LOOKOVER.IO · ICP DOCUMENT AI GOVERNANCE DIRECTOR PROFILE · APRIL 2026 INTERNAL USE
Ideal Customer Profile · Tier 1 Buyer

The AI Governance
Director

Senior security and risk executives bridging Big4 advisory pedigree with enterprise AI governance mandates — sitting directly in the EU AI Act blast radius.

10+ Years in Role
3–4 Verticals Served
$200K+ Typical Comp Band
127 Days to EU Deadline
01
Persona Profile
Who This Person Is
AG
Archetype
The Governance Lead
Alex Govind
Director, Information Security · AI Governance & Cyber Risk
"I spent years at KPMG advising clients on cybersecurity and data privacy across regulated industries. Now I own the AI governance mandate in-house — and I have 13 different AI tools in production with zero audit trail, no explainability docs, and an EU AI Act deadline bearing down on me. I need a solution, not a consultant."
CISA / CISSP AI Policy Enterprise Risk Mgmt Big4 Alumni Multi-Jurisdiction EU AI Act Exposure Budget Owner
Career Arc

Background

  • 3–5 yrs at Big4 (KPMG, Deloitte, PwC, EY) in Cyber/Risk practice
  • Transitioned to in-house Director role at multi-brand enterprise
  • Now owns AI governance + cyber risk + data protection under one mandate
  • Reports to CISO or CRO; presents to board on AI risk quarterly
Scope

What They Own

  • Global AI policy, governance frameworks, and model inventory
  • Data protection (GDPR / EU AI Act / state laws)
  • Third-party AI vendor risk assessments
  • Internal AI audit readiness
  • Multi-geography compliance (NA + EU + APAC)
Company Profile

Their Org

  • $500M–$5B revenue enterprise
  • Retail, FinTech, HRTech, or multi-brand consumer
  • EU market exposure (sells to or operates in Europe)
  • Active AI deployments: 10–50+ models / agents in prod
  • Legal + compliance team of 5–30 people
02
Problem Landscape
Their Real Pain Points
🗂️
No AI System Inventory
They have AI in production but no central registry of what's deployed, what data it touches, or what risk tier it falls under. EU AI Act Article 9 requires documented risk management per system — they're starting from zero.
🧾
No Observability on Model Behaviour
When something goes wrong with an AI system (bias, data leak, unexpected output), there's no audit trail. They can't reconstruct what the model did or why — which is an immediate compliance failure under Article 12 (transparency logging).
📅
August 2026 Deadline Pressure
High-risk AI system obligations under the EU AI Act come into force in August 2026. They need to classify, document, and evidence conformity for every in-scope system. Most are 6–12 months behind where they need to be.
🧑‍⚖️
Auditors Are Asking Questions They Can't Answer
Internal and external auditors are now including AI governance questions in scope. This person is getting asks for evidence, logs, and documentation they don't have. They need a tool — not a spreadsheet — to answer audit evidence requests.
🔗
Third-Party AI Vendor Blind Spot
They procure AI from 10–30 vendors and have no systematic way to assess their EU AI Act compliance posture. Contractual obligations are shifting but their vendor risk process hasn't caught up.
💬
Board Reporting with No Data
They're expected to present AI risk posture to the board or CISO quarterly. Right now that's a PowerPoint built on gut feel and spreadsheets. They need dashboards with real signal — and they'll pay for it.
03
Sales Intelligence
Buying Triggers
Trigger Type What to Watch For Why It Matters for Lookover
REGULATORY EU AI Act enforcement dates approaching; regulator guidance published; notified body announcements Creates external urgency that bypasses internal procurement friction
AUDIT EVENT Company recently completed or failed an AI-related audit; new internal audit mandate for AI governance They now have evidence of the gap — and budget to close it
ROLE CHANGE Promoted or newly hired into AI governance mandate; inherited a messy AI portfolio New mandate + zero existing tooling = immediate buying motion
INCIDENT Public AI incident at a competitor; internal model failure surfaces; data protection authority inquiry Risk-averse by nature — incidents unlock budget fast
EXPANSION Company entering EU market; M&A with EU-based entity; new product with AI component Compliance scope expands suddenly; tooling gap becomes critical path
CONTENT SIGNAL Posts about EU AI Act on LinkedIn; shares articles about AI governance frameworks; asks community questions Self-identified as active buyer — warm outreach window opens
04
Lead Scoring
Qualification Scorecard
2
Big4 / Advisory AlumniUnderstands compliance commercially; knows what good looks like; faster to trust a new vendor
2
EU AI Act MandateOwns or co-owns the EU AI Act response program — not just awareness
2
10+ AI Systems in ProdAbove this threshold the spreadsheet approach visibly breaks
1
Director Level or AboveHas budget authority or direct line to it — not an analyst who needs 5 approvals
1
Multi-Geography ScopeCross-border compliance makes tooling ROI obvious
1
Active Content SignalsPosting about AI governance, NIST AI RMF, EU AI Act on LinkedIn in last 90 days
1
Audit-Facing RoleDeals with external auditors; evidence requests are a regular part of their job
10
Perfect ScoreScore 8–10 = immediate outreach. Score 5–7 = warm sequence. Below 5 = monitor.
05
Prospecting
Where to Find Them
Primary Channel

