Career PathJuly 2026 Edition.Detailed roadmapMonthly research refresh
Data Governance and AI Risk Analyst
Make data and AI systems trustworthy through governance, quality, lineage, controls, evaluation, and risk documentation.
$90K-$164K
US base range
9-29% growth
growth signal
7 stages
Beginner to job-ready
6-12 months
Full-time timeline
Data Governance and AI Risk Analyst salary ranges by market. US: $90K-$164K, source Robert Half 2026 data analysis/risk proxies; Europe: EUR 45K-110K, source Robert Half UK 2026 Data Governance/Enablement; India: INR 10L-30L, source ERI data/IT analyst governance proxy; China: CNY 505K-828K, source Robert Half China 2026 IT Auditor/data governance proxy; Remote: $75K-$170K, source Remote risk, governance, and analytics proxy. Salary ranges are shown by market because one global average would mislead learners. Ranges are annual base or fixed cash proxies unless the source states otherwise.
Salary range
Annual base or fixed cash
$90K-$164K
US market/Annual range
Scope
Annual base or fixed cash range. Equity, bonus, tax, benefits, city tier, company tier, and seniority can move the final offer materially.
Market note
US proxy uses data analysis manager, AI/ML analyst, business systems, and risk/governance-adjacent salary rows.
Salary ranges are shown by market because one global average would mislead learners. Ranges are annual base or fixed cash proxies unless the source states otherwise.
Learn ownership, definitions, policies, stewardship, catalogs, and operating models.
02
02
Data quality and controls
3-4 weeks
Design checks for completeness, freshness, validity, consistency, and business rules.
03
03
Lineage and metadata
2-3 weeks
Trace where data comes from, how it changes, who owns it, and where it is used.
04
04
Privacy and access
3-4 weeks
Manage sensitive data, permissions, retention, minimization, and audit trails.
05
05
AI risk and evaluation
3-4 weeks
Evaluate model behavior, prompt injection, bias, hallucination, and human-review workflows.
06
06
Regulatory and business context
2-3 weeks
Connect controls to industry obligations, risk appetite, and business processes.
07
07
Portfolio and interviews
2-4 weeks
Build a governance case study with lineage, controls, risk register, and remediation plan.
Complete topic index
Full definitions, proof artifacts, LDS resources, and external references for every roadmap topic.
View
01
Data governance foundations
2-3 weeks
Ownership
core
Data governance foundations: Learn ownership, definitions, policies, stewardship, catalogs, and operating models.
What it is
Metadata and lineage explain what data exists, who owns it, how it changes, where it flows, and which downstream assets depend on it.
Why it matters
Governance without operational metadata becomes policy theatre. Real users need searchable definitions, lineage for impact analysis, and owners who can fix broken data.
Proof to build
Document a mini data catalog: glossary, table owners, lineage diagram, access level, freshness SLA, and a downstream impact analysis for one schema change.
Data governance foundations: Learn ownership, definitions, policies, stewardship, catalogs, and operating models.
What it is
Metadata and lineage explain what data exists, who owns it, how it changes, where it flows, and which downstream assets depend on it.
Why it matters
Governance without operational metadata becomes policy theatre. Real users need searchable definitions, lineage for impact analysis, and owners who can fix broken data.
Proof to build
Document a mini data catalog: glossary, table owners, lineage diagram, access level, freshness SLA, and a downstream impact analysis for one schema change.
Data governance foundations: Learn ownership, definitions, policies, stewardship, catalogs, and operating models.
What it is
Metadata and lineage explain what data exists, who owns it, how it changes, where it flows, and which downstream assets depend on it.
Why it matters
Governance without operational metadata becomes policy theatre. Real users need searchable definitions, lineage for impact analysis, and owners who can fix broken data.
Proof to build
Document a mini data catalog: glossary, table owners, lineage diagram, access level, freshness SLA, and a downstream impact analysis for one schema change.
Create proof that this stage is more than passive study.
What it is
A data governance foundations portfolio artifact is a public proof piece for this stage: a small but complete deliverable that shows how a AI Risk Analyst frames the problem, chooses tools, validates the result, and explains the tradeoffs.
