Our Mission
Reflection is a research lab making intelligence open and accessible for everyone to use, customize, and build on. We build open models that let anyone control their intelligence and help shape the future of AI. Our mission: make intelligence open and accessible to all.
Role Overview
The Manager of Risk & Trust Operations is responsible for translating the organization's risk governance frameworks and policies into operational reality. This leader owns the operational machinery that validates adherence, surfaces issues, and drives resolution. The result is a continuously evidenced, audit-ready risk posture that can be confidently represented to customers, regulators, and leadership.
Spanning commercial risk support, third-party risk management, controls assurance, AI safety operations, and risk issue management, this role serves as the operational center of gravity for the Risk & Trust function — coordinating across product, engineering, legal, and compliance teams to ensure risk obligations are not just understood, but actively evidenced and remediated where gaps exist.
This is a high-visibility, high-impact role that operates across all business functions. Success requires the ability to translate complex risk concepts into verifiable risk management, influence without direct authority, and build trusted relationships internally and externally.
What You'll Do
Commercial Risk & Go-to-Market Support
Drive the end-to-end lifecycle for risk assessments and certifications supporting the deals pipeline and go-to-market efforts, ensuring risk reviews are completed with the speed and rigor the business requires.
Partner closely with sales, legal, and product teams to scope and deliver risk assessments tailored to customer requirements, industry verticals, and deal-specific obligations.
Develop and maintain a library of reusable risk assessment artifacts, certifications, and evidence packages that accelerate commercial cycles without compromising quality.
Serve as a risk subject matter expert in customer-facing conversations, due diligence requests, and RFP responses involving risk, compliance, and AI safety topics.
Third-Party & Vendor Risk Management
Conduct upfront due-diligence assessments, ongoing risk monitoring, and on-demand risk reviews of third parties and vendors supporting organizational operations.
Design and operate a scalable third-party risk management program that reflects the organization's risk appetite, vendor criticality tiers, and evolving regulatory expectations.
Establish clear criteria for vendor risk tiering, onboarding requirements, and ongoing monitoring cadences — ensuring continuous visibility into the risk profile of the extended enterprise.
Coordinate with procurement, legal, and technology teams to ensure vendor risk findings are reflected in contracting, remediation timelines, and relationship management decisions.
Controls Assurance & Obligation Validation
Validate and evidence the design and operational efficacy of policies, standards, controls, and guardrails related to risk management — translating governance intent into demonstrable operational outcomes.
Design and execute controls testing programs that provide reliable, audit-quality evidence of control effectiveness across the organization's obligation landscape.
Develop and maintain structured assurance documentation that enables confident representation of risk posture to regulators, auditors, and enterprise customers.
Identify and escalate control design or operational gaps, working cross-functionally to drive timely and durable remediation.
AI Safety Program Assurance
Assure the design and operating efficacy of the organization's AI safety program, responsible AI and ethics frameworks, and AI safety and transparency artifacts — including regular assessment of whether operational practices align with stated principles and commitments.
Govern the pre-deployment risk review process for new models and major capability updates, ensuring structured evaluation against safety criteria, ethical frameworks, and applicable obligations before release.
Develop and maintain pre-deployment review workflows, risk thresholds, escalation paths, and sign-off requirements that scale with the organization's model release cadence.
Provide assurance reporting on the ongoing effectiveness of AI safety controls, surfacing trends, gaps, and emerging risks to leadership and relevant governance bodies.
AI Abuse & Safety Incident Response
Own the AI abuse and safety violation response program end-to-end, including detection, triage, investigation, response coordination, and remediation tracking.
Maintain the AI incident registry across the model lifecycle, ensuring all safety-relevant events are captured, classified, investigated, and closed with appropriate rigor and audit trail.
Develop and continuously refine detection methodologies, triage protocols, and escalation criteria that enable rapid, consistent responses to emerging safety signals.
Partner with product, engineering, legal, and communications teams to coordinate cross-functional responses to high-severity AI safety incidents, and drive post-incident reviews and control improvements.
Analyze incident trends to identify systemic vulnerabilities and proactively recommend improvements to AI safety controls, guardrails, and monitoring capabilities.
