Senior Cybersecurity AI Risk and Governance Consultant

Senior Cybersecurity AI Risk and Governance Consultant

Location: Katowice - 2 days office / 3 days remote

Let us introduce you the job offer by EY GDS Poland – a member of the global integrated service delivery center network by EY.

The opportunity

As a Senior Consultant within our Cybersecurity, Risk, Compliance & Resilience (CRCR) competency, you will support EY clients in the design, assessment, and implementation of AI governance and AI risk management frameworks, enabling the responsible, secure, and compliant adoption of AI across the enterprise.

Your key responsibilities

As Senior Cybersecurity AI Risk and Governance Consultant, you will help organizations evaluate the maturity, effectiveness, and compliance of AI systems against emerging AI regulations, ethical principles, and industry standards, aligning AI initiatives with business strategy and regulatory expectations.

In addition to governance and compliance assessments, you will lead or contribute to AI risk identification, risk assessment, and risk treatment activities, including AI security risks, model risks, data risks, and third‑party AI risks. You will support the development of AI control frameworks, operating models, and AI risk mitigation plans, ensuring that AI-enabled solutions remain trustworthy, transparent, and resilient.

Skills and attributes for success

Minimum 5 years of experience in cybersecurity or emerging technology risk management or governance, with hands-on experience or strong exposure to AI-related governance and risk topics, including but not limited to:

• Designing and assessing AI governance frameworks, policies, and controls aligned with regulatory and ethical requirements
• Performing AI risk assessments, including risks related to model risk, data quality and data privacy, AI security threats

• Assessing conformity with standards, regulations, and frameworks
• Supporting the implementation of risk treatment and control remediation plans for AI systems
• Experience or understanding of Third-Party Risk Management (TPRM) in the context of AI vendors, foundation models, and AI solutions
• Strong understanding of emerging AI regulatory risks and being able to recommend effective control solutions
• Exceptional stakeholder management and leadership skills, including guiding junior risk analysts and engaging with senior client stakeholders
• Demonstrate excellent interpersonal skills, inspire teamwork and responsibility with engagement team members

To qualify for the role, you must have

• Excellent command of the English language, other European language would be an asset
• Analytical and problem-solving ability, ability to work effectively as a team member or as individual contributor, observant with an eye for detail
• Ability to develop, review, and challenge AI-related policies, standards, procedures, and control designs
• Confidence in communicating complex AI risks, regulatory requirements, and technical concepts to non-technical audiences, including executive management

Ideally, you’ll also have

• One or more certificate from the following: AAISM, AAIR, ISO/IEC 42001 Lead Implementer, CISSP, CISM, CRISC, ISO/IEC 27001 Lead Implementer, ISO/IEC 27005 Risk Manager, or any other recognized and equivalent certification in risk management, and cybersecurity governance
• Experience working with AI governance operating models, including roles and responsibilities, oversight forums, and lifecycle controls
• Knowledge of AI-related regulatory requirements, including EU AI Act, GDPR in AI context, DORA and NIS2, where applicable to AI-enabled environments

What we look for

We look for professionals who can bridge technology, risk, and regulation with confidence to shape secure and compliant AI. You bring a strong risk mindset, curiosity about emerging AI technologies, and the ability to turn complex AI risks into clear, practical guidance for cybersecurity leaders. Above all, you’re motivated to help organizations innovate responsibly while meeting the highest standards of governance and trust.

What we offer

EY Global Delivery Services (GDS) is a dynamic and truly global delivery network. We work across nine locations –  Argentina, Hungary, India, the Philippines, Poland, Sri Lanka, Mexico, Spain and the United Kingdom – and with teams from all EY service lines, geographies and sectors, playing a vital role in the delivery of the EY growth strategy. From accountants to coders to advisory consultants, we offer a wide variety of fulfilling career opportunities that span all business disciplines. In GDS, you will collaborate with EY teams on exciting projects and work with well-known brands from across the globe. We’ll introduce you to an ever-expanding ecosystem of people, learning, skills and insights that will stay with you throughout your career.

• Continuous learning: You’ll develop the mindset and skills to navigate whatever comes next.
• Success as defined by you: We’ll provide the tools and flexibility, so you can make a meaningful impact, your way.
• Transformative leadership: We’ll give you the insights, coaching and confidence to be the leader the world needs.
• Diverse and inclusive culture: You’ll be embraced for who you are and empowered to use your voice to help others find theirs.

About EY

EY | Building a better working world

EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.

Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.

Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

If you can demonstrate that you meet the criteria above, please contact us as soon as possible.

The exceptional EY experience. It’s yours to build.

In compliance with the requirements of the Whistleblower Protection Act, our company has established the Procedure for reporting breaches of law and undertaking appropriate follow-up actions. Any misconduct should be reported through the EY Ethics Hotline.