Skip to content
Career Path
July 2026 Edition.Detailed roadmapMonthly research refresh

Data Governance and AI Risk Analyst

Make data and AI systems trustworthy through governance, quality, lineage, controls, evaluation, and risk documentation.

$90K-$164K
US base range
9-29% growth
growth signal
7 stages
Beginner to job-ready
6-12 months
Full-time timeline

Data Governance and AI Risk Analyst salary ranges by market. US: $90K-$164K, source Robert Half 2026 data analysis/risk proxies; Europe: EUR 45K-110K, source Robert Half UK 2026 Data Governance/Enablement; India: INR 10L-30L, source ERI data/IT analyst governance proxy; China: CNY 505K-828K, source Robert Half China 2026 IT Auditor/data governance proxy; Remote: $75K-$170K, source Remote risk, governance, and analytics proxy. Salary ranges are shown by market because one global average would mislead learners. Ranges are annual base or fixed cash proxies unless the source states otherwise.

Salary range

Annual base or fixed cash

$90K-$164K
US market/Annual range

Scope

Annual base or fixed cash range. Equity, bonus, tax, benefits, city tier, company tier, and seniority can move the final offer materially.

Market note

US proxy uses data analysis manager, AI/ML analyst, business systems, and risk/governance-adjacent salary rows.

Salary ranges are shown by market because one global average would mislead learners. Ranges are annual base or fixed cash proxies unless the source states otherwise.

View source
01
01

Data governance foundations

2-3 weeks

Learn ownership, definitions, policies, stewardship, catalogs, and operating models.

02
02

Data quality and controls

3-4 weeks

Design checks for completeness, freshness, validity, consistency, and business rules.

03
03

Lineage and metadata

2-3 weeks

Trace where data comes from, how it changes, who owns it, and where it is used.

04
04

Privacy and access

3-4 weeks

Manage sensitive data, permissions, retention, minimization, and audit trails.

05
05

AI risk and evaluation

3-4 weeks

Evaluate model behavior, prompt injection, bias, hallucination, and human-review workflows.

06
06

Regulatory and business context

2-3 weeks

Connect controls to industry obligations, risk appetite, and business processes.

07
07

Portfolio and interviews

2-4 weeks

Build a governance case study with lineage, controls, risk register, and remediation plan.

Complete topic index

Full definitions, proof artifacts, LDS resources, and external references for every roadmap topic.

View
01

Data governance foundations

2-3 weeks

Ownership

core

Data governance foundations: Learn ownership, definitions, policies, stewardship, catalogs, and operating models.

What it is

Metadata and lineage explain what data exists, who owns it, how it changes, where it flows, and which downstream assets depend on it.

Why it matters

Governance without operational metadata becomes policy theatre. Real users need searchable definitions, lineage for impact analysis, and owners who can fix broken data.

Proof to build

Document a mini data catalog: glossary, table owners, lineage diagram, access level, freshness SLA, and a downstream impact analysis for one schema change.

Policies

core

Data governance foundations: Learn ownership, definitions, policies, stewardship, catalogs, and operating models.

What it is

Metadata and lineage explain what data exists, who owns it, how it changes, where it flows, and which downstream assets depend on it.

Why it matters

Governance without operational metadata becomes policy theatre. Real users need searchable definitions, lineage for impact analysis, and owners who can fix broken data.

Proof to build

Document a mini data catalog: glossary, table owners, lineage diagram, access level, freshness SLA, and a downstream impact analysis for one schema change.

Catalogs

optional

Data governance foundations: Learn ownership, definitions, policies, stewardship, catalogs, and operating models.

What it is

Metadata and lineage explain what data exists, who owns it, how it changes, where it flows, and which downstream assets depend on it.

Why it matters

Governance without operational metadata becomes policy theatre. Real users need searchable definitions, lineage for impact analysis, and owners who can fix broken data.

