Rodeo
ResourcesPartnersSign in

Norton Rose Fulbright

Senior Data Privacy & AI Lawyer / Senior Data Privacy & AI Manager

London
Posted 13 days ago
Sign up to applySee more jobs like this

How your CV stacks up

1Upload CV
2Analyse CV
3Improve CV

Upload your CV to see how well it fits this job role

?%

**Head of Regulatory Risk, General Counsel & Risk – Practice Group/Department |

Position: Head of Regulatory Risk (Privacy & AI Governance)

About Norton Rose Fulbright

Norton Rose Fulbright is a global law firm of over 3,000 lawyers operating across 50+ offices worldwide, providing full-business law services to leading corporations, financial institutions, and corporations in 40+ markets. With over 7,000 employees, our commitment to unity, quality, and integrity fuels a collaborative culture where innovation and cross-border impact shape our future. At this firm, global collaboration and a one-team mindset drive meaningful change.


About the Practice Group/Department

The role sits within the Regulatory Risk team subordinated under General Counsel & Risk, working closely with:

  • Data Protection Officer (DPO)
  • Legal Transformation & Technology Teams
  • GC & Risk team members
  • Regional legal and business services teams

The team delivers a coordinated approach to privacy and AI governance across EMEAPAC (Europe, Middle East, Asia and Pacific).


The Role

Norton Rose Fulbright seeks a senior in-house privacy professional to specialise in regulatory risk, data protection, and AI governance for the EMEAPAC region.

The ideal candidate will support:

  • The Head of Regulatory Risk
  • Data Protection Officer (DPO)
  • Legal Transformation & Technology teams

Core Responsibilities

The individual will:

  • Oversee execution & improvement of the firm’s privacy and AI governance programme in EMEAPAC, with compliance across legal, regulatory, and business requirements.
  • Monitor and interpret global data protection laws and AI regulations, including:
    • Data Protection frameworks (e.g., GDPR compliance, CCPA, APPIA, and emerging AI laws)
    • Responsibility for monitoring EU AI Act impacts
  • Develop, maintain, and embed:
    • Policies, frameworks, and governance standards
    • Privacy By Design principles
    • AI risk management, impact assessments, and assessments
  • Operational responsibility for key processes:
    • Records of Processing Activities (RoPAs)
    • Data Protection Impact Assessments (DPIAs)
    • Data Subject Access Requests (DSARs) and handling
  • Stakeholder advisory role, ensuring business and technical teams receive:
    • Clear, actionable privacy and AI governance guidance
  • Training & awareness initiatives to promote adherence to:
    • Data protection best practices
    • Responsible AI utilisation
  • Incident response & breach management, including:
    • Engagement with regulators in response to investigations or enforcement
  • Contractual oversight around:
    • Negotiating data protection clauses in supplier contracts
    • Overseeing vendor risk assessments
  • Project governance:
    • Embedding privacy and AI principles in systems, processes, and projects
  • Cross-functional collaboration, aligning with:
    • Legal, Risk and Technology teams to ensure coordinated compliance
  • Temporary acting responsibility as required, deputising for:
    • Head of Regulatory Risk
    • Data Protection Officer
  • Strategy-to-execution leadership translating high-level EMEAPAC objectives into operational frameworks
  • Stakeholder liaison:
    • Advise on AI and privacy requirements for clients
    • Negotiate procurement decisions tied to privacy-friendly AI tools

Reasons to use Rodeo

I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?

Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.

Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.

Start with a chat, not a search bar

Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.

P

Graduate Consultant — 2026 Scheme

PwC·London, UK
£35,000/yr

Why you're a good match

Strong

Your economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.

See breakdown
Save jobNot relevant
View details

It searches the market for you

Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.

Why you're a good match

You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.

See breakdown
Strong

Experience fit

Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.

See breakdown
Strong

Only hits

No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.

Key Skills and Experience

Essential Criteria

✔ Legal Background Required:

  • Degree in relevant field required; legal qualification preferred

✔ Privacy Governance & Regulatory Knowledge:

  • Recognised certification in data privacy (e.g., IAPP CIPP/E, IAPP CIPM, or equivalent)
  • 4–7 years’ post-qualification experience in:
    • Global data protection law (multi-jurisdictional applications)
    • Emerging AI regulation (GDPR-AI, new regional bans/restrictions)
  • Familiarity with:
    • DPIAs, RoPAs, DSARs
    • Privacy by Design and default embedment

Get help with your application

Your very own career expert that helps elevate your application to the next level.

Get help applying for this job

✔ Hands-on Operational Expertise:

  • Confident in applying AI governance frameworks in complex environments
  • Experience with AI impact assessments and risis response
  • Skilled in negotiating contracts to include compliance obligations

Desirable/Beneficial

✅ Proven ability to draft and negotiate global contracts with privacy provisions ✅ Experience in complex incident management, including regulatory intervention protocols ✅ Familiarity with internal and client-facing audits ✅ Ability to liaise between executives, technical teams, and business units to foster cultural adoption

Critical Soft Skills

  • Strong analytical thinking for parsing and interpreting evolving laws
  • PRACTICAL COMMUNICATION capacity to translate legal/reügyiary jargon
  • Stakeholder management, proactive collaboration, and adaptability
  • Technical-legal translation ability between privacy law and AI tech teams

Commitment to Diversity, Equity & Inclusion

Norton Rose Fulbright is dedicated to fostering a just, inclusive and ethnically diverse working environment, aligned with its values of growth, inclusion, clarity, stakeholder satisfaction.

Benefits and Flexibility

  • Empowered hybrid work model
    • Modifiable to support both in-office and remote integration
  • Holistic employee wellness support
    • Family and inclusion-related policies
    • Access to health and wellbeing programs

Trusted by 25,000+ job seekers

“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”

Jessica, London

Get help applying for this job

Skills

Data Privacy
AI Governance
Regulatory Compliance
Stakeholder Management
Analytical Skills
Communication Skills
Incident Response
Risk Management
Policy Development
Training Delivery
DPIAs
RoPAs
Data Subject Rights
Legal Frameworks
Collaboration
Adaptability

Location

London, England, United Kingdom

Sign up to applySee more jobs like this