Why it matters
This is the work product that makes the stage credible. For Data Governance and AI Risk Analyst, the artifact should show inputs, assumptions, methods, validation, tradeoffs, and a decision-ready output rather than a tutorial clone.
Proof to build
Publish one data governance foundations artifact with README, inputs, assumptions, method, validation checks, screenshots or outputs, caveats, and a short summary of what the artifact proves for Data Governance and AI Risk Analyst readiness.
Know how this stage appears in screening, take-homes, and role-specific interviews.
What it is
The interview signal for data governance foundations is your ability to explain the work under pressure: assumptions, tradeoffs, failure modes, implementation choices, and how the output would help a real team decide what to do next.
Why it matters
Hiring teams need to see judgment, not just vocabulary. This topic turns data governance foundations into interview-ready stories, diagrams, live explanations, and examples that map to real AI Risk Analyst work.
Proof to build
Prepare a two-minute explanation, one diagram or query/notebook walkthrough, and three follow-up answers for this stage: why this approach, what could fail, and how you would improve it in production.
Create proof that this stage is more than passive study.
What it is
A data quality and controls portfolio artifact is a public proof piece for this stage: a small but complete deliverable that shows how a AI Risk Analyst frames the problem, chooses tools, validates the result, and explains the tradeoffs.
Why it matters
This is the work product that makes the stage credible. For Data Governance and AI Risk Analyst, the artifact should show inputs, assumptions, methods, validation, tradeoffs, and a decision-ready output rather than a tutorial clone.
Proof to build
Publish one data quality and controls artifact with README, inputs, assumptions, method, validation checks, screenshots or outputs, caveats, and a short summary of what the artifact proves for Data Governance and AI Risk Analyst readiness.
Know how this stage appears in screening, take-homes, and role-specific interviews.
What it is
The interview signal for data quality and controls is your ability to explain the work under pressure: assumptions, tradeoffs, failure modes, implementation choices, and how the output would help a real team decide what to do next.
Why it matters
Hiring teams need to see judgment, not just vocabulary. This topic turns data quality and controls into interview-ready stories, diagrams, live explanations, and examples that map to real AI Risk Analyst work.
Proof to build
Prepare a two-minute explanation, one diagram or query/notebook walkthrough, and three follow-up answers for this stage: why this approach, what could fail, and how you would improve it in production.
Lineage and metadata: Trace where data comes from, how it changes, who owns it, and where it is used.
What it is
Metadata and lineage explain what data exists, who owns it, how it changes, where it flows, and which downstream assets depend on it.
Why it matters
Governance without operational metadata becomes policy theatre. Real users need searchable definitions, lineage for impact analysis, and owners who can fix broken data.
Proof to build
Document a mini data catalog: glossary, table owners, lineage diagram, access level, freshness SLA, and a downstream impact analysis for one schema change.
Lineage and metadata: Trace where data comes from, how it changes, who owns it, and where it is used.
What it is
Metadata and lineage explain what data exists, who owns it, how it changes, where it flows, and which downstream assets depend on it.
Why it matters
Governance without operational metadata becomes policy theatre. Real users need searchable definitions, lineage for impact analysis, and owners who can fix broken data.
Proof to build
Document a mini data catalog: glossary, table owners, lineage diagram, access level, freshness SLA, and a downstream impact analysis for one schema change.
Lineage and metadata: Trace where data comes from, how it changes, who owns it, and where it is used.
What it is
Metadata and lineage explain what data exists, who owns it, how it changes, where it flows, and which downstream assets depend on it.
Why it matters
Governance without operational metadata becomes policy theatre. Real users need searchable definitions, lineage for impact analysis, and owners who can fix broken data.
Proof to build
Document a mini data catalog: glossary, table owners, lineage diagram, access level, freshness SLA, and a downstream impact analysis for one schema change.
Create proof that this stage is more than passive study.
What it is
A lineage and metadata portfolio artifact is a public proof piece for this stage: a small but complete deliverable that shows how a AI Risk Analyst frames the problem, chooses tools, validates the result, and explains the tradeoffs.
Why it matters
This is the work product that makes the stage credible. For Data Governance and AI Risk Analyst, the artifact should show inputs, assumptions, methods, validation, tradeoffs, and a decision-ready output rather than a tutorial clone.
