AI Governance Specialist

AI Governance Specialist
Role Purpose
To establish and operationalize the foundational AI governance framework at Ipoteka Bank, adapting HQ (OTP Group) standards and governance guidelines to local regulatory, organizational, and process realities. The role anchors the bank's AI governance stream during its formation phase and scales it as the AI/GenAI portfolio matures.
Key Responsibilities
AI Governance Framework

• Build out the bank's AI governance framework: policies, standards, control catalog, governance forums, and decision-making processes.
• Localize HQ-provided AI governance standards and guidelines to Ipoteka Bank's organizational structure, internal regulations, and CBU requirements (incl. Article 27-1 constraints on data localization).
• Maintain the AI policy stack: Acceptable Use, Model Development & Deployment, GenAI Usage, Third-Party AI, Data Use in AI.
• Model Governance & Lifecycle Controls
• Define and implement the model lifecycle governance process: intake, risk-tiering, validation, approval, deployment, monitoring, and retirement.
• Maintain the AI/GenAI model inventory and ensure documentation standards (model cards, data sheets, validation reports) are met across the AI initiatives.
• Coordinate model validation activities with Risk and Internal Audit.

AI Risk Management

• Operate the AI risk taxonomy and risk assessment methodology (bias, robustness, explainability, data leakage, hallucination, third-party dependency, regulatory).
• Run risk assessments for new AI use cases as part of the intake process and define mitigating controls.
• Track residual risk, escalations, and remediation through to closure.
• Cross-Functional Coordination (Governance Stream)
• Act as the single coordination point for the AI governance stream across Risk, Legal, Compliance, Cybersecurity, and Information Security.
• Drive joint workstreams on PII handling (Law №547-I), DLP for GenAI tooling (AI gateway), data classification, and incident response for AI systems.
• Prepare materials and decisions for the AI governance forum / architectural committee.

Security & Compliance Integration

• Translate HQ and local security requirements into AI-specific controls (model access, secrets, prompt/response logging, audit trails, gateway-level enforcement).
• Ensure compliance reviews are embedded in the AI delivery process (development → pre-prod → production).
• Support regulatory reporting and supervisory dialogue on AI matters.
• Responsible AI / AI Ethics (Evolving Scope)
• In the initial phase, cover AI ethics within the broader governance stream jointly with Risk, Legal, Compliance, Cybersecurity, and InfoSec.
• As the AI function matures and the GenAI use-case portfolio grows, formalize the Responsible AI / AI Ethics function, expand its scope, and build out dedicated principles, review processes, and disclosure standards.

Candidate Profile
Must-have

• 5+ years in risk, compliance, model risk management, or technology governance — preferably in banking or financial services.
• Hands-on experience building or operating governance frameworks (model risk, operational risk, IT/cyber, or AI governance).
• Working knowledge of AI/ML and GenAI concepts sufficient to engage with technical teams substantively (model lifecycle, evaluation, RAG, agents, LLM gateways).
• Familiarity with relevant regulatory and standards landscape: CBU regulations, Law №547-I on Personal Data Protection, EU AI Act, NIST AI RMF, ISO/IEC 42001, ISO/IEC 23894.
• Strong stakeholder management across Risk, Legal, Compliance, Cyber, InfoSec, and business functions.
• Fluent Russian; working English for HQ (OTP Group) interaction.

Nice-to-have

• Prior experience implementing model risk management frameworks.
• Exposure to GenAI-specific risks (prompt injection, data exfiltration via LLM, third-party model risk).
• Experience adapting Group-level standards to local subsidiary contexts.
• Background in audit, supervisory dialogue, or board-level reporting.