K2 Partnering Solutions is a global provider of unique end-to-end consultative solutions in the enterprise applications AI and cloud space.

Please be aware this job might be located in Madrid (ES) London (UK) or Milan (Italy) - hybrid or full remote opportunity

We are seeking a Legal Counsel with deep expertise in data privacy cybersecurity and the emerging field of AI governance to join our global legal team. This role will support cross-functional efforts to ensure legal and regulatory compliance across global privacy frameworks information security standards and responsible AI use. The ideal candidate will play a critical role in advising on privacy-by-design negotiating key data agreements managing risk assessments and shaping policy and governance standards within a fast-paced technology-driven environment.

Key Responsibilities:

-Advise on global data privacy and cybersecurity compliance frameworks including: GDPR UK DPA 2018 CCPA/CPRA LGPD and other international privacy regulations.

- Provide guidance on information security certifications and frameworks such as ISO/IEC 27001 SOC 2 and NIST CSF.

- Monitor and advise on AI governance standards including the EU AI Act and ISO/IEC 42001 (AI Management System Standard).

- Collaborate cross-functionally with InfoSec product legal and engineering teams to ensure legal compliance risk mitigation and privacy-by-design in systems and operations.

- Draft and negotiate key data and privacy-related agreements including Data Protection Agreements (DPAs) Standard Contractual Clauses (SCCs) and data processing or sharing terms.

- Advise on Data Protection Impact Assessments (DPIAs) Legitimate Interest Assessments (LIAs) and AI impact assessments aligning with regulatory and ethical standards.

- Support privacy and security audits assist in certification processes (e.g. ISO 27001 SOC 2) and manage regulatory inquiries related to data protection cybersecurity or AI.

- Develop and maintain internal policies and training materials on data privacy cybersecurity best practices and responsible AI use.

- Respond to and coordinate the completion of client security and privacy questionnaires ensuring accurate representation of compliance posture and certifications.

Requirements:

• Law degree with a specialization or demonstrated experience in data privacy cybersecurity law or technology law

• 5 years of relevant legal experience ideally in a multinational company or top-tier law firm

• Strong understanding of major global privacy regulations including GDPR UK DPA 2018 CCPA/CPRA LGPD and other key international frameworks

• Knowledge of information security standards and certifications (e.g. ISO/IEC 27001 SOC 2 NIST CSF)

• Familiarity with AI-related regulatory frameworks such as the EU AI Act and ISO/IEC 42001 and understanding of responsible AI principles

• Proven ability to draft and negotiate complex data protection agreements (DPAs) Standard Contractual Clauses (SCCs) and data processing or sharing terms

• Experience conducting or advising on Data Protection Impact Assessments (DPIAs) Legitimate Interest Assessments (LIAs) and AI impact assessments

• Comfortable collaborating with cross-functional teams including InfoSec Engineering Product and Compliance to implement privacy and security best practices

• Excellent legal research analytical and communication skills with the ability to simplify complex issues for diverse stakeholders

• Fluent in English; other language skills are a plus

• Recognized privacy certifications such as CIPP/E CIPM or CIPT are an asset

#LI-GZ1

#LI-Hybrid

-----

This job description is not designed to contain a comprehensive listing of activities duties or responsibilities that are required. Nothing in this job description restricts managements right to assign or reassign duties and responsibilities at any time.

K2 Partnering Solutions is an equal employment opportunity/affirmative action employer. We do not discriminate on the basis of an individuals actual or perceived race color creed religion national origin ancestry citizenship status age sex or gender (including pregnancy childbirth and pregnancy-related conditions) gender identity or expression (including transgender status) sexual orientation marital status military service and veteran status physical or mental disability genetic information or any other characteristic protected by applicable federal state or local laws. Our team is dedicated to this policy with respect to all terms and conditions of employment including recruitment hiring placement promotion transfer training compensation benefits employee activities access to facilities and programs and general treatment during employment.