Proof to build
Publish one lineage and metadata artifact with README, inputs, assumptions, method, validation checks, screenshots or outputs, caveats, and a short summary of what the artifact proves for Data Governance and AI Risk Analyst readiness.
Know how this stage appears in screening, take-homes, and role-specific interviews.
What it is
The interview signal for lineage and metadata is your ability to explain the work under pressure: assumptions, tradeoffs, failure modes, implementation choices, and how the output would help a real team decide what to do next.
Why it matters
Hiring teams need to see judgment, not just vocabulary. This topic turns lineage and metadata into interview-ready stories, diagrams, live explanations, and examples that map to real AI Risk Analyst work.
Proof to build
Prepare a two-minute explanation, one diagram or query/notebook walkthrough, and three follow-up answers for this stage: why this approach, what could fail, and how you would improve it in production.
Privacy and access: Manage sensitive data, permissions, retention, minimization, and audit trails.
What it is
AI-ready data architecture extends the warehouse into feature pipelines, vector indexes, lakehouse tables, privacy controls, and data products that models can safely consume.
Why it matters
AI teams are constrained by data access, data quality, permissioning, and retrieval quality. The best architecture work makes model-facing data reliable before an ML or LLM team depends on it.
Proof to build
Design an AI data product with source tables, feature or embedding pipeline, access rules, freshness checks, and an evaluation query for retrieval or model input quality.
Privacy and access: Manage sensitive data, permissions, retention, minimization, and audit trails.
What it is
Metadata and lineage explain what data exists, who owns it, how it changes, where it flows, and which downstream assets depend on it.
Why it matters
Governance without operational metadata becomes policy theatre. Real users need searchable definitions, lineage for impact analysis, and owners who can fix broken data.
Proof to build
Document a mini data catalog: glossary, table owners, lineage diagram, access level, freshness SLA, and a downstream impact analysis for one schema change.
Privacy and access: Manage sensitive data, permissions, retention, minimization, and audit trails.
What it is
Privacy and access work controls who can use sensitive data, which fields are exposed, how activity is audited, and how long data is retained.
Why it matters
For healthcare, governance, and AI risk roles, privacy is not an optional ethics paragraph. It controls what data you can analyze, model, log, export, or show to downstream users.
Proof to build
Write a data-access plan with classification, approved users, de-identification approach, audit logging, retention, and a list of fields that must never enter prompts or notebooks.
Create proof that this stage is more than passive study.
What it is
A privacy and access portfolio artifact is a public proof piece for this stage: a small but complete deliverable that shows how a AI Risk Analyst frames the problem, chooses tools, validates the result, and explains the tradeoffs.
Why it matters
This is the work product that makes the stage credible. For Data Governance and AI Risk Analyst, the artifact should show inputs, assumptions, methods, validation, tradeoffs, and a decision-ready output rather than a tutorial clone.
Proof to build
Publish one privacy and access artifact with README, inputs, assumptions, method, validation checks, screenshots or outputs, caveats, and a short summary of what the artifact proves for Data Governance and AI Risk Analyst readiness.
Know how this stage appears in screening, take-homes, and role-specific interviews.
What it is
The interview signal for privacy and access is your ability to explain the work under pressure: assumptions, tradeoffs, failure modes, implementation choices, and how the output would help a real team decide what to do next.
Why it matters
Hiring teams need to see judgment, not just vocabulary. This topic turns privacy and access into interview-ready stories, diagrams, live explanations, and examples that map to real AI Risk Analyst work.
Proof to build
Prepare a two-minute explanation, one diagram or query/notebook walkthrough, and three follow-up answers for this stage: why this approach, what could fail, and how you would improve it in production.
AI risk and evaluation: Evaluate model behavior, prompt injection, bias, hallucination, and human-review workflows.
What it is
Evaluation turns AI quality from opinion into a testable operating system: task datasets, rubrics, deterministic checks, judge models, regression gates, and human review where stakes are high.
Why it matters
The fastest way to lose user trust is to ship an AI feature with no way to notice quality drift. Evals are now a core skill for AI engineers, FDEs, applied scientists, and AI risk analysts.
