Policy and Governance Graduate in City of London

The Head of AI Governance at Hays will be key to enabling safe and fast adoption of AI through pragmatic guardrails, clear approval pathways, and proportionate assurance. This role is central to balancing innovation with regulatory and ethical obligations in an industry where most key AI use cases are high-risk under the EU AI Act. The role ensures compliance with applicable AI laws (including the EU AI Act) and alignment to recognised frameworks (ISO/IEC 42001, NIST AI RMF), and manages AI risk across the Group in close partnership with the Director of Data Protection & AI Governance, Group Technology, AI and Procurement Counsel, Regional DPOs, Information Security, Legal, Compliance and Technology.

The role will play a critical role in managing AI risk, developing, and operationalising established Has AI policy and our Responsible AI Governance Framework, in the context of a rapidly evolving regulatory and technology landscape.

Key Stakeholders

• Group Senior Leadership – advise on AI compliance and risk and provide formal reports on AI governance posture.
• Director of Data Protection & AI Governance and Regional DPOs – align AI governance with data protection, coordinate joint assessments, and support consistent global standards.
• Group Technology, AI & Procurement Counsel – work closely on regulatory compliance, including the operationalisation of the Hays Responsible AI Governance Framework, and work jointly on key projects and initiatives.
• Regional Legal teams, Compliance, and IT Security Teams – ensure integrated controls are in place and effective.
• Technology, Data & Analytics, and Product Teams – partner on responsible design, development, and deployment of AI systems.
• Recruitment Consultants – support responsible use of AI in candidate sourcing, screening and decisioning, with appropriate human oversight.
• HR – support responsible and appropriate use of AI in internal human resource management and operations.
• External regulators, industry bodies, and peer networks – work with the Director of Data Protection & AI Governance to engage as required to represent Hays and stay ahead of developments.

Key Activities

• Governance & Policy: Work closely with Key Stakeholders to iterate, maintain, and embed the Group AI governance framework, policies, standards, and acceptable use guidance ensuring appropriate recognition of responsibilities as a deployer and provider of AI solutions.
• Maintain the Group AI inventory / register, ensuring alignment to regulatory requirements such as classification of AI systems and risk tiers.
• Define and operate AI intake, triage, and approval processes for new and existing AI use cases (in-house developed, vendor-supplied and embedded features).
• Provide regular formal reports on AI governance posture to the Director of Data Protection & AI Governance, and support on reporting to Executive Leadership Team and Audit and Risk Committee.
• Lead Hays to achieve ISO42001 certification and maintain ongoing compliance.

• Enablement, Advisory & Risk Management: Identify, assess, and mitigate AI risks across Group and regional projects, products, and operations.
• Conduct and oversee AI Risk Assessments (AIRAs), Fundamental Rights Impact Assessments (FRIAs), algorithmic bias / fairness assessments, and model risk reviews, working alongside the DPO team, Technology, AI and Procurement Legal Counsel, and regional Legal teams.
• Maintain and update AIRA and FRIA methodologies and supporting templates in line with regulatory requirements and business needs.
• Identify and deploy AI-specific controls and metrics to provide assurance across the Group, including model monitoring, human oversight, and transparency requirements.
• Act as a key point of contact for Technology, Information Security, and Data & Analytics teams on AI risk, ensuring close collaboration on shared priorities (e.g. data quality, model security, third-party AI risk, bias, and discrimination risk).
• Work with Key Stakeholders to integrate AI risk into the Group Enterprise Risk Management framework to ensure AI risk appetite is agreed and monitored.

• Regulatory Engagement: Work with Key Stakeholders to monitor and manage emerging regulatory developments in AI (EU AI Act, UK AI regulation, US state laws [such as Colorado AI Act, NYC Local Law 144, Illinois AI Video Interview Act, California ADMT regulations], APAC regimes [such as Australia AI Safety Standard, Japan METI AI Guidelines]) and translate them into actionable Group requirements.
• Support on multi-jurisdiction AI regulatory change and obligations management.
• Track and respond to relevant standards, codes of practice and regulator guidance.

