Data & AI Governance and Risk, SVP

 Role Mandate 

Establish and operate enterprise-wide governance, risk, and regulatory oversight for Data, AI, and Agentic AI—including authoritative data sourcing—and proactively elevate the firm’s regulatory posture while enabling streamlined, standard approval of AI capabilities across the enterprise. 

Role Purpose 

The Head of Data & AI Governance and Risk is accountable for ensuring that all enterprise Data, AI, and Agentic AI capabilities are well‑governed, high‑quality, trusted, and regulator‑ready, while enabling innovation to scale safely across all lines of business. 

This role defines and maintains the enterprise policies, standards, and governance operating model for Data and AI and serves as the single global point of accountability for Data and AI–related regulatory, audit, and supervisory engagement. 

The role operates proactively, anticipating regulatory direction and strengthening the firm’s posture ahead of examinations. It actively engages in all ongoing regulatory efforts related to data, risk, and AI, partnering with appropriate bank owners to ensure coordinated execution and durable remediation. 

In partnership with each line of business, this role defines the strategic target state for Data and AI governance, ensuring clarity and consistency across ownership, stewardship, authoritative sourcing, data quality, and approval expectations. 

The role is intentionally independent of platform build, model development, and use‑case delivery. Success is measured by regulatory confidence, enterprise trust, data quality, and speed enabled through strong governance and streamlined processes. 

Key Responsibilities 

Enterprise Data, AI & Agentic AI Governance 

• Define, maintain, and evolve enterprise-wide policies, standards, and control frameworks for:  

• Data governance and data management 

• AI, GenAI, and Agentic AI 

• Responsible AI and AI risk classification 

• Third‑party and vendor AI usage 

• Ensure governance applies across the full lifecycle of data and AI assets, from design through retirement. 

Strategic Governance Target State (LOB Partnership) 

• Partner with each line of business to define and maintain the target state for Data and AI governance aligned to enterprise standards and regulatory expectations. 

• Translate enterprise governance principles into domain‑specific, actionable models. 

• Provide governance leadership into Data & AI roadmaps without owning delivery or architecture decisions. 

Authoritative Data Sources, Ownership & Stewardship 

• Establish and operate the enterprise framework for authoritative data sources by data domain and key data element. 

• Partner with data owners and data stewards to:  

• Designate approved and trusted data sources 

• Resolve conflicts between competing sources 

• Ensure lineage, data quality, and fitness for purpose 

• Ensure consistent use of authoritative data sources across analytics, reporting, and AI use cases. 

Enterprise Data Competency 

• Institutionalize the enterprise data governance operating model, including:  

• Data ownership and accountability 

• Data steward roles and responsibilities 

• Management of key data elements and critical data assets 

• Embed data accountability into business processes across all lines of business. 

AI Inventory, Classification & Streamlined Approvals 

• Own the enterprise inventory of AI initiatives across AI, GenAI, ML, and Agentic AI. 

• Ensure inventories, classifications, and definitions align with NIST AI Risk Management Framework and applicable regulatory expectations. 

• Design and operate streamlined, tiered approval processes for all AI types, ensuring:  

• Consistent intake and classification 

• Clear routing to required partners (e.g., Model Risk Management, Legal, Privacy, Security) 

• Predictable and efficient approval timelines 

• Monitor adherence to approval processes and continuously improve them to reduce friction and late-stage escalation. 

Model Risk Management Partnership 

• Partner closely with the Model Risk Management (MRM) function. 

• Ensure AI and ML use cases are appropriately classified and routed to MRM where required. 

• Align governance standards and approval workflows with MRM requirements without duplicating or owning MRM accountabilities. 

Data Quality & Data Incident Management 

• Define enterprise standards for data quality measurement, monitoring, and control. 

• Own enterprise processes for data issues and incidents, including root cause analysis, remediation tracking, and escalation. 

• Partner with business and platform teams to embed preventive and detective quality controls. 

Regulatory Leadership & Proactive Engagement 

• Act as the single enterprise point of contact for regulators, audit, and external inquiries related to Data and AI. 

• Proactively assess emerging regulatory expectations and drive early alignment across the firm. 

• Coordinate and participate in all active regulatory efforts relating to data, technology, and AI, working with appropriate bank owners. 

• Lead regulatory examinations, findings, and remediation programs (e.g., BCBS 239, MRAs). 

• Ensure regulatory learnings are converted into durable governance and process improvements. 

Enterprise Partnership & Operating Model Stewardship 

• Partner with:  

• Data Architecture to align governance intent with target architectures 

• Data & AI Platforms to embed controls, approvals, and authoritative sourcing 

• Enablement teams to operationalize compliant pathways 

• Business leaders to adopt governance consistently 

• Maintain independence from delivery while actively shaping enterprise design decisions. 

• Continuously evolve governance practices to match regulatory and technology change.