Senior Data Privacy & AI Lawyer / Senior Data Privacy & AI Manager

Norton Rose Fulbright is a global law firm with more than 3,000 lawyers advising clients across locations in the United States, Europe, Canada, Latin America, Asia, Australia, Africa and the Middle East. We provide the world's preeminent corporations and financial institutions with a full business law service. With over 50 offices and 7,000 employees worldwide, our culture is the thread that connects us, as well as our values of unity, quality and integrity.

The Team: Part of the Regulatory Risk team within the General Counsel & Risk function, working closely with the Data Protection Officer (DPO) and Legal Transformation and Technology teams, collaborating with GC & Risk colleagues and wider legal and business services teams to deliver a coordinated approach to privacy and AI governance across the firm’s operations in Europe, Middle East, Asia and the Pacific (EMEAPAC).

The Role: We are seeking a senior in‑house privacy professional to work within the Regulatory Risk team of our General Counsel & Risk function. The individual will work with the Head of Regulatory alongside our Data Protection Officer (DPO) to deliver and embed the firm’s data protection compliance frameworks across its EMEAPAC region. In equal measure, the individual will engage with key stakeholders and senior management to drive the firm’s AI strategy across EMEAPAC, while also ensuring development of, and adherence with, the firm’s governance strategy, legal, regulatory and client requirements and risk management processes.

Key Responsibilities:

• Support the execution and continuous improvement of the privacy and AI governance programme
• Monitor and interpret global data protection and AI regulatory developments (including the EU AI Act)
• Develop and maintain policies, frameworks and governance standards
• Manage core operational processes (e.g. RoPAs, DPIAs, DSARs, etc)
• Embed Privacy by Design and oversee AI risk and impact assessments
• Provide clear, practical advice to business and technical teams
• Deliver training and promote awareness of privacy and responsible AI usage
• Support incident response, breach management and regulatory engagement
• Draft and negotiate data protection terms in supplier contracts and oversee vendor risk assessments
• Collaborate across legal and business services to ensure consistent governance and delivery
• Support and deputise for the Head of Regulatory Risk and the DPO in delivering the firm’s privacy programme
• Act as subject matter expert on legal and regulatory risks in respect of the firm’s AI governance programme, with a solutions‑focused mindset
• Translate strategy into operational execution across EMEAPAC
• Act as a trusted adviser to business and technical stakeholders
• Negotiate with suppliers and liaise with clients in relation to AI and privacy requirements, as required
• Embed privacy and responsible AI principles across projects, systems and processes

Key Skills and Experience:

• Degree required; legal qualification preferred
• Recognised certification in data privacy
• 4–7 years’ experience in privacy/data protection (ideally advising on multi‑jurisdictional issues)
• Strong knowledge of global data protection laws and emerging AI regulation
• Experience delivering privacy programmes
• Hands‑on experience with DPIAs, RoPAs and data subject rights processes
• Confidence in use of AI and familiarity with the development of AI governance, risk assessment and regulatory frameworks
• Experience handling complex and time sensitive incidents, client‑facing and internal audits and regulatory enquiries and investigations preferable
• Strong analytical, communication and stakeholder management skills
• Collaborative, proactive and adaptable approach

Equal Opportunity Employer: We are proud to be an equal opportunities employer and encourage applications from individuals who can complement our existing teams. We strive to create an inclusive and accessible recruitment process for all candidates. If you require any tailored adjustments or accommodations, please let us know.