LinkedIn

Boolean search strings:

("AI governance" OR "AI policy") AND ("Director" OR "VP") AND ("EU AI Act" OR "GDPR")

("information security" OR "cybersecurity") AND "AI governance" AND ("CISA" OR "CISSP")

("risk management" OR "data protection") AND "AI" AND ("Big4" OR "KPMG" OR "Deloitte" OR "PwC")

Filter: 10+ years exp · Industry: Finance, Retail, HR Tech, Healthcare

Warm Channels

Events & Communities

  • ISACA annual conference (GRC / AI audit track)
  • Gartner Security & Risk Summit
  • IAPP Global Privacy Summit (EU AI Act track)
  • LinkedIn "AI Governance Professionals" groups
  • NIST AI RMF community calls
  • EU AI Act webinars (regulators publish speaker lists)
Signal Monitoring

Intent Signals

  • LinkedIn posts tagged #EUAIAct #AIGovernance
  • Job postings for "AI Compliance Manager" at their company
  • Glassdoor reviews mentioning AI audit/compliance chaos
  • Company press releases about EU market expansion
  • Regulatory filings mentioning AI risk
06
Messaging Framework
How to Reach Them
LinkedIn Connection Note (300 char limit)
Template A · Regulatory Urgency Hi [Name] — with EU AI Act high-risk obligations live in August, I'm building observability tooling for exactly your kind of mandate. Your background across Big4 advisory and in-house AI governance is the lens I need. Would love 15 minutes of honest feedback.
Template B · Audit Evidence Angle Hi [Name] — internal auditors are now asking for AI system logs and decision trails that most governance teams don't have. I'm building the tool that generates that evidence automatically. Given your background at KPMG + your current mandate, you'd see straight through whether it works. Up for a quick call?
Follow-up Message (post-connect) Thanks for connecting, [Name]. Quick context: I'm building Lookover — an AI agent observability platform designed for governance teams facing EU AI Act audit readiness. It gives you an audit trail, explainability logs, and risk dashboards without requiring dev resource from your AI teams.

Given you're running AI governance across [company], I suspect the evidence-on-demand problem is real. Happy to show you a 10-minute demo — no sales deck, just the product. Worth a look?
07
Sales Readiness
Common Objections & Counters
Objection 01

"We're building it internally"

Counter: Internal builds take 12–18 months and don't come with pre-mapped EU AI Act Article 9/12 evidence templates. August 2026 won't wait for an internal roadmap. You need something deployable in weeks.

Objection 02

"We already use LangSmith / similar"

Counter: LangSmith is built for developers debugging pipelines. Lookover is built for compliance teams and auditors — different output format, different evidence structure, different user. Not competing, complementary — or replacing if they need audit-grade output.

Objection 03

"Budget is frozen right now"

Counter: What's the cost of a data protection authority investigation? One DPA fine under EU AI Act for a high-risk system can run €30M or 6% of global turnover. Compliance tooling is insurance, not a discretionary spend. Frame it that way to finance.

Objection 04

"We're not sure we're in scope"

Counter: That's exactly why observability matters — you can't assess scope without an inventory. Lookover gives you the system map first, then the risk classification, then the evidence layer. Start with visibility, not policy.