Proof to build

Document a mini data catalog: glossary, table owners, lineage diagram, access level, freshness SLA, and a downstream impact analysis for one schema change.

Portfolio artifact

new

Create proof that this stage is more than passive study.

What it is

A data governance foundations portfolio artifact is a public proof piece for this stage: a small but complete deliverable that shows how a AI Risk Analyst frames the problem, chooses tools, validates the result, and explains the tradeoffs.

Why it matters

This is the work product that makes the stage credible. For Data Governance and AI Risk Analyst, the artifact should show inputs, assumptions, methods, validation, tradeoffs, and a decision-ready output rather than a tutorial clone.

Proof to build

Publish one data governance foundations artifact with README, inputs, assumptions, method, validation checks, screenshots or outputs, caveats, and a short summary of what the artifact proves for Data Governance and AI Risk Analyst readiness.

Interview signal

core

Know how this stage appears in screening, take-homes, and role-specific interviews.

What it is

The interview signal for data governance foundations is your ability to explain the work under pressure: assumptions, tradeoffs, failure modes, implementation choices, and how the output would help a real team decide what to do next.

Why it matters

Hiring teams need to see judgment, not just vocabulary. This topic turns data governance foundations into interview-ready stories, diagrams, live explanations, and examples that map to real AI Risk Analyst work.

Proof to build

Prepare a two-minute explanation, one diagram or query/notebook walkthrough, and three follow-up answers for this stage: why this approach, what could fail, and how you would improve it in production.

02

Data quality and controls

3-4 weeks

Quality rules

core

Data quality and controls: Design checks for completeness, freshness, validity, consistency, and business rules.

What it is

Data quality work defines expectations for completeness, freshness, validity, uniqueness, consistency, and business-rule compliance.

Why it matters

Every role that uses data depends on this layer. AI systems make the risk worse because bad source data can become automated bad decisions at scale.

Proof to build

Create tests for a small analytics pipeline: schema checks, null thresholds, accepted values, freshness, duplicate keys, and a failure runbook.

Controls

core

Data quality and controls: Design checks for completeness, freshness, validity, consistency, and business rules.

What it is

Data quality work defines expectations for completeness, freshness, validity, uniqueness, consistency, and business-rule compliance.

Why it matters

Every role that uses data depends on this layer. AI systems make the risk worse because bad source data can become automated bad decisions at scale.

Proof to build

Create tests for a small analytics pipeline: schema checks, null thresholds, accepted values, freshness, duplicate keys, and a failure runbook.

SLAs

optional

Data quality and controls: Design checks for completeness, freshness, validity, consistency, and business rules.

What it is

Data quality work defines expectations for completeness, freshness, validity, uniqueness, consistency, and business-rule compliance.

Why it matters

Every role that uses data depends on this layer. AI systems make the risk worse because bad source data can become automated bad decisions at scale.

Proof to build

Create tests for a small analytics pipeline: schema checks, null thresholds, accepted values, freshness, duplicate keys, and a failure runbook.

Portfolio artifact

new

Create proof that this stage is more than passive study.

What it is

A data quality and controls portfolio artifact is a public proof piece for this stage: a small but complete deliverable that shows how a AI Risk Analyst frames the problem, chooses tools, validates the result, and explains the tradeoffs.

Why it matters

This is the work product that makes the stage credible. For Data Governance and AI Risk Analyst, the artifact should show inputs, assumptions, methods, validation, tradeoffs, and a decision-ready output rather than a tutorial clone.

Proof to build

Publish one data quality and controls artifact with README, inputs, assumptions, method, validation checks, screenshots or outputs, caveats, and a short summary of what the artifact proves for Data Governance and AI Risk Analyst readiness.

Interview signal

core

Know how this stage appears in screening, take-homes, and role-specific interviews.

What it is

The interview signal for data quality and controls is your ability to explain the work under pressure: assumptions, tradeoffs, failure modes, implementation choices, and how the output would help a real team decide what to do next.