Risk Issue Management & Remediation
Govern the organization's risk issue management lifecycle, including maintenance of the risk issue inventory, escalation protocols, remediation prioritization frameworks, exception management, and execution oversight.
Establish and enforce clear standards for issue documentation, severity classification, ownership assignment, and remediation timelines — ensuring accountability and visibility at all levels.
Drive prioritization of remediation efforts in alignment with the organization's risk appetite, ensuring that the most consequential exposures receive appropriate urgency and resources.
Manage the exception management process, including evaluation, approval, compensating control requirements, and time-bound tracking of all active exceptions.
Provide regular reporting to leadership on open issues, remediation velocity, exception inventory, and systemic risk trends, enabling informed decisions on risk tolerance and resource allocation.
What We're Looking For
Experience & Background
15+ years of progressive experience in risk operations, compliance, internal audit, information security, or a closely related discipline — with meaningful leadership experience overseeing operational risk programs.
Demonstrated track record of building and operating scalable risk operational programs: controls assurance, third-party risk management, issue management, or incident response.
Hands-on experience with commercial risk support functions, including the delivery of risk assessments, certifications, or security questionnaires in a go-to-market or enterprise sales context.
Prior experience in AI safety, responsible AI, or technology risk operations — with working knowledge of AI system risk evaluation, safety testing methodologies, and the operational lifecycle of AI models.
Experience operating in regulated environments and interacting directly with auditors, regulators, or enterprise customers on risk, compliance, or security topics.
Skills & Capabilities
Exceptional operational discipline — proven ability to design, document, and run repeatable, audit-quality risk management processes at scale.
Strong analytical and investigative skills, with the ability to triage complex risk issues, synthesize large volumes of evidence, and distinguish signal from noise.
Demonstrated ability to manage and report on multi-workstream operational programs, balancing competing priorities, tight timelines, and cross-functional dependencies.
Excellent written and verbal communication skills, including the ability to document risk findings clearly and represent the organization's risk posture credibly in customer-facing and regulatory settings.
Proficiency in risk management tools and GRC platforms; familiarity with evidence management, controls testing workflows, and incident tracking systems.
Mindset & Approach
An operational leader who takes pride in building evidence-based, audit-ready risk programs — and understands that credibility is earned through the quality and consistency of execution, not just the elegance of frameworks.
Deeply collaborative and cross-functionally astute, with the ability to engage engineering, legal, product, and compliance stakeholders as a trusted partner rather than a compliance gatekeeper.
Calm and structured under pressure, with the judgment to triage and respond to fast-moving risk events — from safety incidents to regulatory inquiries — without sacrificing rigor.
Genuinely curious about AI and technology risk, and motivated to develop and maintain meaningful operational expertise in a domain that is evolving rapidly.
A builder at heart — energized by creating programs and processes where structure is still emerging, and committed to leaving operational infrastructure better than they found it.
What We Offer:
We believe that to make intelligence open and accessible to all, you need to start at the foundation. Joining Reflection means building from the ground up as part of a talent-dense team. You will help define our future as a company, and help define the future of open foundational models.
We want you to do the most impactful work of your career with the confidence that you and the people you care about most are supported.
Top-tier compensation: Salary and equity structured to recognize and retain our talent globally.
Stock options: Everyone who joins and contributes to Reflection's success gets to share in the upside through stock options.
Health & wellness: Comprehensive medical, dental, vision, and life, with an annual wellness allowance.
Meals: Lunch and dinner are provided in the office daily.
Life & family: 22 weeks paid parental leave for all new birthing and non-birthing parents, including adoptive and surrogate journeys.
Vacation days: Unlimited paid time off in the U.S. and 30 days in the U.K.
Sponsorship support: We sponsor visas to help exceptional talent join our team and support long-term immigration pathways where applicable.
Team building: We have regular off-sites, happy hours, and team celebrations.
Export Control Notice: This position may require access to technology or source code subject to the U.S. Export Administration Regulations. Any offer of employment for this role may be conditioned on the Company's ability to provide the candidate with access to such technology or source code in compliance with applicable U.S. export control laws, which may require the Company to seek government authorization.