Proof to build
Build a 30-50 case eval set for one AI workflow, run before/after scores, tag failures by root cause, and write a release decision that explains whether the system should ship.
AI risk and evaluation: Evaluate model behavior, prompt injection, bias, hallucination, and human-review workflows.
What it is
Evaluation turns AI quality from opinion into a testable operating system: task datasets, rubrics, deterministic checks, judge models, regression gates, and human review where stakes are high.
Why it matters
The fastest way to lose user trust is to ship an AI feature with no way to notice quality drift. Evals are now a core skill for AI engineers, FDEs, applied scientists, and AI risk analysts.
Proof to build
Build a 30-50 case eval set for one AI workflow, run before/after scores, tag failures by root cause, and write a release decision that explains whether the system should ship.
AI risk and evaluation: Evaluate model behavior, prompt injection, bias, hallucination, and human-review workflows.
What it is
Evaluation turns AI quality from opinion into a testable operating system: task datasets, rubrics, deterministic checks, judge models, regression gates, and human review where stakes are high.
Why it matters
The fastest way to lose user trust is to ship an AI feature with no way to notice quality drift. Evals are now a core skill for AI engineers, FDEs, applied scientists, and AI risk analysts.
Proof to build
Build a 30-50 case eval set for one AI workflow, run before/after scores, tag failures by root cause, and write a release decision that explains whether the system should ship.
Create proof that this stage is more than passive study.
What it is
A ai risk and evaluation portfolio artifact is a public proof piece for this stage: a small but complete deliverable that shows how a AI Risk Analyst frames the problem, chooses tools, validates the result, and explains the tradeoffs.
Why it matters
This is the work product that makes the stage credible. For Data Governance and AI Risk Analyst, the artifact should show inputs, assumptions, methods, validation, tradeoffs, and a decision-ready output rather than a tutorial clone.
Proof to build
Publish one ai risk and evaluation artifact with README, inputs, assumptions, method, validation checks, screenshots or outputs, caveats, and a short summary of what the artifact proves for Data Governance and AI Risk Analyst readiness.
Know how this stage appears in screening, take-homes, and role-specific interviews.
What it is
The interview signal for ai risk and evaluation is your ability to explain the work under pressure: assumptions, tradeoffs, failure modes, implementation choices, and how the output would help a real team decide what to do next.
Why it matters
Hiring teams need to see judgment, not just vocabulary. This topic turns ai risk and evaluation into interview-ready stories, diagrams, live explanations, and examples that map to real AI Risk Analyst work.
Proof to build
Prepare a two-minute explanation, one diagram or query/notebook walkthrough, and three follow-up answers for this stage: why this approach, what could fail, and how you would improve it in production.
Regulatory and business context: Connect controls to industry obligations, risk appetite, and business processes.
What it is
AI risk documentation connects model behavior, controls, owners, regulations, evidence, residual risk, and remediation plans.
Why it matters
AI governance is moving from principles to evidence. Teams need analysts who can translate model and data risks into controls a business, auditor, or regulator can inspect.
Proof to build
Build a risk register for one AI workflow with risks, impact, controls, evidence links, owner, review cadence, and open remediation items.
Regulatory and business context: Connect controls to industry obligations, risk appetite, and business processes.
What it is
AI risk documentation connects model behavior, controls, owners, regulations, evidence, residual risk, and remediation plans.
Why it matters
AI governance is moving from principles to evidence. Teams need analysts who can translate model and data risks into controls a business, auditor, or regulator can inspect.
Proof to build
Build a risk register for one AI workflow with risks, impact, controls, evidence links, owner, review cadence, and open remediation items.
Regulatory and business context: Connect controls to industry obligations, risk appetite, and business processes.
What it is
AI risk documentation connects model behavior, controls, owners, regulations, evidence, residual risk, and remediation plans.
Why it matters
AI governance is moving from principles to evidence. Teams need analysts who can translate model and data risks into controls a business, auditor, or regulator can inspect.
Proof to build
Build a risk register for one AI workflow with risks, impact, controls, evidence links, owner, review cadence, and open remediation items.
Create proof that this stage is more than passive study.
