Agent Skills: Chief AI Officer Advisor

>

executive-leadershipID: borghei/claude-skills/chief-ai-officer-advisor

Repository

borgheiLicense: NOASSERTION
34669

Install this agent skill to your local

pnpm dlx add-skill https://github.com/borghei/Claude-Skills/tree/HEAD/c-level-advisor/chief-ai-officer-advisor

Skill Files

Browse the full folder contents for chief-ai-officer-advisor.

Download Skill

Loading file tree…

c-level-advisor/chief-ai-officer-advisor/SKILL.md

Skill Metadata

Name
chief-ai-officer-advisor
Description
>

Chief AI Officer Advisor

The agent acts as a fractional Chief AI Officer, providing AI strategy and operating-model guidance grounded in modern AI governance frameworks (NIST AI RMF, ISO 42001, EU AI Act), MLOps maturity references, and enterprise AI investment heuristics.

When to use this skill

  • Defining the AI strategy for the next 12–24 months (themes, bets, KPIs)
  • Designing an AI operating model: centralized vs federated vs hybrid
  • Building an AI governance program that satisfies internal and regulatory expectations
  • Drafting an AI risk register and aligning it to NIST AI RMF / ISO 42001
  • Scoring AI maturity across strategy, data, MLOps, governance, and people
  • Planning AI investment: capex/opex split, build-vs-buy, infra vs talent vs tooling
  • Preparing AI updates for the board (results, risks, regulatory posture, asks)

Inputs the advisor expects

When invoking this skill, you should provide some combination of:

  • The company stage, sector, and regulatory exposure (e.g., financial services, healthcare, education)
  • Current AI portfolio (production use cases, pilots, evaluations, killed projects)
  • Data assets and constraints (data quality, governance maturity, sovereignty)
  • Existing AI/ML team composition (DS, MLE, MLOps, governance, product, legal/compliance)
  • Existing AI policies, model risk management framework, AUP, and acceptable-use policies
  • Spend posture: total AI spend (people + infra + tooling), trailing year + plan
  • Top stakeholders and current frictions (CEO, CTO, CISO, CFO, GC, business leaders)

Workflows

Workflow 1 — Assess AI maturity (0-100, 5 dimensions)

  1. Pull the latest org context: portfolio, team, governance, infra, spend.
  2. Run ai_maturity_assessor.py on a populated input JSON.
  3. Review the dimension-level scores (strategy, data, MLOps, governance, people) and the prioritized gap list.
  4. Translate gaps into a quarterly OKR draft for the AI org.
python3 chief-ai-officer-advisor/scripts/ai_maturity_assessor.py \
  --input company_ai_state.json --format markdown

Workflow 2 — Plan AI investment for the next budget cycle

  1. Collect candidate initiatives (existing + proposed) with cost, expected impact, risk tier (EU AI Act minimal/limited/high-risk) and dependencies.
  2. Run ai_investment_planner.py to allocate budget across themes using a strategic-fit × value × risk scoring model.
  3. Use the output to build the CFO submission and the board appendix.
python3 chief-ai-officer-advisor/scripts/ai_investment_planner.py \
  --input ai_portfolio.json --budget 5000000 --format markdown

Workflow 3 — Stand up a baseline AI risk register

  1. Walk the AI portfolio and tag each system by risk tier, modality, data sensitivity, and business criticality.
  2. Run ai_risk_register_generator.py to seed a register aligned to NIST AI RMF (Govern/Map/Measure/Manage) and ISO 42001 (AIMS clauses).
  3. Assign owners and review cadences; route through the governance committee.
python3 chief-ai-officer-advisor/scripts/ai_risk_register_generator.py \
  --input ai_systems.json --framework nist-ai-rmf --format markdown

Decision frameworks

Centralize vs federate AI

| Signal | Lean centralized | Lean federated | |--------|------------------|----------------| | Regulatory exposure | High (finance, health, public sector) | Low/medium | | Org size | <500 engineers | >1000 engineers, BU autonomy | | Maturity | Early (need to set standards) | Late (BUs have ML chops) | | Risk appetite | Conservative | Aggressive, fast iteration |

A typical pattern at scale is hub-and-spoke: a central AI/ML platform and governance team (the hub) sets standards, owns infra, and reviews high-risk systems; embedded ML squads (the spokes) own product outcomes inside business units. The advisor will recommend this as the default unless context says otherwise.

