Manager of Risk & Governance
San Francisco, CA, USA · New York, NY, USA
Our Mission
Reflection is a research lab making intelligence open and accessible for everyone to use, customize, and build on. We build open models that let anyone control their intelligence and help shape the future of AI. Our mission: make intelligence open and accessible to all.
Role Overview
The Head of Risk & Trust Governance is responsible for designing, operating, and continuously maturing the organization's enterprise risk management and control environment. This leader owns the full lifecycle of risk governance — from obligation identification and control architecture to risk measurement, reporting, and external representation — ensuring the organization operates within its stated risk appetite while advancing its strategic objectives.
Sitting at the intersection of risk, compliance, technology, and AI safety, this role is uniquely positioned to shape how the organization understands and responds to a dynamic regulatory and operational risk landscape. The ideal candidate brings deep expertise in enterprise risk frameworks, a systems-level perspective on controls design, and the executive presence to represent the organization's risk posture to regulators, customers, and other critical external stakeholders.
This is a high-visibility, high-impact role that operates across all business functions. Success requires the ability to translate complex risk concepts into actionable governance structures, influence without direct authority, and build trusted relationships internally and externally.
What You'll Do
Control Environment & Risk Framework Architecture
Architect and govern a control environment that drives efficient, prioritized adherence to organizational obligations in alignment with management's objectives and stated risk appetite.
Design and continuously operate an enterprise risk management framework spanning risk identification, measurement, mitigation, monitoring, and reporting — contextualized against the organization's obligations, objectives, and risk tolerance.
Establish a disciplined approach to risk prioritization that balances operational efficiency with the rigor required to address high-severity exposures across the enterprise.
Policy, Standards & Controls Governance
Architect and govern the organization's policy and standards issuance lifecycle, ensuring timely coverage of emerging obligations and strategic priorities.
Oversee the design, implementation, and ongoing operation of controls and guardrails that drive adherence to obligations and objectives within defined risk appetite thresholds.
Develop and maintain a structured controls taxonomy and policy hierarchy, ensuring alignment, traceability, and clear ownership across the enterprise.
Enterprise Inventories & Ecosystem Oversight
Own and maintain the enterprise risk registry and control inventory, ensuring completeness, accuracy, and operationalization across all relevant functions.
Provide oversight over the design, quality, and utilization of key risk-related ecosystem inventories, including data inventories, IT asset inventories, and other foundational records management infrastructure.
Champion data quality and governance standards across risk-related inventories, enabling confident risk measurement and management decisions.
Risk Reporting & Executive Communication
Develop and maintain executive-quality reporting on enterprise risk posture, policy and standards coverage, and the efficacy of regulatory and risk-driven controls.
Contextualize risk reporting against the organization's obligations, objectives, and risk appetite — enabling senior leadership and the Board to make well-informed decisions.
Drive continuous improvement of risk metrics, dashboards, and reporting cadences to reflect evolving organizational priorities and stakeholder needs.
AI Governance & Ethics
Coordinate with the Head of AI Governance (in Legal) to manage AI risk.
Own and maintain the AI use-case inventory and the AI use-case risk and ethics evaluation framework, including use-case tiering and risk classification methodologies.
Ensure AI governance practices are aligned with regulatory expectations, ethical principles, and enterprise risk appetite, and that evaluation frameworks evolve in step with the rapidly changing AI landscape.
Partner with product, engineering, legal, and compliance stakeholders to embed AI risk considerations into the design and deployment of AI systems.
External Engagement & Regulatory Representation
Represent the organization on risk, governance, and AI safety topics in interactions with regulators, customers, auditors, and other external stakeholders.
Lead or contribute to the negotiation of contracts, agreements, and licenses with risk and compliance implications, advocating for risk-informed terms and organizational protections.
Monitor the external regulatory and industry landscape to anticipate emerging obligations, translate new requirements into actionable internal frameworks, and proactively position the organization ahead of compliance deadlines.
What We're Looking For
Experience & Background
20+ years of progressive experience in enterprise risk management, compliance, internal audit, or a closely related governance discipline.
Demonstrated track record of designing, implementing, and maturing enterprise risk management frameworks and control environments at scale.
Prior experience owning or significantly contributing to policy and standards governance programs, including the lifecycle management of policies, standards, and controls.
Meaningful exposure to AI governance, responsible AI, or technology risk — with working knowledge of AI risk and ethics frameworks, use-case evaluation methodologies, and emerging AI regulation.
Experience engaging with external regulators, auditors, or enterprise customers on risk and compliance topics; including participation in regulatory examinations, customer due diligence processes, or contract negotiations.
Skills & Capabilities
Exceptional ability to design and communicate governance structures, risk frameworks, and control architectures to both technical and non-technical audiences.
Strong analytical and systems-thinking skills, with the ability to synthesize complex risk landscapes into clear, prioritized frameworks and actionable recommendations.
Demonstrated ability to build and maintain inventories and registries (risk, control, data, asset) with a strong focus on data quality, usability, and organizational adoption.
Excellent written and verbal communication skills, including the ability to develop executive-quality risk reporting and represent the organization credibly in high-stakes external conversations.
Proven ability to influence cross-functional stakeholders and drive alignment on governance priorities without direct authority.
Mindset & Approach
A risk practitioner who operates with both rigor and pragmatism — focused on building governance infrastructure that is operationally effective, not just technically compliant.
Intellectually curious and adaptive, with a commitment to staying current on evolving regulatory requirements, risk management best practices, and AI governance developments.
A trusted, credible voice — internally with leadership and cross-functional partners, and externally with regulators, customers, and the broader governance community.
Highly collaborative and organizationally astute, with the ability to navigate complex stakeholder environments and build durable governance partnerships across the enterprise.
Motivated by building — comfortable operating in ambiguous, fast-moving environments where governance structures are maturing and the work requires both strategic vision and hands-on execution.
What We Offer:
We believe that to make intelligence open and accessible to all, you need to start at the foundation. Joining Reflection means building from the ground up as part of a talent-dense team. You will help define our future as a company, and help define the future of open foundational models.
We want you to do the most impactful work of your career with the confidence that you and the people you care about most are supported.
Top-tier compensation: Salary and equity structured to recognize and retain our talent globally.
Stock options: Everyone who joins and contributes to Reflection's success gets to share in the upside through stock options.
Health & wellness: Comprehensive medical, dental, vision, and life, with an annual wellness allowance.
Meals: Lunch and dinner are provided in the office daily.
Life & family: 22 weeks paid parental leave for all new birthing and non-birthing parents, including adoptive and surrogate journeys.
Vacation days: Unlimited paid time off in the U.S. and 30 days in the U.K.
Sponsorship support: We sponsor visas to help exceptional talent join our team and support long-term immigration pathways where applicable.
Team building: We have regular off-sites, happy hours, and team celebrations.
Export Control Notice: This position may require access to technology or source code subject to the U.S. Export Administration Regulations. Any offer of employment for this role may be conditioned on the Company's ability to provide the candidate with access to such technology or source code in compliance with applicable U.S. export control laws, which may require the Company to seek government authorization.