Job Description
Position Title: Privacy & AI Counsel
Position Type: Permanent Full-Time
Location: London, UK or Amsterdam, Netherlands
The Privacy & AI Counsel is a senior expert role responsible for designing, implementing, and independently operating Forward Air’s global privacy and data governance program, with a strong emphasis on GDPR, U.S. state privacy laws, HIPAA, and emerging international regimes.
This role serves as the principal subject-matter expert on data privacy, data protection, and AI-related legal and compliance risks. The position is structured as a hands-on, individual contributor role that requires deep technical and legal fluency, sound judgment, and the ability to operate autonomously while influencing across Legal, IT, Security, HR, and Operations.
Key Responsibilities
* Design, implement, and continuously mature Forward Air’s company-wide privacy and data protection program aligned with GDPR, CCPA/CPRA, HIPAA, and emerging global privacy regulations.
* Own the development and maintenance of privacy governance elements, including policies, standards, SOPs, records of processing activities, and internal guidance.
* Independently lead privacy risk assessments, including DPIAs, TIAs, data mapping exercises, DSAR/DSR workflows, and third-party privacy reviews using scalable, programmatic approaches.
* Identify, assess, and mitigate privacy and AI-related risks associated with data flows, analytics, automation, AI-enabled systems, vendors, and cross-border data transfers.
* Advise on responsible AI, automated decision-making, and advanced analytics, translating regulatory and ethical expectations into practical, operational controls.
* Partner with IT, Security, Engineering, HR, Procurement, and business teams to embed privacy-by-design and data minimization principles into systems, workflows, and product lifecycles.
* Define and mature technical and operational privacy controls covering data retention, access management, consent, classification, and third-party integrations.
* Serve as the primary privacy compliance lead for regulatory inquiries, audits, and certifications (e.g., SOC 2 Privacy, ISO 27701, HIPAA-related reviews), ensuring audit readiness and timely responses.
* Collaborate with Internal Audit, Compliance, and Security to assess control effectiveness, remediate gaps, and track privacy program maturity and risk trends.
* Provide expert legal and compliance guidance on privacy incident preparedness and response, including breach notification considerations and regulatory engagement.
* Act as a trusted advisor to senior leadership on evolving privacy, AI, and data governance risks, translating regulatory developments into actionable business guidance.
* Build and deliver targeted privacy and AI-related training and awareness programs for employees and relevant third parties to promote a culture of ethical data use and accountability.
* Define and implement scalable monitoring, reporting, and evidence-collection mechanisms leveraging privacy and GRC tools, dashboards, and automation.
* Maintain continuous awareness of global regulatory developments, enforcement trends, and emerging risks, proactively advising on their impact on Forward Air’s operations.
* Support adjacent compliance and regulatory initiatives as needed, demonstrating flexibility and the ability to pivot in response to evolving business and risk priorities.
Qualifications
* 10+ years of relevant experience in privacy, data protection, compliance, legal, or regulatory advisory roles.
* Deep, hands-on expertise in GDPR, California privacy laws (CCPA/CPRA), HIPAA, and comparable global privacy frameworks.
* Strong understanding of how privacy requirements translate into technical and operational controls, including data flows, access management, retention, and third-party integrations.
* Willingness to travel occasionally as business needs require.
* Privacy or compliance certifications such as CIPP, CIPM, CIPP/E, CCEP, CISA, CISM, or CRISC.
* Experience with GRC and privacy tooling (e.g., OneTrust).
* Exposure to AI, machine learning, automation, or advanced analytics from a governance or risk perspective.
* Background working in regulated, global, or highly data-driven environments.
Skills
* Proven ability to build and operate privacy programs independently, without reliance on large teams.
* Demonstrated ability to identify, prioritize, and resolve complex legal and compliance issues in real time.
* Exceptional judgment, discretion, and integrity when handling sensitive and confidential information.
* Excellent written and verbal communication skills, with the ability to influence across technical and non-technical audiences.
* Self-starter mindset with strong execution discipline, organizational rigor, and comfort operating in ambiguity.