Logo
Universal Music Group

Senior Privacy Counsel - New York, 10019

Universal Music Group, New York

Save Job

Senior Privacy Counsel - New York, 10019, United States of America

How We LEAD:

The Senior Privacy Counsel will serve as a key legal advisor to cross-functional teams—including product, legal, engineering, marketing, and commercial operations—on matters related to privacy, data protection, cybersecurity, AI governance, and data-driven transactions. In this global and fast-paced environment, the Senior Counsel will address complex and novel legal issues, helping to shape and operationalize the company’s responsible data strategy.  This role will provide high-impact, business-oriented legal counsel on a wide range of topics, including global privacy laws, cross-border data transfers, data governance, incident response, and vendor risk. Drawing on deep expertise in regulatory requirements and industry best practices, the Senior Privacy Counsel will apply a risk-based approach to ensure compliance, support scalable innovation, and enable the Company’s global growth and digital transformation initiatives.

How You’ll CREATE:

Key Responsibilities

  • Privacy & Data Strategy:
    • Advise stakeholders (Legal, Product, Engineering, Marketing) on global privacy laws (GDPR, CCPA/CPRA, PIPL, and more), privacy-enhancing technologies, and AI/ML
    • Translate legal and regulatory requirements into business and technical guidance.
  • Transactions & Contracting:
    • Draft, negotiate, and review privacy/security provisions in commercial contracts, ad-tech partnerships, platform integrations, and data-sharing agreements
  • Product & AI Counseling:
    • Collaborate with product and engineering teams to embed privacy-by-design and responsible AI principles into new features and offerings
    • Conduct or support DPIAs and AI risk assessments, ensuring robust documentation and compliance.
  • Cybersecurity & Incident Response:
    • Lead privacy and data security incident response, including coordination with forensics, drafting breach notifications, and liaising with regulators
  • Regulatory Monitoring & Engagement:
    • Track developments in global privacy and cyber laws, regulatory guidance, and enforcement actions.
    • Support regulatory inquiries and prepare responses or disclosures.

Bring Your VIBE:

  • 7+ years of legal experience in privacy, data protection, cybersecurity, and/or data governance
  • Experience in a major law firm and/or in-house role, with deep experience with GDPR and U.S. state privacy laws, and a working knowledge of other international data protection laws.
  • Strong transactional experience—drafting and negotiating privacy and security terms in commercial, data, and technology contracts.
  • Strong background advising on cybersecurity incidents and conducting breach and incident response.
  • Demonstrated deep understanding of AI governance, risk counseling for AI/ML systems, and AI-related regulatory frameworks.
  • Proven track record in product counseling, DPIAs, and translating complex data issues into actionable plans.
  • Excellent business judgment and ability to assess legal risk while also thinking strategically and providing practical real-world advice.