Head Data Privacy and AI Europe Legal

Job Description Summary

#LI-Hybrid
Location: London, UK or Barcelona, Spain
We’re looking for a visionary legal leader to join us as Head Data Privacy and AI Europe Legal, where you’ll shape the future of data privacy (including data privacy in cybersecurity incidents) and Artificial intelligence (AI), across Europe. This role involves providing and organizing legal advice to support compliance with data privacy regulations (including EU AI Act, FTC, HIPAAA and state AI regulations, GDPR, CCPA, and other relevant legislation), to support the development and implementation of data privacy and AI policies and procedures in Europe and providing legal guidance in these areas.

 

Job Description

Key Responsibilities:

• Policy Development: Support the development, implementation, and maintenance of data privacy and AI policies and procedures to ensure a responsible use of AI, protect personal data in Europe. Track evolving global data privacy and AI laws (e.g., EU AI Act, OECD AI principles, US AI laws, UK DPDI) and translate requirements into actionable guidance.
• Strategic Legal Guidance: Provide and organize expert legal advice and guidance on data privacy and AI use cases to internal stakeholders, including senior management, ERC, IT, and P&O. Manage outside counsel for advice on data privacy and AI legal issues in Europe as needed.
• Risk Management: Support the identification and mitigation of data privacy, AI and cybersecurity risks conducting regular assessments in close collaboration with DPDAI, IT and business teams.
• Training and Awareness: Support the development and delivery of training programs to educate employees on data privacy and AI best practices and legal requirements.
• Incident Response: Lead and support the legal response to, date privacy data breaches and AI-related incidents (including in cybersecurity incidents), ensuring timely and effective resolution.
• Collaboration: Collaborate with cross-functional teams, including ERC, IT, security, P&O, Legal and business to ensure an integrated approach to data privacy and AI. Collaborate to influence policy/legislation, including within trade associations, and update senior management on data privacy and AI legal developments. Represent the company in global regulatory discussions, industry groups, and associations on data privacy and AI matters.
• Reporting: Prepare and present reports on data privacy and AI regulation compliance and incidents to senior management and regulatory authorities.

Essential Requirements:

• University degree in law; admission to the bar highly preferred.
• Proven working experience on data privacy, including in cybersecurity matters, AI (in particular in relation to the EU AI Act) and ethics in a multi-disciplinary and international setting, as well as significant experience assessing AI systems from a legal and compliance perspective (including risk categorization, audit requirements, transparency obligations, and lifecycle governance).
• Excellent leadership, communication, and analytical skills paired with the ability to manage complex legal issues and provide clear, actionable advice.
• Relevant certifications such as certifications related to AI ethics, compliance, and CIPP/E, CIPM are required.
• Strong ethical standards and integrity.
• Ability to work in a fast-paced, dynamic environment.
• Proficiency in English (written and spoken).

Desirable Requirements:

• Experience in a multinational company. Experience in the healthcare and/or tech sectors is preferred.

Commitment to Diversity and Inclusion:

Novartis is committed to building an outstanding, inclusive work environment and diverse teams representative of the patients and communities we serve.

 

Skills Desired