Why it matters

Hiring teams need to see judgment, not just vocabulary. This topic turns data quality and controls into interview-ready stories, diagrams, live explanations, and examples that map to real AI Risk Analyst work.

Proof to build

Prepare a two-minute explanation, one diagram or query/notebook walkthrough, and three follow-up answers for this stage: why this approach, what could fail, and how you would improve it in production.

03

Lineage and metadata

2-3 weeks

Lineage

core

Lineage and metadata: Trace where data comes from, how it changes, who owns it, and where it is used.

What it is

Metadata and lineage explain what data exists, who owns it, how it changes, where it flows, and which downstream assets depend on it.

Why it matters

Governance without operational metadata becomes policy theatre. Real users need searchable definitions, lineage for impact analysis, and owners who can fix broken data.

Proof to build

Document a mini data catalog: glossary, table owners, lineage diagram, access level, freshness SLA, and a downstream impact analysis for one schema change.

Metadata

core

Lineage and metadata: Trace where data comes from, how it changes, who owns it, and where it is used.

What it is

Metadata and lineage explain what data exists, who owns it, how it changes, where it flows, and which downstream assets depend on it.

Why it matters

Governance without operational metadata becomes policy theatre. Real users need searchable definitions, lineage for impact analysis, and owners who can fix broken data.

Proof to build

Document a mini data catalog: glossary, table owners, lineage diagram, access level, freshness SLA, and a downstream impact analysis for one schema change.

Impact analysis

optional

Lineage and metadata: Trace where data comes from, how it changes, who owns it, and where it is used.

What it is

Metadata and lineage explain what data exists, who owns it, how it changes, where it flows, and which downstream assets depend on it.

Why it matters

Governance without operational metadata becomes policy theatre. Real users need searchable definitions, lineage for impact analysis, and owners who can fix broken data.

Proof to build

Document a mini data catalog: glossary, table owners, lineage diagram, access level, freshness SLA, and a downstream impact analysis for one schema change.

Portfolio artifact

new

Create proof that this stage is more than passive study.

What it is

A lineage and metadata portfolio artifact is a public proof piece for this stage: a small but complete deliverable that shows how a AI Risk Analyst frames the problem, chooses tools, validates the result, and explains the tradeoffs.

Why it matters

This is the work product that makes the stage credible. For Data Governance and AI Risk Analyst, the artifact should show inputs, assumptions, methods, validation, tradeoffs, and a decision-ready output rather than a tutorial clone.

Proof to build

Publish one lineage and metadata artifact with README, inputs, assumptions, method, validation checks, screenshots or outputs, caveats, and a short summary of what the artifact proves for Data Governance and AI Risk Analyst readiness.

Interview signal

core

Know how this stage appears in screening, take-homes, and role-specific interviews.

What it is

The interview signal for lineage and metadata is your ability to explain the work under pressure: assumptions, tradeoffs, failure modes, implementation choices, and how the output would help a real team decide what to do next.

Why it matters

Hiring teams need to see judgment, not just vocabulary. This topic turns lineage and metadata into interview-ready stories, diagrams, live explanations, and examples that map to real AI Risk Analyst work.

Proof to build

Prepare a two-minute explanation, one diagram or query/notebook walkthrough, and three follow-up answers for this stage: why this approach, what could fail, and how you would improve it in production.

04

Privacy and access

3-4 weeks

Privacy

core

Privacy and access: Manage sensitive data, permissions, retention, minimization, and audit trails.

What it is

AI-ready data architecture extends the warehouse into feature pipelines, vector indexes, lakehouse tables, privacy controls, and data products that models can safely consume.

Why it matters

AI teams are constrained by data access, data quality, permissioning, and retrieval quality. The best architecture work makes model-facing data reliable before an ML or LLM team depends on it.

Proof to build

Design an AI data product with source tables, feature or embedding pipeline, access rules, freshness checks, and an evaluation query for retrieval or model input quality.

