Senior Counsel, Privacy, Cybersecurity, and AI Governance

About The Position

Requirements

• J.D. from an accredited law school and active bar membership.
• 12–15 years of relevant experience in AI, privacy, cybersecurity, and/or technology law (mix of law firm and in-house preferred).
• Demonstrated experience building or scaling AI, privacy and/or cybersecurity programs.
• Strong knowledge of global data protection laws, cybersecurity regulatory frameworks, and emerging AI regulations.
• Experience advising on product counseling in a technology-driven environment.
• Comfort operating in a startup or high-growth environment with ambiguity.
• Strategic thinker with the ability to build programs from inception.
• Practical, solutions-oriented legal advisor with strong business judgment.
• Ability to translate complex regulatory requirements into actionable guidance.
• Strong stakeholder management and cross-functional collaboration skills.
• High degree of adaptability, ownership, and initiative.

Nice To Haves

• Experience in automotive, mobility, IoT, or connected device industries.
• Familiarity with vehicle cybersecurity standards (ISO/SAE 21434, UNECE WP.29).
• Experience with AI/ML governance frameworks and emerging regulation.
• Certifications such as CIPP, CIPM, CISSP, or similar.

Responsibilities

• Help design and implement a comprehensive global data privacy program, including governance structures, policies, and procedures.
• Advise on compliance with applicable laws and regulations (e.g., GDPR, CCPA/CPRA, U.S. state privacy laws, global data transfer regimes).
• Advise on and partner with the Commercial and IT teams to build a best-in-class consumer privacy regime for Scout Motors’ direct-to-consumer business
• Advise on data protection terms in agreements including license, vendor, SaaS, technology, master services, confidentiality and other agreements.
• Draft privacy policies, notices, related disclosures, disclaimers, FAQs and communications to support and enable internal business team compliance.
• Act as the primary legal owner of data privacy obligations arising from connected vehicle operations, including telematics, over-the-air updates, and backend data processing.
• Assist security and R&D teams in establishing mature privacy-by-design and privacy-by-default frameworks integrated into product development lifecycle.
• Support incident response for privacy-related matters, including regulatory engagement.
• Help build and maintain the legal framework supporting a robust cybersecurity management program aligned with industry standards (e.g., ISO/SAE 21434, NIST, UNECE WP.29 regulations).
• Advise engineering and product teams on vehicle cybersecurity requirements, including secure software development, vulnerability management, and over-the-air (OTA) updates.
• Support compliance with automotive regulatory regimes governing cybersecurity and software updates by translating evolving automotive cybersecurity legislation into actionable internal requirements, building the contractual frameworks that protect the organization throughout the supply chain, and helping to manage data privacy obligations across the vehicle and connected services.
• Collaborate with IT, security, and engineering teams on risk assessments, audits, and mitigation strategies.
• Provide legal support for cybersecurity incidents, including investigation, reporting, and remediation obligations.
• Partner with Information Security to design and implement an AI governance program, including policies, vendor and use case reviews and risk assessments, enterprise-wide communications and training, documentation, and audit readiness.
• Advise on compliance with emerging AI regulations (e.g., EU AI Act, U.S. frameworks, global standards) and evolving industry best practices.
• Help establish responsible AI principles, including fairness, explainability, transparency, and accountability.
• Serve as lead and champion for developing internal AI use cases to improve efficiencies within the Legal team.

Benefits

• Competitive insurance including: Medical, dental, vision and income protection plans
• 401(k) program with: An employer match and immediate vesting
• Generous Paid Time Off including: 20 days planned PTO, as accrued
• 40 hours of unplanned PTO and 14 company or floating holidays, annually
• Up to 16 weeks of paid parental leave for biological and adoptive parents of all genders
• Paid leave for circumstances related to bereavement, jury duty, voting time, or military leave