Cyber AI Governance and Privacy Senior Consultant

We are seeking an AI Governance and Privacy Specialist who can operationalize responsible AI in real systems-especially agentic AI and LLM-enabled applications. This role blends governance and privacy expertise with enough software development fluency to create developer-ready guidance, implement controls-as-code patterns, and stand up measurable evaluation and monitoring workflows.

As a Senior Consultant, you will help clients and internal delivery teams move from AI principles to practices: risk tiering, model and agent inventories, technical guardrails, governance workflows integrated into the SDLC, and evidence artifacts suitable for audits and regulators.

Recruiting for this role ends on 12/31/2026.

Work you'll do

As a Senior Consultant, Strategy, Growth and Transformation on the Cyber team, you will be responsible for:

• Designing and implementing AI governance operating models, intake workflows, risk tiering, approvals, documentation standards, exception handling, and audit-ready evidence processes for generative AI and agentic AI deployments.
• Building and maintaining inventories for models, agents, tools, data sources, and integrations, with defined ownership, intended use, risk classification, and change-control requirements.
• Conducting risk assessments across privacy, security, model risk, and misuse scenarios, including prompt injection, sensitive data exposure, excessive agency, and overreliance, and translating findings into implementable mitigations.
• Establishing technical control guidance for teams building agentic AI solutions, including human-in-the-loop patterns, tool access controls, retrieval and grounding practices, logging, monitoring, token and data minimization, and incident response playbooks.
• Integrating governance checkpoints into product and engineering delivery through architecture reviews, release gates, evaluation requirements, documentation automation, evidence capture, dashboards, and cross-functional collaboration with Cybersecurity, Privacy, Legal, Risk, Engineering, and Data Science teams.

A successful candidate would possess these skills:

• Ability to work independently and collaborate as part of a team
• Effective written and verbal communication skills
• Meticulous attention to detail and quality of work product
• Ability to build and sustain professional relationships
• Ability to lead projects or workstreams
• Ability to manage and prioritize multiple tasks in a fast-paced and dynamic environment
• Strong interpersonal skills and professional demeanor
• Ability to meet deadlines
• Ability to provide clear guidance to others

The team

You will join a cross-functional group working at the intersection of cyber, privacy, governance, and emerging AI delivery. The team helps organizations scale AI responsibly by combining governance and engineering patterns so teams can innovate faster without compromising trust.

Qualifications

Required:

• Bachelor's degree or equivalent practical experience.
• 4+ years of experience in AI governance, data privacy, security risk management, compliance and controls, AI product risk, model risk management, or technology risk consulting.
• Experience translating policies and regulatory expectations into operational workflows and artifacts, including intake processes, inventories, decision logs, risk registers, responsibility assignment matrices, playbooks, privacy impact assessments, and data protection impact assessments.
• Experience assessing AI, machine learning, and LLM deployment patterns, including training, retrieval-augmented generation, fine-tuning, tool use, data dependencies, and integration patterns, and defining mitigations for privacy, security, model risk, and misuse.
• Experience prototyping or automating governance workflows using Python or Structured Query Language and working with continuous integration and continuous deployment pipelines and cloud deployment basics.
• Ability to travel 0-50%, on average, based on the work you do and the clients and industries/sectors you serve.
• Limited immigration sponsorship may be available.

Preferred:

• Experience in consulting or a Big 4 environment.
• Experience operationalizing AI governance aligned to the National Institute of Standards and Technology AI Risk Management Framework or ISO/IEC 42001.
• Experience with generative AI safety and evaluation practices, including prompt injection testing, jailbreak resilience, hallucination measurement, toxicity scoring, harm scoring, and grounding effectiveness.
• Experience with governance, workflow, or ticketing platforms, including OneTrust and governance, risk, and compliance systems, and integrating those platforms into engineering delivery processes.
• Certifications such as Certified Information Privacy Professional/United States, Certified Information Privacy Manager, International Association of Privacy Professionals AI Governance Professional, Certified Information Security Manager, or Certified Information Systems Security Professional.
• Experience in cyber or enterprise security environments, including data security, identity, audit logging, secure software development lifecycle practices, human-in-the-loop escalation pathways, exception handling, and automated safety protocols for autonomous systems.

The wage range for this role takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs. The disclosed range estimate has not been adjusted for the applicable geographic differential associated with the location at which the position may be filled. At Deloitte, it is not typical for an individual to be hired at or near the top of the range for their role and compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range is $105,400 to $207,800.

You may also be eligible to participate in a discretionary annual incentive program, subject to the rules governing the program, whereby an award, if any, depends on various factors, including, without limitation, individual and organizational performance.

#CyberDTP27