Counsel – Privacy, Security & AI Office

About the Role

We are seeking an experienced and strategic Counsel to join our Privacy Security & AI (PSAI) Office. In this -l role you will play a critical part in guiding our product and AI compliance supporting global privacy and data protection strategy and helping shape the companys approach to responsible and ethical data use.

Youll advise senior leadership collaborate with cross-functional stakeholders and help ensure that our data practices are aligned with global legal and regulatory obligations including those emerging around AI governance and advanced technologies.

Key Responsibilities

AI

• Support the development and implementation of the AI Governance Program
• Draft and implement AI policies procedures and best practices for both internal use of AI and product development
• Lead internal awareness campaigns to foster a culture of responsible AI across the organization.
• Support AI Use Case Intake Assessments
• Provide AI advice to key stakeholders (product procurement)
• Support customers queries and questionnaires

Product Compliance

• Collaborate closely with product and engineering teams to evaluate and mitigate privacy and AI compliance risks during development and deployment.
• Review and assess AI/ML use cases for compliance with legal and ethical standards including EU AI Act OECD AI Principles and NIST AI RMF.
• Contribute to development of governance frameworks for responsible AI including fairness explainability and accountability controls.

Privacy & Data Protection Legal Strategy

• Lead complex legal analysis and provide strategic privacy advice on global data protection laws (e.g. GDPR CCPA/CPRA LGPD PIPEDA APPI) with a main focus on US federal and state privacy and EU GDPR
• Guide business and technical teams on lawful bases for processing purpose limitation transparency and data minimization.
• Evaluate and advise on complex personal data use cases including sensitive data automated decision-making and biometric processing.
• Implement best practices around privacy to ensure the competitive edge of the company
• Draft and review breach-related communications including regulator and data subject notices.
• Conduct privacy reviews for third-party vendors and tools to ensure alignment with internal standards and legal requirements.
• Drive the development maintenance and enhancement of the companysprivacy compliance program.
• Maintain and oversee updates to theRecords of Processing Activities (ROPA) and ensure accountability documentation is current and complete.
• Partner with security compliance and product teams to integrate privacy by design into internal processes and external-facing technologies.
• Lead and advise on complexPrivacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs).
• Oversee and conductTransfer Impact Assessments (TIAs) to assess and document data transfer risks.
• ManageLegitimate Interests Assessments (LIAs) and ensure robust justification and safeguards are in place.
• Identify privacy and AI-related risks and recommend scalable mitigation strategies across the organization.

Audits Monitoring & Regulatory Readiness

• Support or lead the legal function in responding to privacy audits regulator inquiries and due diligence requests.
• Prepare documentation gap analyses and remediation plans to ensure audit readiness.
• Track and interpret global privacy and AI regulatory developments and support internal implementation efforts.

Qualifications

Required:

• Qualified lawyer (active bar membership in at least one jurisdiction).
• 610 years of legal experience with a focus on privacy data protection and technology law.
• Deep understanding of GDPR CCPA/CPRA and global privacy frameworks.
• Preferred experience with FedRamp PCI DSS and ISO frameworks
• Extensive experience with PIAs/DPIAs TIAs LIAs and cross-border data transfer mechanisms.
• Strong understanding of privacy issues in product development data science and AI applications.

Preferred:

• CIPP/E CIPP/US and AIGP
• Direct experience working with or interpreting AI legal and regulatory frameworks (e.g. EU AI Act).
• Strong negotiation skills particularly in data protection clauses and international data transfer agreements.