Serve as lead data and privacy counsel for the US and Americas region, providing risk‑based, business‑oriented advice on US, Canada, and South American, data protection, AI and cybersecurity issues (including cross‑border access and national‑security‑adjacent topics), grounded in global data protection regulation and frameworks.
Spearhead AI governance development and implementation globally, providing guidance on relevant global and US AI frameworks and executing a fit-for-purpose AI governance approach at Airwallex, including developing and implementing AI policies, procedures, privacy-related AI mitigations, and accountability frameworks.
Develop and help execute privacy and data protection compliance programs for the Americas, specifically focused on compliance with US federal and state consumer financial privacy frameworks (GLBA, FCRA, CalFIPA) compliance, Executive Order 14117, and comprehensive state privacy compliance.
Partner closely with Product, Engineering, Information Security, Regulatory Legal, Regulatory Compliance, Commercial Legal and Risk to embed privacy‑ and security‑by‑design in product development, technical architecture, UX, and go‑to‑market, including by spearheading DPIAs/PIAs, AI risk assessments, and other privacy impact assessments.
Draft, review, and negotiate complex data protection and data‑sharing terms (including DPAs, cross‑border transfer terms, and AI‑related clauses) with customers, vendors, financial partners, and other third parties, acting as an escalation point for high‑risk matters.
Coordinate and oversee international data flows touching the Americas, ensuring appropriate transfer tools and governance (e.g. SCCs or equivalent), and supporting initiatives on data localisation, storage, and access controls.
Co‑lead the privacy and data‑protection workstream for security and data incidents related to the Americas with Information Security and other stakeholders, including triage, investigation, regulatory and customer notifications, remediation, and lessons learned.
Advise on high‑risk or novel processing activities (e.g. new AI use cases, advanced analytics, innovative platform and embedded‑finance data models), helping structure appropriate safeguards, governance, and documentation.
Support interactions with US and Americas regulators and policymakers on privacy, cybersecurity, data‑access and related topics, in close coordination with Regulatory Legal and Regulatory Compliance.
Help build and refine tools and processes for privacy workflows (e.g., intake, assessment, DPIA/PIA/DPIA for AI, ROPA, DSRs), including the use of specialist tooling, metrics, and dashboards to track and evidence compliance.
Contribute to training and enablement for Product, Engineering, Sales, Operations and other teams on privacy, data, AI and cybersecurity topics, using playbooks, guidance and office‑hours to make it easy to “do the right thing by default.”

Requirements

U.S. legal qualification (or foreign equivalent) and active license to practice in at least one US jurisdiction.
8 years of experience in an in‑house legal department and/or in private practice advising on technology, data and privacy issues related to technical platforms and products.
Strong knowledge of US federal and state privacy and data‑security laws (such as CCPA/CPRA and GLBA/Reg P) and how they intersect with payments and broader financial‑services regulation, plus working knowledge of GDPR and Canadian/South American privacy requirements (such as LGPD).
Experience providing guidance on US related privacy adtech requirements and technologies, including varying consent frameworks under US state privacy laws, and operationalizing consent management requirements.
Demonstrated experience partnering with technical teams (Product, Engineering, Information Security) to translate legal and regulatory requirements into practical technical designs, controls, and processes.
Demonstrated experience advising on emerging US and global AI legal requirements and AI‑governance best practices, and experience advising on AI/ML tools, vendors, or products from a privacy and data‑protection perspective.
Experience providing data and privacy legal support during security or privacy incidents, including incident assessment, notification analysis, and remediation planning.
Excellent written and verbal communication skills, with the ability to explain complex legal concepts to non‑lawyers and senior executives, and to drive clear decisions in ambiguous, time‑sensitive situations.
High degree of ownership, resilience, and pragmatism; comfortable working in a fast‑paced, high‑growth fintech environment and managing multiple complex matters in parallel.

Benefits

medical, dental, and vision insurance
401(k) plan
short-term and long-term disability
basic life insurance
well-being benefits
20 paid days of vacation
12 paid days of company holidays

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

data protectionprivacy complianceAI governancecybersecuritydata localizationincident assessmentconsent managementdata-sharing agreementsprivacy impact assessmentsemerging AI legal requirements

Soft Skills

communication skillsownershipresiliencepragmatismcollaborationproblem-solvingdecision-makingadaptabilityleadershiptraining and enablement

Certifications

U.S. legal qualificationactive license to practice