Role: AI GRC Director
Location: Hyderabad or Mumbai
Job ID: B-26035
EC-Council is the world’s largest cyber security technical certification body. We operate in 145 countries globally and we are the owner and developer of various world-famous cyber security programs. We are proud to have trained and certified over 400,000 information security professionals globally that have influenced the cyber security mindset of countless organizations worldwide.
www.eccouncil.org
Position Overview
The AI GRC Director is a senior leadership role responsible for establishing, leading, and continuously improving the organization’s Artificial Intelligence Governance, Risk, and Compliance framework. This role ensures that all AI systems are developed, deployed, and operated in a manner that is safe, ethical, legally compliant, and aligned with business objectives.
Key Responsibilities
01 · AI Governance Framework Design & Strategy
-
Lead structured current-state AI governance assessments — evaluating policies, accountability structures, model lifecycle processes, data governance, and risk practices against ISO/IEC 42001, NIST AI RMF, and global regulatory benchmarks.
-
Design future-state AI governance frameworks — including risk policies, accountability matrices, model governance standards, ethics principles, and control libraries tailored to client risk appetite and sector context.
-
Develop target operating model (TOM) designs for client AI governance functions — defining roles, governance committee structures, decision rights, and escalation frameworks.
-
Build and present board-quality roadmaps from current state to future state — with prioritised initiatives, milestones, resource requirements, and business case justification.
-
Author governance artefacts from scratch: AI risk registers, policy templates, model cards, data governance standards, and board-level AI reporting frameworks.
02 Operationalisation & Control Testing
-
Translate governance framework designs into operational controls — working hands-on with client AI/ML teams, data engineering, and risk functions to embed governance in day-to-day practice.
-
Design and execute Test of Design (ToD) — validating that AI governance controls are appropriately structured, sufficiently scoped, and logically capable of addressing identified risks and regulatory obligations.
-
Design and execute Test of Effectiveness (ToE) — evidence-based assessment of whether controls are operating as intended, including sampling methodologies, evidence collection, walkthroughs, and gap remediation.
-
Establish AI governance monitoring frameworks — KRIs, control dashboards, model performance thresholds, and escalation triggers integrated into client risk management ecosystems.
-
Deliver AI governance training for boards, risk committees, model owners, and data science teams.
03 ·Hands-On AI & Requirements Engagement
-
Engage directly with client AI/ML systems — reviewing model documentation, training pipelines, data governance artefacts, MLOps configurations, and inference monitoring to ground governance assessments in technical reality.
-
Develop AI governance requirements specifications — translating regulatory obligations and risk appetite into actionable technical and process requirements for client AI development teams.
-
Author test given criteria, acceptance criteria, and prerequisites for AI governance control validation across model risk, data privacy, bias and fairness, explainability, and AI security domains.
-
Lead shadow AI discovery exercises and AI Bill of Materials (AI-BOM) development — inventorying undocumented AI systems, third-party AI usage, and model provenance.
-
Maintain active knowledge of agentic AI, LLM governance, AI supply chain risks, and emerging global regulatory developments — translating these into client advisories and practice IP.
04 ·Go-To-Market & Sales Leadership
-
Own and execute the GTM strategy for EGS's AI Governance practice — defining target segments, value propositions, sales plays, and channel approach across direct, partner, and MSSP routes globally.
-
Lead client development and pipeline management — identifying, qualifying, and closing AI governance engagements from rapid assessments through to multi-year advisory retainers.
-
Develop compelling proposals, Statements of Work (SoW), and pricing models that reflect the value of EGS's unique certification ecosystem advantage.
-
Build and sustain executive-level relationships with CISOs, Chief Risk Officers, Chief Data Officers, General Counsel, and boards — positioning EGS as the trusted AI governance partner of choice.
-
Represent EGS at industry forums, regulatory engagements, analyst briefings, and thought leadership events — contributing to white papers, public consultations, and new certification product design.
-
Collaborate with EC-Council's certification and training product teams to align advisory offerings with the certification portfolio (CGRC, AI governance certifications) and drive cross-sell revenue.
05 ·Practice & Team Leadership
-
Build, mentor, and lead a team of 3 AI Governance Consultants — setting quality standards, managing utilisation and delivery, and developing team career pathways.
-
Establish the AI Governance Practice's methodology, toolkit, and delivery standards — creating repeatable, scalable engagement models that can be leveraged across global markets.
-
Contribute to EC-Council's ADG (Adopt, Defend, Govern) Framework and AI Security Advisory Board — including whitepaper authorship, research outputs, and advisory panel participation.
-
Monitor and report on practice performance: revenue, margin, utilisation, client satisfaction, and strategic pipeline metrics.
About Our Culture
EC-Council is driven by a mission to strengthen global cybersecurity capability and advance the profession of ethical hacking and information security. Our teams operate across regions and cultures, united by integrity, professionalism, and a commitment to meaningful impact. Continuous learning and accountability are encouraged, empowering individuals to take ownership of their contributions. Respect, trust, and ethical conduct guide how we work with colleagues, partners, and the global cybersecurity community.
Additional Information
EC-Council is an equal opportunity workplace and an affirmative action employer. We are committed to providing equal employment opportunities regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, or veteran status. We do not discriminate based on these or any other characteristics protected by applicable laws or regulations in the locations where we operate.
EC-Council is dedicated to working with and providing reasonable accommodations to individuals with disabilities. If you have a medical condition or disability that limits your ability to complete any part of the application process and require reasonable accommodation, please contact us at
[email protected] and let us know how we can assist.
To be eligible for this position, candidates must be able to provide proof that they are either a citizen of the country or have legal authorization to work in the country where the position is posted and are currently residing there. EC-Council does not offer employment to ineligible candidates and reserves the right to revoke employment in case the candidate loses the authorization to work.
If, as part of the recruitment process, you are required to complete or submit any form of work, project, case study, or assignment, please note that such material will be considered the exclusive property of EC-Council. By submitting such work, you acknowledge that EC-Council retains all rights, title, and interest in the submitted content, including any intellectual property contained therein.
Candidates further waive any intellectual property or moral rights in such submissions, confirm that the work is original and free of third-party infringement, and acknowledge that it is provided solely for evaluation purposes, with no ownership or other rights retained.
Our Privacy Policy outlines how we collect, use, store, and protect your personal data during the recruitment process. This may include information such as your name, contact details, employment history, qualifications, and any other details you provide as part of your application. All data is handled in compliance with applicable data protection and privacy regulations.
Please review our policy here: EC-Council Privacy Policy- User & company | Data Protection. Submission of your application will be considered as your acceptance of the terms stated above.
