Senior Data Privacy & AI Lawyer / Senior Data Privacy & AI Manager

Norton Rose Fulbright is a global law firm with more than 3,000 lawyers advising clients across locations in the United States, Europe, Canada, Latin America, Asia, Australia, Africa and the Middle East. We provide the world's preeminent corporations and financial institutions with a full business law service.

With over 50 offices and 7,000 employees worldwide, our culture is the thread that connects us, as well as our values of unity, quality and integrity. Our strategy and culture are connected – defined by shared ambition, global collaboration and a one-team mindset. We believe pioneering work happens when people are empowered to think beyond boundaries, explore new opportunities and grow through diverse experiences. Alongside the right skills and experience, we look for people who are innovative, commercially minded, and motivated by the impact of the work they do – ready to share in our ambition and help shape what comes next.

The Team: Part of the Regulatory Risk team within the General Counsel & Risk function, working closely with the Data Protection Officer (DPO) and Legal Transformation and Technology teams, collaborating with GC & Risk colleagues and wider legal and business services teams to deliver a coordinated approach to privacy and AI governance across the firm’s operations in Europe, Middle East, Asia and the Pacific (EMEAPAC).

The Role: We are seeking a senior in‑house privacy professional to work within the Regulatory Risk team of our General Counsel & Risk function. The individual will work with the Head of Regulatory alongside our Data Protection Officer (DPO) to deliver and embed the firm’s data protection compliance frameworks across its EMEAPAC region. In equal measure, the individual will engage with key stakeholders and senior management to drive the firm’s AI strategy across EMEAPAC, while also ensuring development of, and adherence with, the firm’s governance strategy, legal, regulatory and client requirements and risk management processes. The individual will act as a key adviser and operational lead, helping to ensure the firm meets its obligations under applicable data protection and emerging AI regulation in EMEAPAC, by maintaining a consistent compliance framework tailored to local legal requirements.

Key Responsibilities:

• Support the execution and continuous improvement of the privacy and AI governance programme
• Monitor and interpret global data protection and AI regulatory developments (including the EU AI Act)
• Develop and maintain policies, frameworks and governance standards
• Manage core operational processes (e.g. RoPAs, DPIAs, DSARs, etc)
• Embed Privacy by Design and oversee AI risk and impact assessments
• Provide clear, practical advice to business and technical teams
• Deliver training and promote awareness of privacy and responsible AI usage
• Support incident response, breach management and regulatory engagement
• Draft and negotiate data protection terms in supplier contracts and oversee vendor risk assessments
• Collaborate across legal and business services to ensure consistent governance and delivery
• Support and deputise for the Head of Regulatory Risk and the DPO in delivering the firm’s privacy programme
• Acting as subject matter expert on legal and regulatory risks in respect of the firm’s AI governance programme, with a solutions-focused mindset
• Translate strategy into operational execution across EMEAPAC
• Act as a trusted adviser to business and technical stakeholders
• Negotiate with suppliers and liaise with clients in relation to AI and privacy requirements, as required
• Embed privacy and responsible AI principles across projects, systems and processes

Key Skills and Experience:

• Degree required; legal qualification preferred
• Recognised certification in data privacy
• 4–7 years’ experience in privacy/data protection (ideally advising on multi‑jurisdictional issues)
• Strong knowledge of global data protection laws and emerging AI regulation
• Experience delivering privacy programmes
• Hands‑on experience with DPIAs, RoPAs and data subject rights processes
• Confidence in use of AI and familiarity with the development of AI governance, risk assessment and regulatory frameworks
• Experience handling complex and time‑sensitive incidents, client‑facing and internal audits and regulatory enquiries and investigations preferable
• Strong analytical, communication and stakeholder management skills
• Collaborative, proactive and adaptable approach

Diversity, Equity and Inclusion: To attract the best people, we strive to create a diverse and inclusive environment where everyone can bring their whole selves to work, have a sense of belonging, and realize their full career potential. Our new enabled work model allows our people to have more flexibility in the way they choose to work from both the office and a remote location, while continuing to deliver the highest standards of service. We offer a range of family‑friendly and inclusive employment policies and provide access to programmes and services aimed at nurturing our people’s health and overall wellbeing. We are proud to be an equal opportunities employer and encourage applications from individuals who can complement our existing teams. We strive to create an inclusive and accessible recruitment process for all candidates. If you require any tailored adjustments or accommodations, please let us know.