Senior Data Privacy & AI Lawyer / Senior Data Privacy & AI Manager in London

Practice Group / Department: Head of Regulatory Risk, General Counsel & Risk Team

The Regulatory Risk team within the General Counsel & Risk function works closely with the Data Protection Officer (DPO) and Legal Transformation and Technology teams to deliver a coordinated approach to privacy and AI governance across the firm's operations in Europe, Middle East, Asia and the Pacific (EMEAPAC).

Role Overview

We are seeking a senior in‑house privacy professional to work within the Regulatory Risk team of our General Counsel & Risk function. The individual will work with the Head of Regulatory alongside our DPO to deliver and embed the firm’s data protection compliance frameworks across its EMEAPAC region. Additionally, the individual will engage with key stakeholders and senior management to drive the firm’s AI strategy across EMEAPAC, while ensuring development of and adherence to the firm’s governance strategy, legal, regulatory and client requirements and risk management processes.

Key Responsibilities

• Support the execution and continuous improvement of the privacy and AI governance programme.
• Monitor and interpret global data protection and AI regulatory developments (including the EU AI Act).
• Develop and maintain policies, frameworks and governance standards.
• Manage core operational processes (e.g. RoPAs, DPIAs, DSARs, etc.).
• Embed Privacy by Design and oversee AI risk and impact assessments.
• Provide clear, practical advice to business and technical teams.
• Deliver training and promote awareness of privacy and responsible AI usage.
• Support incident response, breach management and regulatory engagement.
• Draft and negotiate data protection terms in supplier contracts and oversee vendor risk assessments.
• Collaborate across legal and business services to ensure consistent governance and delivery.
• Support and deputise for the Head of Regulatory Risk and the DPO in delivering the firm’s privacy programme.
• Act as a subject‑matter expert on legal and regulatory risks in respect of the firm’s AI governance programme, with a solutions‑focused mindset.
• Translate strategy into operational execution across EMEAPAC.
• Act as a trusted adviser to business and technical stakeholders.
• Negotiate with suppliers and liaise with clients in relation to AI and privacy requirements, as required.
• Embed privacy and responsible AI principles across projects, systems and processes.

Key Skills and Experience

• Degree required; legal qualification preferred.
• Recognised certification in data privacy.
• 4–7 years’ experience in privacy/data protection (ideally advising on multi‑jurisdictional issues).
• Strong knowledge of global data protection laws and emerging AI regulation.
• Experience delivering privacy programmes.
• Hands‑on experience with DPIAs, RoPAs and data subject rights processes.
• Confidence in use of AI and familiarity with the development of AI governance, risk assessment and regulatory frameworks.
• Experience handling complex and time‑sensitive incidents, client‑facing and internal audits and regulatory enquiries and investigations preferred.
• Strong analytical, communication and stakeholder management skills.
• Collaborative, proactive and adaptable approach.

Equal Opportunity

We are proud to be an equal opportunities employer and encourage applications from individuals who can complement our existing teams. We strive to create an inclusive and accessible recruitment process for all candidates. If you require any tailored adjustments or accommodations, please let us know here.