Legal Counsel - Data Privacy, InfoSec & AI Regulation

Join K2 Partnering Solutions as a Legal Counsel with deep expertise in data privacy, cybersecurity, and AI governance. This role supports cross‑functional efforts to ensure compliance across global privacy frameworks, information security standards, and responsible AI use.

Location: Madrid (ES), London (UK), Milan (IT) – hybrid or full remote opportunities available.

Key Responsibilities

• Advise on global data privacy and cybersecurity compliance frameworks, including GDPR, UK DPA 2018, CCPA/CPRA, LGPD, and other international privacy regulations.
• Provide guidance on information security certifications and frameworks such as ISO/IEC 27001, SOC 2, and NIST CSF.
• Monitor and advise on AI governance standards, including the EU AI Act and ISO/IEC 42001 (AI Management System Standard).
• Collaborate cross‑functionally with InfoSec, product, legal, and engineering teams to ensure legal compliance, risk mitigation, and privacy‑by‑design in systems and operations.
• Draft and negotiate key data and privacy‑related agreements, including DPAs, SCCs, and data processing or sharing terms.
• Advise on DPIAs, LIAs, and AI impact assessments, aligning with regulatory and ethical standards.
• Support privacy and security audits, assist in certification processes (e.g., ISO 27001, SOC 2), and manage regulatory inquiries related to data protection, cybersecurity, or AI.
• Develop and maintain internal policies and training materials on data privacy, cybersecurity best practices, and responsible AI use.
• Respond to and coordinate the completion of client security and privacy questionnaires, ensuring accurate compliance posture and certifications.

Requirements

• Law degree with specialization or demonstrated experience in data privacy, cybersecurity law, or technology law.
• 5+ years of relevant legal experience, ideally in a multinational company or top‑tier law firm.
• Strong understanding of major global privacy regulations, including GDPR, UK DPA 2018, CCPA/CPRA, LGPD, and other international frameworks.
• Knowledge of information security standards and certifications (e.g., ISO/IEC 27001, SOC 2, NIST CSF).
• Familiarity with AI regulatory frameworks, such as the EU AI Act and ISO/IEC 42001, and understanding of responsible AI principles.
• Proven ability to draft and negotiate complex data protection agreements, DPAs, SCCs, and data processing or sharing terms.
• Experience conducting or advising on DPIAs, LIAs, and AI impact assessments.
• Comfortable collaborating with cross‑functional teams, including InfoSec, Engineering, Product, and Compliance.
• Excellent legal research, analytical, and communication skills, with aptitude to simplify complex issues for diverse stakeholders.
• Fluent in English; other language skills are a plus.
• Recognized privacy certifications such as CIPP/E, CIPM, or CIPT are an asset.

K2 Partnering Solutions is an equal employment opportunity/affirmative action employer. We do not discriminate on the basis of an individual’s actual or perceived race, color, creed, religion, national origin, ancestry, citizenship status, age, sex or gender (including pregnancy, childbirth and pregnancy‑related conditions), gender identity or expression (including transgender status), sexual orientation, marital status, military service and veteran status, physical or mental disability, genetic information, or any other characteristic protected by applicable federal, state, or local laws. Our team is dedicated to this policy with respect to all terms and conditions of employment, including recruitment, hiring, placement, promotion, transfer, training, compensation, benefits, employee activities, access to facilities and programs, and general treatment during employment.