Privacy Legal Counsel

The Privacy Legal Counsel will play a critical role in operationalizing the company’s global privacy framework through proactive privacy risk management, privacy-by-design integration, and data governance excellence. This role will focus on conducting privacy risk assessments, ensuring compliance with global cross-border data transfer requirements, and supporting enterprise data governance initiatives through accurate data mapping and transfer impact assessments.

Working closely with product development and IT teams across Asia, and collaborating with senior privacy counsels globally, this specialist will help ensure that privacy standards are consistently applied across business processes, products, and technologies, maintaining the company’s commitment to responsible data handling and global compliance.

Privacy Risk Assessment and Review

Conduct privacy risk assessments and Data Protection Impact Assessments (DPIAs) for new and existing products, platforms, and IT systems.

Evaluate data flows, system designs, and vendor engagements to identify and mitigate privacy risks.

Track remediation actions and maintain records to demonstrate accountability and compliance.

Continuously enhance templates, guidance, and processes for privacy assessments.

Privacy by Design Coordination

Collaborate with product and IT engineering teams across Asia to embed privacy by design and by default principles in product development and IT lifecycle management.

Provide practical guidance on data minimization, consent, retention, and access control.

Participate in design and architecture reviews to identify potential privacy impacts early.

Cross-Border Data Transfer Compliance

Support the assessment and documentation of cross-border data transfers to ensure compliance with global data protection requirements (e.g., GDPR, LGPD China PIPL).

Work with IT, legal, and business teams to map international data flows and implement appropriate safeguards.

Assist in maintaining global records of transfer mechanisms and update them in response to evolving regulations.

Global Privacy Program Support

Assist senior privacy counsels in implementing global privacy standards, frameworks, and operational processes.

Ensure regional practices align with the global privacy program and support harmonized execution.

Contribute to global projects, audits, and metrics reporting to drive continuous improvement.

Stakeholder Collaboration and Enablement

Act as a key liaison between Legal, IT, Product, and Security teams to operationalize privacy controls.

Deliver privacy training and awareness programs for product, engineering, and business teams.

Support internal reporting on privacy risk trends, assessment outcomes, and mitigation efforts.

Required:

Bachelor’s degree in Law or Computer Science, or a related field.

Minimum 5 years of experience in privacy operations, data protection, or compliance, preferably in a technology or IT-driven organization.

Demonstrated experience in conducting privacy impact assessments (PIAs/DPIAs) and advising on privacy by design.

Working knowledge of cross-border data transfer frameworks (e.g., SCCs, BCRs, CBPR, PIPL requirements).

Experience supporting data governance activities such as data mapping and record of processing maintenance.

Strong understanding of major global privacy laws (GDPR, CCPA/CPRA, and key Asian data protection laws).

Excellent communication and collaboration skills across technical and non-technical teams.

Preferred:

Professional privacy certification such as CIPP/E, CIPP/A, CIPM, or equivalent.

Familiarity with IT systems, data architecture, or enterprise data management tools.

Experience working within a multinational organization or global privacy program.

Fluent Mandarin is a plus.

Analytical and detail-oriented with strong risk evaluation and documentation skills.

Technically conversant and comfortable engaging with IT and engineering teams.

Strong knowledge of international data transfer and governance requirements.

Excellent cross-cultural communication and stakeholder management abilities.

Organized, proactive, and capable of managing multiple concurrent assessments.

Committed to promoting privacy accountability, transparency, and ethical data use.