Access

core

Privacy and access: Manage sensitive data, permissions, retention, minimization, and audit trails.

What it is

Metadata and lineage explain what data exists, who owns it, how it changes, where it flows, and which downstream assets depend on it.

Why it matters

Governance without operational metadata becomes policy theatre. Real users need searchable definitions, lineage for impact analysis, and owners who can fix broken data.

Proof to build

Document a mini data catalog: glossary, table owners, lineage diagram, access level, freshness SLA, and a downstream impact analysis for one schema change.

Audit logs

optional

Privacy and access: Manage sensitive data, permissions, retention, minimization, and audit trails.

What it is

Privacy and access work controls who can use sensitive data, which fields are exposed, how activity is audited, and how long data is retained.

Why it matters

For healthcare, governance, and AI risk roles, privacy is not an optional ethics paragraph. It controls what data you can analyze, model, log, export, or show to downstream users.

Proof to build

Write a data-access plan with classification, approved users, de-identification approach, audit logging, retention, and a list of fields that must never enter prompts or notebooks.

Portfolio artifact

new

Create proof that this stage is more than passive study.

What it is

A privacy and access portfolio artifact is a public proof piece for this stage: a small but complete deliverable that shows how a AI Risk Analyst frames the problem, chooses tools, validates the result, and explains the tradeoffs.

Why it matters

This is the work product that makes the stage credible. For Data Governance and AI Risk Analyst, the artifact should show inputs, assumptions, methods, validation, tradeoffs, and a decision-ready output rather than a tutorial clone.

Proof to build

Publish one privacy and access artifact with README, inputs, assumptions, method, validation checks, screenshots or outputs, caveats, and a short summary of what the artifact proves for Data Governance and AI Risk Analyst readiness.

Interview signal

core

Know how this stage appears in screening, take-homes, and role-specific interviews.

What it is

The interview signal for privacy and access is your ability to explain the work under pressure: assumptions, tradeoffs, failure modes, implementation choices, and how the output would help a real team decide what to do next.

Why it matters

Hiring teams need to see judgment, not just vocabulary. This topic turns privacy and access into interview-ready stories, diagrams, live explanations, and examples that map to real AI Risk Analyst work.

Proof to build

Prepare a two-minute explanation, one diagram or query/notebook walkthrough, and three follow-up answers for this stage: why this approach, what could fail, and how you would improve it in production.

05

AI risk and evaluation

3-4 weeks

Evals

core

AI risk and evaluation: Evaluate model behavior, prompt injection, bias, hallucination, and human-review workflows.

What it is

Evaluation turns AI quality from opinion into a testable operating system: task datasets, rubrics, deterministic checks, judge models, regression gates, and human review where stakes are high.

Why it matters

The fastest way to lose user trust is to ship an AI feature with no way to notice quality drift. Evals are now a core skill for AI engineers, FDEs, applied scientists, and AI risk analysts.

Proof to build

Build a 30-50 case eval set for one AI workflow, run before/after scores, tag failures by root cause, and write a release decision that explains whether the system should ship.

Bias

core

AI risk and evaluation: Evaluate model behavior, prompt injection, bias, hallucination, and human-review workflows.

What it is

Evaluation turns AI quality from opinion into a testable operating system: task datasets, rubrics, deterministic checks, judge models, regression gates, and human review where stakes are high.

Why it matters

The fastest way to lose user trust is to ship an AI feature with no way to notice quality drift. Evals are now a core skill for AI engineers, FDEs, applied scientists, and AI risk analysts.

Proof to build

Build a 30-50 case eval set for one AI workflow, run before/after scores, tag failures by root cause, and write a release decision that explains whether the system should ship.

Guardrails

optional

AI risk and evaluation: Evaluate model behavior, prompt injection, bias, hallucination, and human-review workflows.

What it is

Evaluation turns AI quality from opinion into a testable operating system: task datasets, rubrics, deterministic checks, judge models, regression gates, and human review where stakes are high.

