Senior Counsel, Privacy, AI & Data Responsibility

Overview

Mastercard is committed to balancing innovation with individual privacy, embracing privacy and data protection as core to its business strategy. The global team is expanding, and this Senior Counsel, Privacy, AI & Data Responsibility role will focus on supporting Mastercard’s Human Resources function and other related divisions that handle employee data, such as corporate security. This ensures compliance with global privacy and data-related laws.

Reporting to the Senior Managing Counsel, Privacy, AI & Data Responsibility, this position is a key member of both the Global Privacy, AI & Data Responsibility team and the Law Department. The Senior Counsel acts as a strategic advisor to business leaders, driving Privacy by Design principles into employee initiatives and enabling responsible innovation globally. This role demands executive presence and influence, partnering with senior stakeholders to shape Mastercard’s privacy strategy, ensure compliance, and champion industry-leading data responsibility practices. The Senior Counsel must stay abreast of innovative workplace technologies, including data security, threat detection, and employee monitoring.

Key Responsibilities

• Ensure full alignment and compliance with Mastercard’s policies, procedures, and global privacy and data-related laws, particularly those protecting employee personal information and Mastercard’s network security.
• Triage information incidents involving employee data, conducting thorough factual analysis against applicable privacy and data protection laws, regulations, and standards, and recommending resolutions.
• Maintain appropriate documentation for privacy accountability, including GDPR, CCPA, and emerging AI laws impacting the workplace (e.g., EU AI Act); conduct Data Protection Impact Assessments and AI Assessments as required.
• Support processes for handling privacy rights requests from candidates and employees, including access and other rights under relevant laws.
• Draft privacy terms in line with Mastercard’s standards, review contracts, and manage complex negotiations with partners and vendors.
• Anticipate and interpret emerging privacy and AI regulations, providing expert guidance to executive leadership and ensuring Mastercard's leading position in global regulatory compliance, especially in the EU and UK.
• Engage with the organization on privacy and data matters through employee training and awareness initiatives regarding regulatory requirements and Mastercard procedures.
• Lead and implement initiatives focused on efficiency and utilizing AI innovation to manage increasing risks in human resources privacy compliance.

About You

• Law degree required; active Bar membership (if permitted by law). Additional qualifications like a Master of Laws degree or CIPP/E are beneficial.
• Demonstrated EU Privacy experience, ideally advising internal corporate teams on recruitment and employment-related matters.
• Solid knowledge of global privacy laws, frameworks, and standards, including GDPR and CCPA.
• Proven experience advising companies on privacy compliance and data-related issues.
• Superior time management, planning, and organizational skills.
• Strong analytical capabilities and excellent written and oral communication skills.
• Meticulous attention to detail is essential.
• Exceptional interpersonal skills with a proven track record in relationship building and partnership.
• Ability to work effectively in both team and individual settings across global jurisdictions.

Corporate Security Responsibility

Every individual accessing Mastercard assets, information, and networks is responsible for information security and must:

• Adhere to Mastercard’s security policies and practices.
• Ensure the confidentiality and integrity of accessed information.
• Report any suspected information security violation or breach.
• Complete all periodic mandatory security trainings as per Mastercard’s guidelines.

Key skills/competency

• Privacy Law
• Data Protection
• Artificial Intelligence Governance
• GDPR
• CCPA
• Contract Negotiation
• Regulatory Compliance
• Risk Management
• Privacy by Design
• Legal Advisory