Head Data Privacy and AI Europe Legal

About The Position

Requirements

• University degree in law; admission to the bar highly preferred.
• Proven working experience on data privacy, including in cybersecurity matters, AI (in particular in relation to the EU AI Act) and ethics in a multi-disciplinary and international setting, as well as significant experience assessing AI systems from a legal and compliance perspective (including risk categorization, audit requirements, transparency obligations, and lifecycle governance).
• Excellent leadership, communication, and analytical skills paired with the ability to manage complex legal issues and provide clear, actionable advice.
• Relevant certifications such as certifications related to AI ethics, compliance, and CIPP/E, CIPM are required.
• Strong ethical standards and integrity.
• Ability to work in a fast-paced, dynamic environment.
• Proficiency in English (written and spoken).

Nice To Haves

• Experience in a multinational company.
• Experience in the healthcare and/or tech sectors is preferred.

Responsibilities

• Policy Development: Support the development, implementation, and maintenance of data privacy and AI policies and procedures to ensure a responsible use of AI, protect personal data in Europe. Track evolving global data privacy and AI laws (e.g., EU AI Act, OECD AI principles, US AI laws, UK DPDI) and translate requirements into actionable guidance.
• Strategic Legal Guidance: Provide and organize expert legal advice and guidance on data privacy and AI use cases to internal stakeholders, including senior management, ERC, IT, and P&O. Manage outside counsel for advice on data privacy and AI legal issues in Europe as needed.
• Risk Management: Support the identification and mitigation of data privacy, AI and cybersecurity risks conducting regular assessments in close collaboration with DPDAI, IT and business teams.
• Training and Awareness: Support the development and delivery of training programs to educate employees on data privacy and AI best practices and legal requirements.
• Incident Response: Lead and support the legal response to, date privacy data breaches and AI-related incidents (including in cybersecurity incidents), ensuring timely and effective resolution.
• Collaboration: Collaborate with cross-functional teams, including ERC, IT, security, P&O, Legal and business to ensure an integrated approach to data privacy and AI. Collaborate to influence policy/legislation, including within trade associations, and update senior management on data privacy and AI legal developments. Represent the company in global regulatory discussions, industry groups, and associations on data privacy and AI matters.
• Reporting: Prepare and present reports on data privacy and AI regulation compliance and incidents to senior management and regulatory authorities.