AI Risk and Compliance Manager

Spark Trajectory Intranet and Digital Workplace Roles and Teams > This role

What does the role AI Risk and Compliance Manager do?

The AI Risk and Compliance Manager is the mid-level operational role responsible for executing the organisation's AI risk management and regulatory compliance programme. The role translates governance frameworks into working processes — running risk assessments, managing DPIA and audit processes, maintaining the AI inventory, monitoring compliance with the EU AI Act and GDPR, and coordinating incident response. It typically sits within Legal, Compliance, Risk, or the AI Governance function and is the most commonly recruited mid-level AI governance role. In organisations without a dedicated CAIO or AI Governance Lead, this role frequently absorbs upward responsibilities by default.

Also known as

  • AI Compliance Manager
  • AI Risk Manager
  • AI Governance Manager
  • Responsible AI Manager
  • AI Assurance Manager
  • Technology Risk Manager (AI)
  • AI and Data Compliance Manager
  • AI Governance Specialist
Occasional prevalence

This role is sometimes found in larger organisations

Primary responsibilties

  • Maintains and updates the AI inventory including risk classification, data sources, and deployment status
  • Conducts AI risk assessments for new use cases applying the organisation's classification methodology
  • Manages DPIA processes for AI systems processing personal data, coordinating with the DPO and legal function
  • Monitors compliance with the EU AI Act, GDPR, and applicable sector-specific regulation
  • Reviews and maintains AI-related policies, acceptable use guidelines, and governance documentation
  • Supports vendor due diligence for AI tools and reviews supplier contracts for AI-specific provisions
  • Coordinates incident response for AI-related errors, adverse outputs, or regulatory events

Related teams

We've known this role to be part of the following teams:
AI Governance Function

Skills profile

Note: This is what we documented as an exemplar. It's unlikely to always be the case and relates to a role's involvement with the delivery of digital employee experience and perhaps not everything they do. You can open this in the Skills Profile Builder if you want to customise it.

Apprentice

Limited but increasing capabilities based on learning and on-the-job experience, but guidance and mentoring is required to fulfil potential.

Practitioner

Good professional capabilities sufficient for many circumstances and roles. Able to guide and mentor apprentices.

Master

Abilities that are the best in the professional field, gained from significant experience. Able to teach and guide others in their development.
{"operational-governance":1,"stakeholder-management":1,"incident-and-problem-management":2,"risk-management":3}

Outline job description

The AI Risk and Compliance Manager is the mid-level operational role responsible for making the organisation's AI governance commitments real: translating frameworks into working processes, running risk assessments, maintaining the AI inventory, and making sure the organisation stays on the right side of a rapidly evolving regulatory landscape.

About the role

This is a process-oriented, execution-focused role that sits at the heart of the AI governance operation. You'll be running the day-to-day machinery: assessments, audits, DPIAs, incident coordination, policy maintenance, and vendor due diligence. It requires rigour, good judgement under uncertainty, and the ability to communicate clearly about risk to people who aren't specialists.

The role typically sits within Legal, Compliance, Risk, or the AI Governance function, reporting to the AI Governance Lead or Chief AI Officer where those roles exist. In organisations without a dedicated senior AI governance post, this role frequently absorbs upward responsibilities by default.

What you'll actually be doing

Much of the job involves running structured processes: maintaining the AI inventory, conducting risk assessments for new use cases, managing DPIAs for AI systems that process personal data, and monitoring compliance with the EU AI Act, GDPR, and applicable sector regulation. You'll also be doing the quieter but important governance maintenance work — keeping policies current, reviewing vendor contracts for AI-specific provisions, and supporting due diligence when new AI tools are being procured.

When something goes wrong: an AI system produces a harmful output, a regulatory query arrives, an incident needs coordinating, you'll be closely involved in the response.

What we're looking for

Experience in risk management, compliance, or governance roles, with some exposure to AI, data protection, or technology risk. A working knowledge of the EU AI Act and GDPR, and the ability to apply regulatory requirements to practical operational situations. Process discipline and rigour about documentation are essential — the credibility of the governance programme depends on records being accurate and complete.

Some understanding of how AI systems work (not at an engineering level, but enough to make sensible risk classification decisions) is increasingly expected.

Typical background

Most people in this role come from compliance, legal operations, risk management, or data protection backgrounds. GDPR and DPIA experience is normally required. AI-specific qualifications such as the IAPP AI Governance Professional (AIGP) are increasingly common.

Download this outline job description

Download this as Markdown (for Notion), RTF (for Word) or Plain Text (for nerds and primitives).

Errors? Disagreements? Omissions?

We have hopefully created these exemplars with thought and care. It is not the only way of looking at these roles and teams in the world, and relates specifically to the intranet and digital workplance profession. It therefore concentrates on some things and ignores others.

If you find an error, disagree wholeheartly or feel there is a glaring ommission we'd love to know.

contact us

License

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.

Creative Commons License

Attribution-NonCommercial 4.0 International (CC BY-NC 4.0)

  • Share — copy and redistribute the material in any medium or format
  • Adapt — remix, transform, and build upon the material
  • Attribution — You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use.
  • NonCommercial — You may not use the material for commercial purposes.

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.