AI Governance Lead
Reporting to: Group Director of Information Security
Team: Information Security
Location: Hybrid
Grade / Authority: Senior Individual Contributor with governance authority by remit
Role Purpose
To own and drive AI governance at Citation Group, ensuring that AI adoption is fast, safe, and accountable. This role exists to make governance happen, not to slow down innovation.
The successful candidate will be technically credible, confident in challenging senior stakeholders, and capable of performing deep, multi-layered AI risk assessments.
This role provides the assurance layer that enables Citation’s AI Innovation pillar to move at pace within a controlled and defensible framework.
Key Responsibilities
Integration Risk Assessment
* Lead and perform risk assessments across all AI use cases, including new tools, workflows, and platform integrations, assessing each against the company's risk framework. Integrations require technical depth and will form a significant part of the role.
* Develop a deep working understanding of how MCP servers, API connections, and OAuth permission scopes function in practice, and what each means for data exposure and system integrity.
* Work from minimal information provided by requesters, proactively identifying the right questions to ask and the right evidence to seek, to produce an actionable risk assessment.
Service Transition
* Include operational readiness as a component of AI risk assessment, ensuring that the continued support, maintenance, monitoring and ownership of new AI solutions are considered.
* Work with the AI team and IT Service Desk to ensure AI governance considerations are factored into service transition planning.
* Recognise that AI tools evolve continuously, with vendor updates, new features, and capability changes potentially altering the risk profile. This should be reflected in ongoing AI asset management.
AI Asset Management
* Ensure the AI asset register is maintained, accurate, and current in line with the AI policy.
* Oversee the full lifecycle of AI assets, from initial request through approval, deployment, change, and decommission.
* Provide regular assurance to the Director of Information Security on the completeness and accuracy of the register.
* Make proactive use of available tooling to monitor AI usage across the business, identifying shadow deployments, ungoverned integrations, and usage patterns that present a risk.
AI Governance
* Chair the AI Governance Committee, bringing together key business stakeholders to oversee AI risk, policy, and compliance on a regular basis.
* Set the agenda, drive actions to completion, and ensure the committee leads by example in driving compliance.
* Contribute to shaping the AI governance framework over time, working with the AI team and wider business to foster a culture where AI is adopted responsibly and governance is seen as an enabler rather than a blocker.
* Maintain the organisation’s AI policy, working collaboratively with the AI governance committee to ensure it remains current, practical, and enforceable.
* Translate regulatory developments, including the EU AI Act, ICO guidance, and ISO 42001 into policy updates and practical governance actions.
* Drive awareness and adherence to AI policy across the business, working with relevant teams on guidelines and training.
Required Experience and Skills
* Technical Background: A solid technical foundation with a genuine understanding of AI technologies, including LLMs, agentic AI, MCP servers, APIs, OAuth permission scopes, and AI integrations. Ability to identify and articulate risks that requesters have not considered and to interrogate vendor security documentation independently.
* Risk Experience: Demonstrable experience assessing and managing technology risks involving new tools and integrations, ideally including AI integration scenarios involving critical business systems.
* Confidence and Gravitas: Comfortable challenging senior stakeholders and being clear on governance requirements, regardless of pressure or pace.
* Ownership Mindset: A completer finisher who follows through on detail, builds things that last, and does not leave governance tasks half done with minimal supervision.
* AI Literacy: A working understanding of AI core principles and the unique risks they present, including hallucinations, bias, data leakage, agentic behaviour, and lack of explainability.
* Regulatory Awareness: Working knowledge of the emerging AI regulatory landscape, including the EU AI Act and ISO 42001, and the ability to translate requirements into practical governance actions.
* Adaptability: Comfortable operating in a fast-moving and unpredictable landscape where the technology, risks, and the regulatory environment are all evolving simultaneously. Willing to challenge their own assumptions and adapt their approach as the AI space develops. This role would suit someone moving from a traditional technical risk or security background who has a genuine passion for AI.
About Us
We are Citation. We are far from your average service provider. Our colleagues bring their brilliant selves to work every day and we create an environment where they can shine. We are a nice bunch. We don’t do office politics or “that’s not my job”. We listen, support and take ownership.
We have been proudly delivering valuable HR and Health and Safety services to SMEs across the UK for over 20 years. Passionate about service, we’re on a mission to revolutionise our colleagues’ and clients’ experience by employing brilliant people who are experts at what they do and smile whilst they are doing it.
Working for Citation you will have access to 25 days holiday, plus your birthday off work, gym membership discount, healthcare, childcare vouchers, the opportunity to purchase extra leave, pension contributions and more.
It’s a great place to work because of the people we employ. Fun and professional, we want likeminded individuals who love to love their job (no ‘mood hoovers’ here thanks!) and want the Company to succeed.
So, if our culture sounds like a good fit for you and you want to be part of our success story, then send us your details.