Senior in-house role within a regulatory risk team, reporting into the General Counsel & Risk function. You will work closely with the Data Protection Officer, Head of Regulatory and Legal Transformation & Technology colleagues to embed and operate a consistent privacy and AI governance framework across the firm’s EMEAPAC region.

The role combines hands-on delivery (DPIAs, RoPAs, DSARs, incident response, vendor reviews) with policy and framework development, regulatory monitoring (including emerging AI law) and stakeholder engagement. You will translate strategy into operational execution, provide pragmatic legal advice to business and technical teams, and support regional implementation of responsible AI governance.

Qualified lawyer preferred; degree required
Recognised data privacy certification
4–7 years' experience in privacy/data protection, ideally with multi‑jurisdictional exposure
Practical experience with DPIAs, RoPAs, DSARs and vendor privacy reviews
Strong knowledge of global data protection laws and emerging AI regulation; experience developing AI governance or risk assessment frameworks
Proven stakeholder management, communication and incident/response experience

Apply for this role

Confidential. We never contact your current employer.