Norton Rose Fulbright
Senior Data Privacy & AI Lawyer / Senior Data Privacy & AI Manager

How your CV stacks up
Upload your CV to see how well it fits this job role
?%
**Head of Regulatory Risk, General Counsel & Risk – Practice Group/Department |
Position: Head of Regulatory Risk (Privacy & AI Governance)
About Norton Rose Fulbright
Norton Rose Fulbright is a global law firm of over 3,000 lawyers operating across 50+ offices worldwide, providing full-business law services to leading corporations, financial institutions, and corporations in 40+ markets. With over 7,000 employees, our commitment to unity, quality, and integrity fuels a collaborative culture where innovation and cross-border impact shape our future. At this firm, global collaboration and a one-team mindset drive meaningful change.
About the Practice Group/Department
The role sits within the Regulatory Risk team subordinated under General Counsel & Risk, working closely with:
- Data Protection Officer (DPO)
- Legal Transformation & Technology Teams
- GC & Risk team members
- Regional legal and business services teams
The team delivers a coordinated approach to privacy and AI governance across EMEAPAC (Europe, Middle East, Asia and Pacific).
The Role
Norton Rose Fulbright seeks a senior in-house privacy professional to specialise in regulatory risk, data protection, and AI governance for the EMEAPAC region.
The ideal candidate will support:
- The Head of Regulatory Risk
- Data Protection Officer (DPO)
- Legal Transformation & Technology teams
Core Responsibilities
The individual will:
- Oversee execution & improvement of the firm’s privacy and AI governance programme in EMEAPAC, with compliance across legal, regulatory, and business requirements.
- Monitor and interpret global data protection laws and AI regulations, including:
- Data Protection frameworks (e.g., GDPR compliance, CCPA, APPIA, and emerging AI laws)
- Responsibility for monitoring EU AI Act impacts
- Develop, maintain, and embed:
- Policies, frameworks, and governance standards
- Privacy By Design principles
- AI risk management, impact assessments, and assessments
- Operational responsibility for key processes:
- Records of Processing Activities (RoPAs)
- Data Protection Impact Assessments (DPIAs)
- Data Subject Access Requests (DSARs) and handling
- Stakeholder advisory role, ensuring business and technical teams receive:
- Clear, actionable privacy and AI governance guidance
- Training & awareness initiatives to promote adherence to:
- Data protection best practices
- Responsible AI utilisation
- Incident response & breach management, including:
- Engagement with regulators in response to investigations or enforcement
- Contractual oversight around:
- Negotiating data protection clauses in supplier contracts
- Overseeing vendor risk assessments
- Project governance:
- Embedding privacy and AI principles in systems, processes, and projects
- Cross-functional collaboration, aligning with:
- Legal, Risk and Technology teams to ensure coordinated compliance
- Temporary acting responsibility as required, deputising for:
- Head of Regulatory Risk
- Data Protection Officer
- Strategy-to-execution leadership translating high-level EMEAPAC objectives into operational frameworks
- Stakeholder liaison:
- Advise on AI and privacy requirements for clients
- Negotiate procurement decisions tied to privacy-friendly AI tools
Reasons to use Rodeo
I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?
Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.
Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.
Start with a chat, not a search bar
Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.
Graduate Consultant — 2026 Scheme
Why you're a good match
StrongYour economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.
See breakdownIt searches the market for you
Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.
Why you're a good match
You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.
Experience fit
Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.
Only hits
No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.
Key Skills and Experience
Essential Criteria
✔ Legal Background Required:
- Degree in relevant field required; legal qualification preferred
✔ Privacy Governance & Regulatory Knowledge:
- Recognised certification in data privacy (e.g., IAPP CIPP/E, IAPP CIPM, or equivalent)
- 4–7 years’ post-qualification experience in:
- Global data protection law (multi-jurisdictional applications)
- Emerging AI regulation (GDPR-AI, new regional bans/restrictions)
- Familiarity with:
- DPIAs, RoPAs, DSARs
- Privacy by Design and default embedment


Get help with your application
Your very own career expert that helps elevate your application to the next level.
✔ Hands-on Operational Expertise:
- Confident in applying AI governance frameworks in complex environments
- Experience with AI impact assessments and risis response
- Skilled in negotiating contracts to include compliance obligations
Desirable/Beneficial
✅ Proven ability to draft and negotiate global contracts with privacy provisions ✅ Experience in complex incident management, including regulatory intervention protocols ✅ Familiarity with internal and client-facing audits ✅ Ability to liaise between executives, technical teams, and business units to foster cultural adoption
Critical Soft Skills
- Strong analytical thinking for parsing and interpreting evolving laws
- PRACTICAL COMMUNICATION capacity to translate legal/reügyiary jargon
- Stakeholder management, proactive collaboration, and adaptability
- Technical-legal translation ability between privacy law and AI tech teams
Commitment to Diversity, Equity & Inclusion
Norton Rose Fulbright is dedicated to fostering a just, inclusive and ethnically diverse working environment, aligned with its values of growth, inclusion, clarity, stakeholder satisfaction.
Benefits and Flexibility
- Empowered hybrid work model
- Modifiable to support both in-office and remote integration
- Holistic employee wellness support
- Family and inclusion-related policies
- Access to health and wellbeing programs
“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”
Jessica, London
Skills
Location