Legal Counsel - Data Privacy, InfoSec & AI Regulation

K2 Partnering Solutions is a global provider of unique end-to-end consultative solutions in the enterprise applications, AI, and cloud space.

Please be aware this job might be located in Madrid (ES), London (UK) or Milan (Italy) - hybrid or full remote opportunity

We are seeking a Legal Counsel with deep expertise in data privacy, cybersecurity, and the emerging field of AI governance to join our global legal team. This role will support cross-functional efforts to ensure legal and regulatory compliance across global privacy frameworks, information security standards, and responsible AI use. The ideal candidate will play a critical role in advising on privacy‑by‑design, negotiating key data agreements, managing risk assessments, and shaping policy and governance standards within a fast‑paced, technology‑driven environment.

• Advise on global data privacy and cybersecurity compliance frameworks, including: GDPR, UK DPA 2018, CCPA/CPRA, LGPD, and other international privacy regulations.
• Provide guidance on information security certifications and frameworks such as ISO/IEC 27001, SOC 2, and NIST CSF.
• Monitor and advise on AI governance standards, including the EU AI Act and ISO/IEC 42001 (AI Management System Standard).
• Collaborate cross‑functionally with InfoSec, product, legal, and engineering teams to ensure legal compliance, risk mitigation, and privacy‑by‑design in systems and operations.
• Draft and negotiate key data and privacy‑related agreements, including Data Protection Agreements (DPAs), Standard Contractual Clauses (SCCs), and data processing or sharing terms.
• Advise on Data Protection Impact Assessments (DPIAs), Legitimate Interest Assessments (LIAs), and AI impact assessments, aligning with regulatory and ethical standards.
• Support privacy and security audits, assist in certification processes (e.g., ISO 27001, SOC 2), and manage regulatory inquiries related to data protection, cybersecurity, or AI.
• Develop and maintain internal policies and training materials on data privacy, cybersecurity best practices, and responsible AI use.
• Respond to and coordinate the completion of client security and privacy questionnaires, ensuring accurate representation of compliance posture and certifications.

• Law degree with a specialization or demonstrated experience in data privacy, cybersecurity law, or technology law.
• 5+ years of relevant legal experience, ideally in a multinational company or top‑tier law firm.
• Strong understanding of major global privacy regulations, including GDPR, UK DPA 2018, CCPA/CPRA, LGPD, and other key international frameworks.
• Knowledge of information security standards and certifications (e.g., ISO/IEC 27001, SOC 2, NIST CSF).
• Familiarity with AI‑related regulatory frameworks, such as the EU AI Act and ISO/IEC 42001, and understanding of responsible AI principles.
• Proven ability to draft and negotiate complex data protection agreements (DPAs), Standard Contractual Clauses (SCCs), and data processing or sharing terms.
• Experience conducting or advising on Data Protection Impact Assessments (DPIAs), Legitimate Interest Assessments (LIAs), and AI impact assessments.
• Comfortable collaborating with cross‑functional teams, including InfoSec, Engineering, Product, and Compliance, to implement privacy and security best practices.
• Excellent legal research, analytical, and communication skills, with the ability to simplify complex issues for diverse stakeholders.
• Fluent in English; other language skills are a plus.
• Recognized privacy certifications such as CIPP/E, CIPM, or CIPT are an asset.

#LI-Hybrid

This job description is not designed to contain a comprehensive listing of activities, duties, or responsibilities that are required. Nothing in this job description restricts management's right to assign or reassign duties and responsibilities at any time.

K2 Partnering Solutions is an equal employment opportunity/affirmative action employer. We do not discriminate on the basis of an individual’s actual or perceived race, color, creed, religion, national origin, ancestry, citizenship status, age, sex or gender (including pregnancy, childbirth and pregnancy‑related conditions), gender identity or expression (including transgender status), sexual orientation, marital status, military service and veteran status, physical or mental disability, genetic information, or any other characteristic protected by applicable federal, state, or local laws. Our team is dedicated to this policy with respect to all terms and conditions of employment, including recruitment, hiring, placement, promotion, transfer, training, compensation, benefits, employee activities, access to facilities and programs, and general treatment during employment.