Counsel, Privacy, AI, and Data Protection

About The Position

Requirements

• Juris Doctor (JD) degree from an accredited law school and active license to practice law in at least one U.S. jurisdiction.
• Minimum of 8–12 years of legal experience, with significant focus on privacy, data protection, cybersecurity, and/or technology law.
• Demonstrated expertise in U.S. and global privacy laws and frameworks (e.g., GDPR, CCPA/CPRA) and strong familiarity with emerging AI regulatory requirements.
• Experience advising on AI/ML technologies, data-driven business models, or digital products, including governance and risk management considerations.
• Proven experience building or supporting global privacy programs and operationalizing compliance frameworks (e.g., DPIAs, DSARs, data mapping).
• Strong experience partnering with Product, Engineering, IT, and Security teams to translate legal requirements into practical solutions.
• Demonstrated ability to operate independently, manage complex cross-functional initiatives, and provide strategic, risk-based legal advice.
• Excellent communication, negotiation, and stakeholder engagement skills, with the ability to influence senior leaders.
• Ability to travel (approximately 10–20%) to support global business initiatives and team engagement.
• Collaborate effectively across global time zones, providing support to regional stakeholders and participating in meetings outside standard business hours as needed to support a globally distributed organization.

Nice To Haves

• Relevant certifications (e.g., CIPP/US, CIPP/E, CIPM, AIGP) preferred.

Responsibilities

• Accountable for the design, implementation, and ongoing effectiveness of Valvoline’s global privacy program, including governance structure, policies, and operational processes.
• Owns enterprise interpretation and application of global privacy laws (e.g., GDPR, CCPA/CPRA), establishing company-wide standards and guidance.
• Accountable for core privacy program operations, including DPIAs/PIAs, DSAR processes, data mapping, and records of processing activities, ensuring they are scalable, auditable, and consistently executed.
• Establishes and monitors program KPIs and metrics to measure compliance, maturity, and operational effectiveness; drives remediation where gaps exist.
• Leads integration of privacy-by-design principles into business processes, systems, and product development, ensuring consistent adoption across functions.
• Accountable for the enterprise AI governance framework, including policy development, risk classification models, and required controls.
• Owns the legal review and risk determination framework for AI/ML use cases, including defining approval thresholds and escalation criteria.
• Ensures AI initiatives meet regulatory, ethical, and internal governance standards, providing final legal guidance on high-risk or ambiguous use cases.
• Translates global AI regulatory developments into enforceable internal requirements, ensuring timely adoption across the enterprise.
• Partners cross-functionally but retain accountability for the legal sufficiency and defensibility of AI governance practices.
• Accountable for identifying and assessing enterprise-level legal risks related to data protection, cybersecurity, and AI.
• Owns legal guidance on cross-border data transfers and data governance structures, including approval of compliant transfer mechanisms.
• Serves as the lead legal advisor during data incidents, accountable for legal risk assessment, privilege strategy, and notification obligations.
• Oversees legal support for regulatory inquiries, audits, and investigations, ensuring consistency and defensibility of the company’s position.
• Drives alignment with Information Security and Compliance, while maintaining ownership of legal risk positions and interpretations.
• Accountable for establishing legal standards and required clauses for data protection and AI in commercial agreements.
• Provides final legal approval on complex or high-risk data-related contractual terms, including cross-border arrangements.
• Oversees third-party privacy and AI risk assessment frameworks, ensuring vendors meet company standards.
• Supports strategic initiatives and transactions, retaining accountability for privacy and AI risk positions.
• Acts as the primary legal authority and advisor to senior leadership on privacy, cybersecurity, and AI matters.
• Drives enterprise-wide understanding and adoption of privacy and AI requirements through training, frameworks, and practical tools.
• Influences decision-making at the leadership level, particularly where legal risk and business strategy intersect.
• Ensures alignment across Legal, Compliance, Risk, and business functions, while maintaining clear ownership of legal interpretations and positions.

Benefits

• Health insurance plans (medical, dental, vision)
• Health Savings Account (with an employer-base deposit and match)
• Flexible spending accounts
• Competitive 401(k) with generous employer base deposit and match
• Incentive opportunity
• Life insurance
• Short- and long-term disability insurance
• Paid vacation and holidays
• Employee Assistance Program
• Employee discounts
• PTO Buy/Sell Options
• Tuition reimbursement
• Adoption assistance