Why it matters

The fastest way to lose user trust is to ship an AI feature with no way to notice quality drift. Evals are now a core skill for AI engineers, FDEs, applied scientists, and AI risk analysts.

Proof to build

Build a 30-50 case eval set for one AI workflow, run before/after scores, tag failures by root cause, and write a release decision that explains whether the system should ship.

Portfolio artifact

new

Create proof that this stage is more than passive study.

What it is

A ai risk and evaluation portfolio artifact is a public proof piece for this stage: a small but complete deliverable that shows how a AI Risk Analyst frames the problem, chooses tools, validates the result, and explains the tradeoffs.

Why it matters

This is the work product that makes the stage credible. For Data Governance and AI Risk Analyst, the artifact should show inputs, assumptions, methods, validation, tradeoffs, and a decision-ready output rather than a tutorial clone.

Proof to build

Publish one ai risk and evaluation artifact with README, inputs, assumptions, method, validation checks, screenshots or outputs, caveats, and a short summary of what the artifact proves for Data Governance and AI Risk Analyst readiness.

Interview signal

core

Know how this stage appears in screening, take-homes, and role-specific interviews.

What it is

The interview signal for ai risk and evaluation is your ability to explain the work under pressure: assumptions, tradeoffs, failure modes, implementation choices, and how the output would help a real team decide what to do next.

Why it matters

Hiring teams need to see judgment, not just vocabulary. This topic turns ai risk and evaluation into interview-ready stories, diagrams, live explanations, and examples that map to real AI Risk Analyst work.

Proof to build

Prepare a two-minute explanation, one diagram or query/notebook walkthrough, and three follow-up answers for this stage: why this approach, what could fail, and how you would improve it in production.

06

Regulatory and business context

2-3 weeks

Compliance

core

Regulatory and business context: Connect controls to industry obligations, risk appetite, and business processes.

What it is

AI risk documentation connects model behavior, controls, owners, regulations, evidence, residual risk, and remediation plans.

Why it matters

AI governance is moving from principles to evidence. Teams need analysts who can translate model and data risks into controls a business, auditor, or regulator can inspect.

Proof to build

Build a risk register for one AI workflow with risks, impact, controls, evidence links, owner, review cadence, and open remediation items.

Risk registers

core

Regulatory and business context: Connect controls to industry obligations, risk appetite, and business processes.

What it is

AI risk documentation connects model behavior, controls, owners, regulations, evidence, residual risk, and remediation plans.

Why it matters

AI governance is moving from principles to evidence. Teams need analysts who can translate model and data risks into controls a business, auditor, or regulator can inspect.

Proof to build

Build a risk register for one AI workflow with risks, impact, controls, evidence links, owner, review cadence, and open remediation items.

Documentation

optional

Regulatory and business context: Connect controls to industry obligations, risk appetite, and business processes.

What it is

AI risk documentation connects model behavior, controls, owners, regulations, evidence, residual risk, and remediation plans.

Why it matters

AI governance is moving from principles to evidence. Teams need analysts who can translate model and data risks into controls a business, auditor, or regulator can inspect.

Proof to build

Build a risk register for one AI workflow with risks, impact, controls, evidence links, owner, review cadence, and open remediation items.

Portfolio artifact

new

Create proof that this stage is more than passive study.

What it is

A regulatory and business context portfolio artifact is a public proof piece for this stage: a small but complete deliverable that shows how a AI Risk Analyst frames the problem, chooses tools, validates the result, and explains the tradeoffs.

Why it matters

This is the work product that makes the stage credible. For Data Governance and AI Risk Analyst, the artifact should show inputs, assumptions, methods, validation, tradeoffs, and a decision-ready output rather than a tutorial clone.

Proof to build

Publish one regulatory and business context artifact with README, inputs, assumptions, method, validation checks, screenshots or outputs, caveats, and a short summary of what the artifact proves for Data Governance and AI Risk Analyst readiness.

