Data and AI Governance, Risk, and Compliance Specialist

Data and AI Governance, Risk, and Compliance Specialist

This role directly reports to and supports the Associate Director of T&O Risk (1B) - Business Risk Advisory and Controls - Testing & Advisory. The Data and AI Governance, Risk, and Compliance Specialist will provide independent advisory, oversight, and validation of governance, risk, and control activities supporting Enterprise Data Governance and AI Governance. This position also involves supporting Product/Service/Process Risk Assessments (PSPRA) and Regulatory Compliance Risk Assessment (RCRA), maintaining Process Risk and Control (PRC) libraries, and advising on Key Risk Indicators (KRIs). The role requires close collaboration with First Line of Defense (1LOD) and Regulatory Compliance and Risk related Second Line of Defense (2LOD) partners to strengthen governance and risk management across the enterprise.

Key Responsibilities

Governance, Risk & Compliance (Advisory)

• Maintains a strong understanding of applicable regulatory requirements, industry standards, and internal policy frameworks; monitors changes and provides timely governance, risk, and control insights.
• Supports PSPRA, RCRA and other risk assessment activities across Data Governance and AI‑related processes from an advisory and challenge perspective.
• Provides governance and control advisory support to business partners, clarifying expectations and risk considerations without directing operational decision‑making.
• Applies governance frameworks and control principles to assess alignment of business practices with enterprise standards and risk appetite.
• Communicates governance, risk, and control considerations clearly to stakeholders, supporting informed decision‑making and consistent application of expectations.

Governance Advisory & Enablement

• Serves as a governance advisor to business and technology stakeholders, providing guidance on risk management practices, control design considerations, and policy interpretation.
• Supports the development, refinement, and socialization of governance standards, procedures, and guidance related to Data and AI risk management.
• Facilitates governance forums, working sessions, and stakeholder discussions to promote shared understanding of governance expectations and emerging risks.
• Reviews governance artifacts, assessments, and documentation prepared by others to provide advisory feedback on completeness, clarity, and alignment with governance and risk standards.
• Identifies governance gaps, emerging risks, or areas of inconsistency and escalates observations with clear articulation of risk and impact.
• Prepares governance summaries, advisory materials, and reporting to support leadership oversight and informed risk discussions.

Relationship Management & Collaboration

• Builds and maintains strong working relationships with internal and external partners, particularly across first‑ and second‑line functions.
• Acts as a trusted governance, risk, and control advisor to stakeholders, balancing effective challenge with collaboration.
• Develops a deep understanding of end‑to‑end business processes related to data and AI model risk management and lifecycle management to provide relevant and practical guidance.
• Partners with stakeholders to support governance alignment while respecting ownership and accountability within the first line of defense.

General Responsibilities

• Continuously enhances knowledge and skills in Data and AI governance, compliance, and risk management.
• Works independently, exercising sound judgment to identify, assess, and escalate governance or control concerns within defined guidelines.
• May assume additional responsibilities aligned with governance, risk, and control advisory needs.
• Coaches and mentors junior staff to strengthen governance understanding, consistency, and advisory effectiveness across the team.

Qualifications

Required

• Typically, 5 - 7 years of relevant experience in governance, risk, compliance, data governance, AI governance, risk management, audit, or related disciplines, with a strong focus on advisory and oversight activities.
• Strong knowledge of Data and AI governance risk and regulatory requirements, including data privacy, data quality, model risk, and emerging AI governance considerations.
• Solid understanding of applicable regulations, industry standards, and control frameworks relevant to enterprise risk management and the data and AI lifecycle.
• Experience supporting risk assessments (e.g., PSPRA, RCRA, process risk and control assessments), including advising on risk identification, control considerations, and Key Risk Indicators (KRIs).
• Strong analytical and critical‑thinking skills, with the ability to assess governance and control alignment, identify gaps, and articulate risk implications.
• Effective communication, collaboration, and stakeholder management skills, with the ability to influence across first‑ and second‑line functions.
• Ability to work independently, exercise sound judgment, and appropriately escalate governance or risk concerns.

Required professional certifications:

• CDMP - Certified Data Management Professional (by DAMA)
• CRISC - Certified in Risk and Information Systems Control (by ISACA) OR CGRC - Certified in Governance, Risk and Compliance (by ISC2)

Preferred certifications:

• AIGP – Artificial Intelligence Governance Professional (by IAPP)
• ISO/IEC 42001 – AI Lead Auditor/Implementer (by ISO)

Salary Information

The salary for this position ranges from $69,000.00 to $129,000.00 annually. Actual salaries will vary based on factors such as location, skills, experience, education, and qualifications for the role. BMO Financial Group's total compensation package includes performance-based incentives, discretionary bonuses, health insurance, tuition reimbursement, accident and life insurance, and retirement savings plans.

About BMO

At BMO, we are driven by a shared Purpose: Boldly Grow the Good in business and life. This commitment calls on us to create lasting, positive change for our customers, communities, and people. By working together, innovating, and pushing boundaries, BMO transforms lives and businesses, powering economic growth around the world. As a member of the BMO team, you are valued, respected, and heard, with numerous opportunities to grow and make an impact. We strive to help you make an impact from day one, supporting you with the tools and resources needed to reach new milestones.

Key skills/competency

• Data Governance
• AI Governance
• Risk Management
• Regulatory Compliance
• Control Frameworks
• Advisory Services
• Risk Assessment
• Stakeholder Management
• Data Privacy
• Model Risk