Vice President - Data & AI Risk

Role Description

The Vice President (VP), Data and AI Risk Oversight, supports AI Risk Management for the SMBC Group Americas Division (AD) in accordance with applicable regulations, home office policies, and industry best practices.
The Risk Management Department (RMDAD) serves as the second line of defense, responsible for monitoring and assessing business practices against the firm’s risk appetite framework. Within RMDAD, the Tech, Data, and Cyber Risk Oversight (TDCRO) team maintains oversight responsibility for AI governance and AI risk management.

The VP, AI Risk Oversight, supports the Director, AI Risk Oversight by providing independent second line review and challenge of the design and execution of the firm’s AI governance approach, including alignment of controls to AI risks. The role helps develop and operate the second line AI risk management program, including the AI Risk Management Framework, ongoing lifecycle monitoring, risk foundations (policies, taxonomy), and key AI risk metric development and reporting.

Role Responsibilities:

•    Support the Director, AI Risk Oversight and the ED, Data and AI Risk Oversight in providing second line oversight and effective challenge of AI/GenAI initiatives and use cases, ensuring AI related risks are appropriately governed, managed, and controlled.
•    Support the build out and ongoing enhancement of the second line AI Risk Management Framework and oversight approach (risk identification, assessment, monitoring, and reporting), including the ability to produce and communicate overall risk profiles for AI use (on prem or third party hosted).
•    Provide advisory support and partner with AI governance stakeholders (business, technology, data, model owners, and compliance) to drive timely remediation of identified issues, strengthen AI controls, and escalate themes/risks as needed.
•    Contribute to the development and enhancement of second line AI risk policies, standards, and guidance, including aligning expectations to applicable regulatory and enterprise requirements.
•    Review and challenge of first line AI governance policies, standards, procedures, controls, risk metrics/indicators, and Risk and Control Self Assessments (RCSAs) related to AI use (including GenAI), such as use case approval, human in the loop controls, monitoring, and incident management.
•    Maintain awareness of regulatory changes, supervisory guidance, new products/initiatives, process changes, control enhancements, and issues impacting AI risk (e.g., model risk, privacy, cyber, third party, and conduct risk).

Qualifications and Skills

•    Strong knowledge of AI/ML and GenAI risks and controls, with the ability to align AI risk considerations to the firm’s operational risk management framework.
•    Minimum of 7 years of experience in risk management, technology risk, model risk management, data governance, and/or AI/analytics within the financial services industry, including demonstrated experience leading cross functional initiatives.
•    Experience with AI governance, model inventory, or GRC tooling (e.g., model registries, workflow/attestation tools, or governance platforms).
•    Working knowledge of AI governance or risk frameworks (e.g., NIST AI Risk Management Framework), processes, and controls (e.g., model lifecycle management, validation, monitoring), and relevant industry guidance/standards.
•    Experience preparing and delivering materials for senior management and board level committees, with strong communication skills and attention to detail.
•    Strong organizational and time‑management skills, with the ability to manage multiple concurrent priorities in a matrixed environment.
•    Experience supporting regulatory or audit remediation related to AI/model risk, technology risk, and data/privacy issues.
•    Bachelor’s degree required; Master’s degree preferred.
•    DCAM/DAMA/CDMP (or similar industry) certification preferred. Additional certifications in risk, audit, cloud, or analytics/AI (as applicable) are a plus.