What it is
A regulatory and business context portfolio artifact is a public proof piece for this stage: a small but complete deliverable that shows how a AI Risk Analyst frames the problem, chooses tools, validates the result, and explains the tradeoffs.
Why it matters
This is the work product that makes the stage credible. For Data Governance and AI Risk Analyst, the artifact should show inputs, assumptions, methods, validation, tradeoffs, and a decision-ready output rather than a tutorial clone.
Proof to build
Publish one regulatory and business context artifact with README, inputs, assumptions, method, validation checks, screenshots or outputs, caveats, and a short summary of what the artifact proves for Data Governance and AI Risk Analyst readiness.
Know how this stage appears in screening, take-homes, and role-specific interviews.
What it is
The interview signal for regulatory and business context is your ability to explain the work under pressure: assumptions, tradeoffs, failure modes, implementation choices, and how the output would help a real team decide what to do next.
Why it matters
Hiring teams need to see judgment, not just vocabulary. This topic turns regulatory and business context into interview-ready stories, diagrams, live explanations, and examples that map to real AI Risk Analyst work.
Proof to build
Prepare a two-minute explanation, one diagram or query/notebook walkthrough, and three follow-up answers for this stage: why this approach, what could fail, and how you would improve it in production.
Portfolio and interviews: Build a governance case study with lineage, controls, risk register, and remediation plan.
What it is
Portfolio and interview work turns learning into proof: a public artifact, decision memo, reproducible repo, diagram, dashboard, notebook, or interview story.
Why it matters
Hiring teams cannot infer readiness from a list of tools. They need evidence that you can frame a problem, make tradeoffs, validate your result, and explain the business impact.
Proof to build
Publish one role-specific artifact with README, assumptions, dataset notes, validation checks, screenshots, and a short hiring-manager summary of what the work proves.
Portfolio and interviews: Build a governance case study with lineage, controls, risk register, and remediation plan.
What it is
BI tooling turns governed data into dashboards, scorecards, drilldowns, alerts, permissions, refreshes, and recurring decision workflows.
Why it matters
Real BI value is not a pretty chart. It is a trusted operating surface that busy teams check without asking an analyst to explain every filter and caveat.
Proof to build
Build a dashboard case study with a metric dictionary, screenshot walkthrough, refresh plan, permission model, known caveats, and a QA checklist for the top numbers.
Portfolio and interviews: Build a governance case study with lineage, controls, risk register, and remediation plan.
What it is
Stakeholder communication turns analysis into a decision path: audience, tradeoff, recommendation, risk, next action, and what would change the conclusion.
Why it matters
The best technical answer still fails when the business cannot act on it. Analysts, FDEs, OR practitioners, architects, and product analysts need to reduce ambiguity without hiding uncertainty.
Proof to build
Write a decision memo or presentation page with the recommendation, metric impact, risks, alternatives rejected, owner, timeline, and one follow-up question for stakeholders.
Create proof that this stage is more than passive study.
What it is
A portfolio and interviews portfolio artifact is a public proof piece for this stage: a small but complete deliverable that shows how a AI Risk Analyst frames the problem, chooses tools, validates the result, and explains the tradeoffs.
Why it matters
This is the work product that makes the stage credible. For Data Governance and AI Risk Analyst, the artifact should show inputs, assumptions, methods, validation, tradeoffs, and a decision-ready output rather than a tutorial clone.
Proof to build
Publish one portfolio and interviews artifact with README, inputs, assumptions, method, validation checks, screenshots or outputs, caveats, and a short summary of what the artifact proves for Data Governance and AI Risk Analyst readiness.
Know how this stage appears in screening, take-homes, and role-specific interviews.
What it is
The interview signal for portfolio and interviews is your ability to explain the work under pressure: assumptions, tradeoffs, failure modes, implementation choices, and how the output would help a real team decide what to do next.
Why it matters
Hiring teams need to see judgment, not just vocabulary. This topic turns portfolio and interviews into interview-ready stories, diagrams, live explanations, and examples that map to real AI Risk Analyst work.
Proof to build
Prepare a two-minute explanation, one diagram or query/notebook walkthrough, and three follow-up answers for this stage: why this approach, what could fail, and how you would improve it in production.