Principal Counsel - Privacy, Data, and AI

About The Position

Requirements

• Juris Doctor (J.D.) degree from an ABA-accredited law school
• Active membership in good standing with a state bar
• 8+ years of relevant experience in privacy, data protection, and technology law
• Demonstrated expertise in global privacy regulations (GDPR, CCPA, etc.) and emerging AI regulations
• Strong experience with SaaS technology, data governance, and complex commercial contracts
• Proven track record in building and implementing privacy programs in a corporate environment
• Experience managing technology partner relationships and negotiating partner agreements
• Excellent analytical, problem-solving, and strategic thinking skills
• Superior written and verbal communication skills with ability to translate complex legal concepts for business stakeholders
• Strong project management and organizational skills with ability to manage multiple priorities
• Demonstrated leadership experience and ability to work autonomously in a fast-paced environment

Nice To Haves

• CIPP/E, CIPP/US, CIPM, AIGP or other privacy certifications
• Experience serving as a DPO or Deputy DPO
• Experience in the financial services industry and understanding of financial regulations
• Deep knowledge of AI governance frameworks and emerging AI regulations
• Previous in-house experience at a high-growth technology company
• Experience with M&A transactions and privacy/data due diligence
• Knowledge of security frameworks and standards (SOC 2, ISO 27001)
• Salesforce platform experience
• Experience managing and mentoring legal professionals

Responsibilities

• Support the DPO as official Deputy Data Protection Officer in all privacy, data, and AI-related matters including compliance strategies, governance frameworks, and program documentation
• Manage response efforts for regulatory inquiries, investigations, disputes, litigation, data subject rights processes, and incident response protocols
• Conduct M&A due diligence activities focusing on privacy, data, and AI compliance matters
• Provide legal strategy and oversight for nCino's technology partner ecosystem including integration partners, data providers, reseller agreements, and revenue share partnerships
• Develop standardized legal frameworks and template agreements for various partner types while ensuring compliant data flows and monitoring partner compliance
• Partner with Product Development & Engineering leadership on strategic initiatives, product launches, feature releases, and go-to-market strategies
• Lead privacy-by-design initiatives and conduct privacy impact assessments for new products and features while advising on ethical AI deployment
• Draft and approve product terms of service, privacy statements, policies, and user-facing transparency mechanisms (e.g., Gen AI disclosures, data selling, TCPA)
• Collaborate with Information Security on incident response, data breach management (PICLEs), third-party risk programs, and regulatory compliance initiatives (SOC 2, ISO)
• Draft and negotiate customer Data Processing Agreements (DPAs) and data use terms in customer-facing agreements supporting product, data/AI, and partner initiatives
• Provide proactive and reactive legal support to commercial teams on contractual issues related to product, privacy, data use, and security terms
• Build scalable processes and frameworks while partnering across legal, product, engineering, data science, and technology teams to serve as strategic advisor to business stakeholders