Interview signal

core

Know how this stage appears in screening, take-homes, and role-specific interviews.

What it is

The interview signal for regulatory and business context is your ability to explain the work under pressure: assumptions, tradeoffs, failure modes, implementation choices, and how the output would help a real team decide what to do next.

Why it matters

Hiring teams need to see judgment, not just vocabulary. This topic turns regulatory and business context into interview-ready stories, diagrams, live explanations, and examples that map to real AI Risk Analyst work.

Proof to build

Prepare a two-minute explanation, one diagram or query/notebook walkthrough, and three follow-up answers for this stage: why this approach, what could fail, and how you would improve it in production.

07

Portfolio and interviews

2-4 weeks

Case study

core

Portfolio and interviews: Build a governance case study with lineage, controls, risk register, and remediation plan.

What it is

Portfolio and interview work turns learning into proof: a public artifact, decision memo, reproducible repo, diagram, dashboard, notebook, or interview story.

Why it matters

Hiring teams cannot infer readiness from a list of tools. They need evidence that you can frame a problem, make tradeoffs, validate your result, and explain the business impact.

Proof to build

Publish one role-specific artifact with README, assumptions, dataset notes, validation checks, screenshots, and a short hiring-manager summary of what the work proves.

Risk docs

core

Portfolio and interviews: Build a governance case study with lineage, controls, risk register, and remediation plan.

What it is

BI tooling turns governed data into dashboards, scorecards, drilldowns, alerts, permissions, refreshes, and recurring decision workflows.

Why it matters

Real BI value is not a pretty chart. It is a trusted operating surface that busy teams check without asking an analyst to explain every filter and caveat.

Proof to build

Build a dashboard case study with a metric dictionary, screenshot walkthrough, refresh plan, permission model, known caveats, and a QA checklist for the top numbers.

Stakeholder review

optional

Portfolio and interviews: Build a governance case study with lineage, controls, risk register, and remediation plan.

What it is

Stakeholder communication turns analysis into a decision path: audience, tradeoff, recommendation, risk, next action, and what would change the conclusion.

Why it matters

The best technical answer still fails when the business cannot act on it. Analysts, FDEs, OR practitioners, architects, and product analysts need to reduce ambiguity without hiding uncertainty.

Proof to build

Write a decision memo or presentation page with the recommendation, metric impact, risks, alternatives rejected, owner, timeline, and one follow-up question for stakeholders.

Portfolio artifact

new

Create proof that this stage is more than passive study.

What it is

A portfolio and interviews portfolio artifact is a public proof piece for this stage: a small but complete deliverable that shows how a AI Risk Analyst frames the problem, chooses tools, validates the result, and explains the tradeoffs.

Why it matters

This is the work product that makes the stage credible. For Data Governance and AI Risk Analyst, the artifact should show inputs, assumptions, methods, validation, tradeoffs, and a decision-ready output rather than a tutorial clone.

Proof to build

Publish one portfolio and interviews artifact with README, inputs, assumptions, method, validation checks, screenshots or outputs, caveats, and a short summary of what the artifact proves for Data Governance and AI Risk Analyst readiness.

Interview signal

core

Know how this stage appears in screening, take-homes, and role-specific interviews.

What it is

The interview signal for portfolio and interviews is your ability to explain the work under pressure: assumptions, tradeoffs, failure modes, implementation choices, and how the output would help a real team decide what to do next.

Why it matters

Hiring teams need to see judgment, not just vocabulary. This topic turns portfolio and interviews into interview-ready stories, diagrams, live explanations, and examples that map to real AI Risk Analyst work.

Proof to build

Prepare a two-minute explanation, one diagram or query/notebook walkthrough, and three follow-up answers for this stage: why this approach, what could fail, and how you would improve it in production.

Ready to start your path?

Start with the first stage, then build one artifact that proves the role in practice.