Key skills
AIMLLeadershipRisk ManagementCommunicationNegotiation
About this role
Role Overview
- Drive Oyster’s global privacy program and AI roadmaps and metrics with a focus on business objectives, risk appetite, and trust commitments.
- Serve as counsel for EU data protection regulations, including international transfers (SCCs, TIAs, DPF where applicable), records of processing (ROPA), retention, and data governance.
- Support the company‑wide strategy for AI governance (EU AI Act readiness, model/system classification, risk management, data/records obligations, provider/ deployer duties, transparency and human oversight).
- Partner with leadership on executive‑level and customer‑facing trust narratives; prepare briefings and documentation for team leads, execs, and auditors.
- Advise on new and existing products/workflows (including automation and ML features): run DPIAs/PIAs, AI impact assessments, dataset and data‑minimization reviews, and human‑in‑the‑loop/appeal mechanisms.
- Translate requirements into actionable controls (requirements, checklists, guardrails, redlines) and integrate with issue trackers and engineering workflows.
- Define model/data governance requirements: data sourcing, annotation, retention/deletion, access controls, evaluation, monitoring, and incident/rollback plans.
- Draft/maintain DPAs, SCCs, and AI‑related contractual clauses; negotiate high‑impact privacy and AI terms with customers and vendors.
- Partner with procurement and security teams on third-party due diligence, transfer impact assessments, and ongoing assurance.
- Lead operational processes: ROPA, DSARs, consent/cookie governance, marketing/privacy for growth initiatives, retention schedules, and access controls.
- Co‑lead incident response for privacy/AI‑related events (breach assessment, notification, regulator/stakeholder comms, lessons learned).
Requirements
- Juris Doctorate or equivalent law degree and at least 7 years of experience advising on EU data regulations as a fully licensed practicing attorney.
- Deep expertise in EU data protection regimes; hands‑on leadership of DPIAs, TIAs, ROPAs, retention, DSARs, vendor governance, and incident response.
- Demonstrated experience operationalizing AI governance (e.g. EU AI Act readiness), including system classification, risk management, transparency/UX notices, human oversight, and documentation.
- Proven ability to build and scale playbooks, templates, and processes (privacy and AI) that measurably improve speed, quality, and risk posture.
- Commercial acumen with strong negotiation skills on privacy/AI terms, SCCs, data rights, and risk‑balancing positions.
- Strong attention to detail with clear, effective communication across technical and non-technical teams.
- Demonstrated ability to communicate clearly and effectively in asynchronous environments, effectively using written updates and documentation to collaborate across time zones with distributed teams.
- Able to work independently, exercising sound judgment in a fast-paced environment.
- Comfortable adapting to shifting priorities in high-output settings.
- Collaborative and dependable team contributor with a pragmatic, problem-solving mindset.
Benefits
- Paid time off: Enjoy 40 days off per year (including holidays and vacation), or more if required by your country.
- Mental health support: Access Plumm, our mental well-being service.
- Wellbeing allowance: Each month, receive a wellbeing allowance in your ThanksBen wallet. Spend it on a wide range of options; see the benefits catalogue for ideas.
- Flexible parental leave: All new parents are eligible for at least three months’ paid leave, with job protection for up to 12 months or as required locally.
- WFH stipend: Receive a stipend for your laptop and home office equipment to get you set up quickly.