • logging
  • monitoring
  • token and data minimization
  • incident response playbooks
  • architecture reviews
  • release gates
  • evaluation requirements
  • documentation automation
  • evidence capture
  • product and engineering delivery
  • AI governance
  • data privacy
  • security risk management
  • compliance and controls
  • AI product risk
  • model risk management
  • technology risk consulting
  • policies and regulatory expectations
  • operational workflows and artifacts
  • intake processes
  • inventories
  • decision logs
  • risk registers
  • responsibility assignment matrices
  • playbooks
  • privacy impact assessments
  • data protection impact assessments
  • AI, machine learning, and LLM deployment patterns
  • training
  • retrieval-augmented generation
  • fine-tuning
  • tool use
  • data dependencies
  • integration patterns
  • mitigations for privacy, security, model risk, and misuse
  • Python
  • Structured Query Language
  • continuous integration and continuous deployment pipelines
  • cloud deployment

Other signals

  • operationalize responsible AI
  • controls-as-code
  • measurable evaluation and monitoring workflows
  • integrate governance checkpoints into product and engineering delivery