Privacy & AI Counsel

Location: London, UK or Amsterdam, Netherlands

The Privacy & AI Counsel is a senior expert role responsible for designing, implementing, and independently operating Forward Air’s global privacy and data governance program, with a strong emphasis on GDPR, U.S. state privacy laws, HIPAA, and emerging international regimes.

This role serves as the principal subject-matter expert on data privacy, data protection, and AI-related legal and compliance risks. The position is structured as a hands-on, individual contributor role that requires deep technical and legal fluency, sound judgment, and the ability to operate autonomously while influencing across Legal, IT, Security, HR, and Operations.

Key Responsibilities

• Design, implement, and continuously mature Forward Air’s company-wide privacy and data protection program aligned with GDPR, CCPA/CPRA, HIPAA, and emerging global privacy regulations.
• Own the development and maintenance of privacy governance elements, including policies, standards, SOPs, records of processing activities, and internal guidance.
• Independently lead privacy risk assessments, including DPIAs, TIAs, data mapping exercises, DSAR/DSR workflows, and third-party privacy reviews using scalable, programmatic approaches.
• Identify, assess, and mitigate privacy and AI‑related risks associated with data flows, analytics, automation, AI‑enabled systems, vendors, and cross‑border data transfers.
• Advise on responsible AI, automated decision‑making, and advanced analytics, translating regulatory and ethical expectations into practical, operational controls.
• Partner with IT, Security, Engineering, HR, Procurement, and business teams to embed privacy‑by‑design and data minimization principles into systems, workflows, and product lifecycles.
• Define and mature technical and operational privacy controls covering data retention, access management, consent, classification, and third‑party integrations.
• Serve as the primary privacy compliance lead for regulatory inquiries, audits, and certifications (e.g., SOC 2 Privacy, ISO 27701, HIPAA‑related reviews), ensuring audit readiness and timely responses.
• Collaborate with Internal Audit, Compliance, and Security to assess control effectiveness, remediate gaps, and track privacy program maturity and risk trends.
• Provide expert legal and compliance guidance on privacy incident preparedness and response, including breach notification considerations and regulatory engagement.
• Act as a trusted advisor to senior leadership on evolving privacy, AI, and data governance risks, translating regulatory developments into actionable business guidance.
• Build and deliver targeted privacy and AI‑related training and awareness programs for employees and relevant third parties to promote a culture of ethical data use and accountability.
• Define and implement scalable monitoring, reporting, and evidence‑collection mechanisms leveraging privacy and GRC tools, dashboards, and automation.
• Maintain continuous awareness of global regulatory developments, enforcement trends, and emerging risks, proactively advising on their impact on Forward Air’s operations.
• Support adjacent compliance and regulatory initiatives as needed, demonstrating flexibility and the ability to pivot in response to evolving business and risk priorities.

Qualifications

• 10+ years of relevant experience in privacy, data protection, compliance, legal, or regulatory advisory roles.
• Deep, hands‑on expertise in GDPR, California privacy laws (CCPA/CPRA), HIPAA, and comparable global privacy frameworks.
• Strong understanding of how privacy requirements translate into technical and operational controls, including data flows, access management, retention, and third‑party integrations.
• Willingness to travel occasionally as business needs require.
• Privacy or compliance certifications such as CIPP, CIPM, CIPP/E, CCEP, CISA, CISM, or CRISC.
• Experience with GRC and privacy tooling (e.g., OneTrust).
• Exposure to AI, machine learning, automation, or advanced analytics from a governance or risk perspective.
• Background working in regulated, global, or highly data‑driven environments.

Skills

• Proven ability to build and operate privacy programs independently, without reliance on large teams.
• Demonstrated ability to identify, prioritize, and resolve complex legal and compliance issues in real time.
• Exceptional judgment, discretion, and integrity when handling sensitive and confidential information.
• Excellent written and verbal communication skills, with the ability to influence across technical and non‑technical audiences.
• Self‑starter mindset with strong execution discipline, organizational rigor, and comfort operating in ambiguity.

#J-18808-Ljbffr