Privacy Data & AI Counsel

About The Position

Requirements

• J.D. from an ABA-accredited law school and active membership in good standing in at least one U.S. state bar (ability to register as in-house counsel in New York preferred)
• 4–7 years of experience in data privacy, cybersecurity, or AI law, with a combination of law firm and in-house experience preferred
• Deep familiarity with U.S. privacy and data security frameworks (e.g. CCPA/CPRA, CAN-SPAM, TCPA, 23 NYCRR Part 500, and state breach notification statutes) and working knowledge of international regimes (e.g. GDPR, PIPEDA, and LGPD)
• Demonstrated experience advising on AI governance, including AI risk assessments, model governance, and emerging AI regulatory frameworks (EU AI Act, Colorado AI Act, CCPA/CPRA, and other U.S. state and local AI laws)
• Demonstrated experience using AI tools to improve and automate legal work and empower business teams
• Hands-on experience drafting and negotiating DPAs, AI addenda, and other data and security-related provisions commercial agreements
• Proven ability to translate complex legal and regulatory requirements into practical, business-friendly guidance for technical and non-technical stakeholders
• Comfort operating at a fast pace in a high-growth, technology-driven environment, with a bias toward action and creative problem-solving

Nice To Haves

• CIPP/US, CIPP/E, AIGP, CISM, CISSP, or similar AI, privacy, or security certification
• Experience handling subpoenas, regulatory inquiries, and investigations
• Experience in the fintech or financial services industry, particularly with payment processing, banking-as-a-service, or corporate card products
• Familiarity with SOC 2, ISO 27001, PCI-DSS, or other information security compliance frameworks

Responsibilities

• Privacy & AI Governance: Advise on global privacy and AI laws (e.g. CCPA, other state privacy and marketing laws, GDPR, EU AI Act, and PIPEDA) and other international laws and frameworks), including data mapping, data subject requests (DSRs), and privacy impact assessments
• Privacy Compliance Automation: Manage and help automate privacy program work, such as data mapping, data subject requests (DSRs), and privacy impact assessments
• Product Counseling: Partner with Product and Engineering teams to advise on and help ship new features and products
• Incident Management and Business Continuity: Collaborate with Information Security, Engineering, and other stakeholders to support incident management and business continuity work, including improving and maintaining policies and plans, conducting training and tabletop exercises, and helping manage the response and recovery in the event of a security incident or other business continuity event
• Commercial Support: Draft, review, and assist with negotiation of data processing agreements (DPAs), and data, AI, and information security provisions in customer, vendor, and partner contracts
• Regulatory Monitoring: Proactively track and analyze developments in privacy, cybersecurity, AI, and data governance regulation at the federal, state, and international levels, and translate those developments into actionable business advice
• Training: Create and deliver privacy, AI, and information security training to internal stakeholders to build awareness and increase business partner enablement

Benefits

• 100% medical, dental & vision insurance coverage for you
• Partially covered for your dependents
• One Medical annual membership
• 401k (including employer match on contributions made while employed by Ramp)
• Flexible PTO
• Fertility HRA (up to $10,000 per year)
• Parental Leave
• Unlimited AI token usage
• Pet insurance
• Centralized home-office equipment ordering for all employees
• Health and Wellness stipend
• In-office perks: lunch, snacks, drinks, and more
• Budget for intra-office travel
• Relocation support to NYC or SF (as needed)