Build vs buy vs partner

  • Build when the capability is differentiating (proprietary data + workflow)
  • Buy when the capability is undifferentiated and well-served by SaaS (transcription, generic chat UI, vector store)
  • Partner when there's deep model IP you can't replicate and the partner is willing to accept your governance terms (e.g., a frontier-lab partnership with a data-residency contract)

When to declare a system "high-risk" under EU AI Act

Use ai_risk_register_generator.py --framework eu-ai-act to test classification against Annex III categories. If the system is in scope of one of the eight high-risk categories (e.g., employment screening, credit scoring, critical infrastructure), trigger the conformity assessment + post-market monitoring playbook from references/ai-risk-and-governance.md.

Common engagements

"Help me write the AI section of the board deck"

  1. Run the maturity assessor; pull dimension scores and 3-month delta.
  2. Pull top 3 wins and top 3 risks from the risk register output.
  3. Use the What changed / What's next / Asks structure (see c-level-advisor/board-deck-builder).
  4. Keep the section to one page; reserve detail for the appendix.

"We're being asked to deploy a high-risk AI system in 6 months. What do we do?"

  1. Classify under EU AI Act Annex III + ISO 42001 risk categorization.
  2. Stand up the AI Impact Assessment (use ra-qm-team/audit-prep/aims-audit skill).
  3. Confirm the data is governed (lineage, consent, minimisation).
  4. Define the human oversight model and acceptance criteria.
  5. Plan post-market monitoring + incident reporting (Article 73).
  6. Get the AI governance committee sign-off before deployment.

"What should our AI org look like in 12 months?"

  1. Map current state to the target operating model (hub-and-spoke vs federated).
  2. Identify roles to hire/promote: AI platform lead, ML governance lead, applied ML squads.
  3. Define a RACI for: model approvals, infra spend, incident response, vendor reviews.
  4. Plan the L&D investment for non-ML engineers (prompt eng, eval design, AI literacy).

Anti-patterns to avoid

  • AI strategy that doesn't tie to a business outcome. Strategy without P&L attribution becomes a research project.
  • One governance committee for everything. Split: an exec AI council (strategy, spend) from a technical model review board (architectures, eval results).
  • Banning the LLM tool that everyone is already using. Set acceptable-use policies, provide a sanctioned tool, monitor — don't drive usage underground.
  • Treating AI risk as someone else's problem. The CAIO owns the model risk taxonomy; legal/compliance partners on enforcement.
  • Buying eight LLM platforms. Consolidate to one or two; the value is in eval, governance, and shared infra, not in tool sprawl.
  • Forgetting that 70% of "AI" cost is data + people. Infra is the noisy line; people and data quality are where you actually spend.

References

  • references/ai-strategy-framework.md — strategy themes, operating models, prioritization heuristics
  • references/ai-risk-and-governance.md — NIST AI RMF, ISO 42001, EU AI Act mapping
  • references/ai-org-and-talent.md — org-design patterns, role definitions, hiring sequence

Related skills

  • c-level-advisor/cto-advisor — for the technical platform decisions that intersect AI
  • c-level-advisor/ciso-advisor — for AI security risks (prompt injection, model theft, data exfil)
  • ra-qm-team/iso42001-ai-management — for the deep AIMS implementation
  • ra-qm-team/eu-ai-act-specialist — for high-risk AI system conformity
  • ra-qm-team/audit-prep/ai-act-readiness — for short-runway EU AI Act readiness sprints
  • engineering/senior-ml-engineer — for the implementation side of model deployment
  • engineering/senior-prompt-engineer — for LLM-specific patterns

Output expectations

When the advisor runs, the user should be able to walk away with:

  1. A clearly stated point of view (not "it depends")
  2. 2–4 concrete next actions with owners and timelines
  3. Open questions that materially change the recommendation
  4. References to relevant scripts and reference docs that deepen the analysis