• Training & Awareness: Drive and own Hays AI literacy programme across the Group and ensure literacy is appropriately scaled to adoption and use (across executive leadership, technology, recruitment consultants, HR).
• Design and deliver AI governance training and awareness programmes, including but not limited to AI literacy obligations under the EU AI Act.
• Proactively engage with high-risk teams (e.g. Technology, HR, Recruitment Consultants) to improve AI risk education and responsible-use practices.
• Coordinate with the DPO function to ensure consistency between AI and data protection training.

• Monitoring & Reporting: Identify, track and report AI governance metrics and KPIs to the Director of Data Protection & AI Governance and senior leadership, including coverage of the AI inventory, assessment completion, control effectiveness, and incident trends.
• Support in the ongoing monitoring and lifecycle management of key AI systems.
• Provide management information for Group governance forums, ELT and the Audit and Risk Committee.
• Support internal and external audit activity relating to AI.
• Develop and oversee a monitoring programme to review model performance and drift risk, transparency and explainability obligations, regular testing for bias & discrimination.

• AI Operations: Act as the Subject Matter Expert for AI-related queries, complaints, and incidents (e.g. allegations of bias, automated decision-making concerns, AI-related data subject rights matters).
• Coordinate AI incident response with Information Security, the DPO team, and Communications and maintain appropriate records.
• Act as super-user for AI governance technology and tooling and lead on the roll-out and integration of new tools across DPO, Legal, Risk and Technology teams.
• Support the Group Technology, AI, and Procurement Counsel to oversee third-party AI risk, including vendor due diligence, contractual safeguards, and ongoing supplier monitoring.
• Ensure sufficient notice, transparency and explanations on use of AI and the associated rights, are provided to candidates, employees, and clients.

Knowledge, skills, qualifications, and experience

• In-depth knowledge of global AI laws and emerging AI governance frameworks (EU AI Act, ISO/IEC 42001, NIST AI RMF, OECD principles).
• Global data protection laws and their interaction with AI (GDPR Article 22, automated decision-making, profiling).
• AIRA methodologies, including bias, fairness, explainability and human oversight considerations.
• AI technologies and the AI/ML lifecycle, including generative AI, foundation models, and traditional ML.
• The recruitment industry and/or equivalent highly regulated industry.
• Working in global multi-jurisdictional environments.
• Recruitment practices and Hays organisational knowledge is desirable.

Qualifications:

• Professional certifications highly desirable (e.g. IAPP AIGP, ISO/IEC 42001 Lead Implementer, CIPP/E, CIPM).
• Degree in a related field (Computer Science, Compliance, Data, AI, Technology, etc.).

Skills and Competencies

• Pragmatic Judgement: Ability to make timely risk-based calls under regulatory ambiguity.
• Technical Acumen: Strong understanding of emerging technology, data flows, security controls, model behaviour, and AI tooling.
• Stakeholder Management & influencing: Strong influencing and relationship-building skills across diverse cultures and disciplines (legal, technical, and commercial) often without direct authority.
• Communication: Clear and persuasive verbal and written communication for senior stakeholders, including the ability to translate technical AI concepts for non-technical audiences.
• Leadership & Ownership: Ability to take accountability for AI risk across a complex, global business.
• Project Management: Ability to deliver change, manage issues and risks, and create and execute plans across multiple workstreams.
• Analytical Capability: Excellent risk analysis, problem-solving, and judgement skills.
• Resilience & Adaptability: Ability to manage a fast-moving regulatory and technology environment alongside competing business demands.
• Ethics & Integrity: Exceptional ethical standards, and an ability to apply ethics & integrity practically and pragmatically to support technical designs, testing and implementation of AI use cases across the Group.

At Hays, we share a passion for creating a culture of opportunities for our people to flourish and succeed, whatever your background. We know that diversity of perspective and an inclusive approach, which encourages those experiences and views to be heard, is great for business and therefore your career.