Key skills
AICommunicationDecision MakingProblem SolvingSales
About this role
Role Overview
- Apply an ***AI-First ***approach by using AI tools responsibly to improve research quality, drafting efficiency, and privacy assessment workflows.
- Demonstrate Change Agility by adapting quickly to evolving global privacy and AI regulations, adjusting guidance as new risks, tools, or requirements emerge.
- Use ***First Principles Problem Solving ***to simplify complex privacy questions, clarify assumptions, and provide clear, structured recommendations.
- Leverage ***Data-Driven Decision Making ***during DPIAs,and related assessments by grounding evaluations in evidence, criteria, and regulatory expectations.
- Support the current Privacy function with global privacy assessments, including DPIAs, AI DPIAs, TIAs, LIAs, and other structured risk reviews.
- Review new and existing product features, AI capabilities, and data practices as part of privacy-by-design, identifying risks and opportunities early in development.
- Draft, review, and negotiate data processing agreements (DPAs), privacy terms, and commercial contracts to support global sales and procurement.
- Maintain and update privacy contractual documentation and internal templates and policies.
- Create and deliver internal training on privacy and AI governance.
- As part of the Privacy function, support internal and external privacy audits, coordinate with external advisors, and ensure alignment across business functions on assessment findings and remediation.
- Monitor evolving privacy laws, case law, AI governance frameworks, and regulatory trends, sharing key insights with stakeholders to maintain compliance and anticipate future requirements.
Requirements
- Qualified lawyer (UK or EU) with GDPR experience PQE 5+ years (mix of in-house or private practice experience). Years matter less to us than impact. If you have relevant specialist experience, apply even if you don’t quite hit the 5+ years.
- Strong knowledge of EU/UK GDPR and familiarity with global privacy laws (US, Middle East, Asia).
- Experience drafting and negotiating data processing agreements and handling privacy-related issues in a global business context.
- Proven ability to manage data breaches, regulatory notifications and privacy audits.
- Excellent communication skills with the ability to simplify complex legal concepts for non-legal audiences.
- Strong understanding of AI technologies, their ethical implications, and related legal frameworks.
- Excellent analytical, problem-solving, and decision-making skills with the ability to provide practical and strategic legal advice.
- Experience in using privacy management systems such as OneTrust is required.
- Ability to manage multiple priorities and work collaboratively across diverse teams.
- Comfortable working independently in a fast-paced, global environment
Benefits
- Health (medical, vision, dental), life, and disability insurance*
- Equity stock options
- Retirement plans
- Paid public holidays and unlimited PTO
- Paid maternity and parental leave
- Leaves of absence (including caregiver leave and leave under CO's Healthy Families and Workplaces Act)
- Employee Assistance Program *Eligibility may differ by country