Head Data Privacy and AI Europe Legal
Novartis · Barcelona, Catalonia, Spain
This listing has closed — view similar roles below.
- On site
- Full-time
- $200,000 / year
- Barcelona, Catalonia, Spain
Job highlights
- Lead European data privacy and AI legal strategy.
- Develop and implement AI and data privacy policies.
- Provide expert legal guidance on AI and privacy.
- Manage data privacy and AI risks and incidents.
- Collaborate globally on data privacy and AI matters.
About the role
Head Data Privacy and AI Europe Legal
We’re looking for a visionary legal leader to join us as Head Data Privacy and AI Europe Legal, where you’ll shape the future of data privacy (including data privacy in cybersecurity incidents) and Artificial intelligence (AI), across Europe. This role involves providing and organizing legal advice to support compliance with data privacy regulations (including EU AI Act, FTC, HIPAAA and state AI regulations, GDPR, CCPA, and other relevant legislation), to support the development and implementation of data privacy and AI policies and procedures in Europe and providing legal guidance in these areas.
About The Role
Key Responsibilities:
- Policy Development: Support the development, implementation, and maintenance of data privacy and AI policies and procedures to ensure a responsible use of AI, protect personal data in Europe. Track evolving global data privacy and AI laws (e.g., EU AI Act, OECD AI principles, US AI laws, UK DPDI) and translate requirements into actionable guidance.
- Strategic Legal Guidance: Provide and organize expert legal advice and guidance on data privacy and AI use cases to internal stakeholders, including senior management, ERC, IT, and P&O. Manage outside counsel for advice on data privacy and AI legal issues in Europe as needed.
- Risk Management: Support the identification and mitigation of data privacy, AI and cybersecurity risks conducting regular assessments in close collaboration with DPDAI, IT and business teams.
- Training and Awareness: Support the development and delivery of training programs to educate employees on data privacy and AI best practices and legal requirements.
- Incident Response: Lead and support the legal response to data privacy data breaches and AI-related incidents (including in cybersecurity incidents), ensuring timely and effective resolution.
- Collaboration: Collaborate with cross-functional teams, including ERC, IT, security, P&O, Legal and business to ensure an integrated approach to data privacy and AI. Collaborate to influence policy/legislation, including within trade associations, and update senior management on data privacy and AI legal developments. Represent the company in global regulatory discussions, industry groups, and associations on data privacy and AI matters.
- Reporting: Prepare and present reports on data privacy and AI regulation compliance and incidents to senior management and regulatory authorities.
Essential Requirements
- University degree in law; admission to the bar highly preferred.
- Proven working experience on data privacy, including in cybersecurity matters, AI (in particular in relation to the EU AI Act) and ethics in a multi-disciplinary and international setting, as well as significant experience assessing AI systems from a legal and compliance perspective (including risk categorization, audit requirements, transparency obligations, and lifecycle governance).
- Excellent leadership, communication, and analytical skills paired with the ability to manage complex legal issues and provide clear, actionable advice.
- Relevant certifications such as certifications related to AI ethics, compliance, and CIPP/E, CIPM are required.
- Strong ethical standards and integrity.
- Ability to work in a fast-paced, dynamic environment.
- Proficiency in English (written and spoken).
Desirable Requirements
- Experience in a multinational company.
- Experience in the healthcare and/or tech sectors is preferred.
Commitment To Diversity And Inclusion
Novartis is committed to building an outstanding, inclusive work environment and diverse teams representative of the patients and communities we serve.
Why Novartis:
Helping people with disease and their families takes more than innovative science. It takes a community of smart, passionate people like you. Collaborating, supporting and inspiring each other. Combining to achieve breakthroughs that change patients’ lives. Ready to create a brighter future together? https://www.novartis.com/about/strategy/people-and-culture
Benefits and Rewards: Learn about all the ways we’ll help you thrive personally and professionally.
Read our handbook (PDF 30 MB)
Key skills/competency
- Data Privacy Law
- AI Ethics and Compliance
- EU AI Act
- GDPR
- Cybersecurity Incident Response
- Legal Policy Development
- Risk Management
- Cross-functional Collaboration
- Regulatory Affairs
- Legal Leadership
Skills & topics
- Head Data Privacy
- AI Legal Counsel
- Europe Legal
- GDPR
- EU AI Act
- Data Privacy
- Artificial Intelligence
- Legal Leadership
- Compliance
- Cybersecurity Law
How to get hired
- Tailor your resume: Highlight data privacy, AI legal experience, and specific regulations like the EU AI Act.
- Showcase leadership skills: Emphasize your ability to manage complex legal issues and provide actionable advice.
- Prepare for technical questions: Be ready to discuss AI legal assessments, risk categorization, and lifecycle governance.
- Demonstrate compliance expertise: Highlight any relevant certifications (CIPP/E, CIPM, AI ethics) and understanding of GDPR, CCPA.
- Express global collaboration interest: Mention experience working in multinational settings and influencing policy.
Technical preparation
Master EU AI Act, GDPR, CCPA, HIPAAA.,Assess AI legal compliance, risk categorization.,Understand AI lifecycle governance, transparency.,Prepare for incident response scenarios.
Behavioral questions
Describe leading cross-functional policy development.,How do you manage complex international legal issues?,Share an experience mitigating privacy and AI risks.,How do you influence regulatory discussions?
Frequently asked questions
- What are the primary legal challenges for the Head Data Privacy and AI Europe Legal at Novartis?
- The primary legal challenges for the Head Data Privacy and AI Europe Legal at Novartis involve navigating complex and evolving data privacy regulations across Europe, including the EU AI Act, GDPR, and CCPA, while also managing AI-specific legal and ethical considerations. This includes ensuring compliance, mitigating risks related to AI systems and data breaches, and advising senior management on these critical areas.
- What specific AI regulations are most important for this role at Novartis?
- The EU AI Act is of paramount importance for this role, given its comprehensive approach to regulating AI systems. Additionally, understanding and advising on other relevant US and UK AI laws and OECD AI principles is crucial for comprehensive legal coverage.
- Does Novartis require specific certifications for the Head Data Privacy and AI Europe Legal position?
- Yes, relevant certifications are required for this role. Candidates are expected to possess certifications related to AI ethics, compliance, and specifically CIPP/E (Certified Information Privacy Professional/Europe) and CIPM (Certified Information Privacy Manager) are highly preferred to demonstrate expertise in data privacy.
- What is the expected level of experience with data privacy and cybersecurity incidents?
- The role requires proven working experience in data privacy, specifically including handling cybersecurity matters and leading legal responses to data privacy data breaches and AI-related incidents. This encompasses ensuring timely and effective resolution of such events.
- How does Novartis approach diversity and inclusion in its legal teams?
- Novartis is committed to building outstanding, inclusive work environments with diverse teams that represent the patients and communities they serve. This commitment extends to their legal departments, fostering a collaborative and supportive atmosphere for all employees.
- What is the significance of experience in the healthcare or tech sectors for this role?
- Experience in the healthcare and/or tech sectors is considered a desirable requirement. This suggests that familiarity with the specific data privacy and AI challenges within these industries, which are often at the forefront of innovation, would be beneficial for the candidate.
- What is the typical career path after holding the Head Data Privacy and AI Europe Legal position at Novartis?