Airwallex is hiring a Lead Counsel, Data Privacy

The Lead Counsel, Data Privacy will serve as the primary legal advisor for data protection, privacy, AI, and cybersecurity matters across the US and broader Americas region at Airwallex. This role involves shaping data privacy strategy, ensuring compliance with financial and data privacy regulations, and embedding privacy-by-design into product development for a global fintech platform.

What You'll Do

• Serve as lead data and privacy counsel for the US and Americas region, providing risk-based, business-oriented advice on US, Canada, and South American data protection, AI and cybersecurity issues, including cross-border access and national-security-adjacent topics, grounded in global data protection regulation and frameworks.
• Spearhead AI governance development and implementation globally, providing guidance on relevant global and US AI frameworks and executing a fit-for-purpose AI governance approach at Airwallex, including developing and implementing AI policies, procedures, privacy-related AI mitigations, and accountability frameworks.
• Develop and help execute privacy and data protection compliance programs for the Americas, specifically focused on compliance with US federal and state consumer financial privacy frameworks (GLBA, FCRA, CalFIPA) compliance, Executive Order 14117, and comprehensive state privacy compliance.
• Partner closely with Product, Engineering, Information Security, Regulatory Legal, Regulatory Compliance, Commercial Legal and Risk to embed privacy- and security-by-design in product development, technical architecture, UX, and go-to-market, including by spearheading DPIAs/PIAs, AI risk assessments, and other privacy impact assessments.
• Draft, review, and negotiate complex data protection and data-sharing terms (including DPAs, cross-border transfer terms, and AI-related clauses) with customers, vendors, financial partners, and other third parties, acting as an escalation point for high-risk matters.
• Coordinate and oversee international data flows touching the Americas, ensuring appropriate transfer tools and governance (e.g. SCCs or equivalent), and supporting initiatives on data localisation, storage, and access controls.
• Co-lead the privacy and data-protection workstream for security and data incidents related to the Americas with Information Security and other stakeholders, including triage, investigation, regulatory and customer notifications, remediation, and lessons learned.
• Advise on high-risk or novel processing activities (e.g. new AI use cases, advanced analytics, innovative platform and embedded-finance data models), helping structure appropriate safeguards, governance, and documentation.
• Support interactions with US and Americas regulators and policymakers on privacy, cybersecurity, data-access and related topics, in close coordination with Regulatory Legal and Regulatory Compliance.
• Help build and refine tools and processes for privacy workflows (e.g., intake, assessment, DPIA/PIA/DPIA for AI, ROPA, DSRs), including the use of specialist tooling, metrics, and dashboards to track and evidence compliance.
• Contribute to training and enablement for Product, Engineering, Sales, Operations and other teams on privacy, data, AI and cybersecurity topics, using playbooks, guidance and office-hours to make it easy to “do the right thing by default.”

What We're Looking For

• U.S. legal qualification (or foreign equivalent) and active license to practice in at least one US jurisdiction.
• 8 years of experience in an in-house legal department and/or in private practice advising on technology, data and privacy issues related to technical platforms and products.
• Strong knowledge of US federal and state privacy and data-security laws (such as CCPA/CPRA and GLBA/Reg P) and how they intersect with payments and broader financial-services regulation, plus working knowledge of GDPR and Canadian/South American privacy requirements (such as LGPD).
• Experience providing guidance on US related privacy adtech requirements and technologies, including varying consent frameworks under US state privacy laws, and operationalizing consent management requirements.
• Demonstrated experience partnering with technical teams (Product, Engineering, Information Security) to translate legal and regulatory requirements into practical technical designs, controls, and processes.
• Demonstrated experience advising on emerging US and global AI legal requirements and AI-governance best practices, and experience advising on AI/ML tools, vendors, or products from a privacy and data-protection perspective.
• Experience providing data and privacy legal support during security or privacy incidents, including incident assessment, notification analysis, and remediation planning.
• Excellent written and verbal communication skills, with the ability to explain complex legal concepts to non-lawyers and senior executives, and to drive clear decisions in ambiguous, time-sensitive situations.
• High degree of ownership, resilience, and pragmatism; comfortable working in a fast-paced, high-growth fintech environment and managing multiple complex matters in parallel.

Nice to Have

• Experience advising on data, privacy, AI and cybersecurity issues in financial services, payments, or fintech, including US financial-privacy rules and national-security-adjacent data-access considerations.
• Experience interacting with regulators (privacy regulators, financial regulators, or other authorities) on privacy, cybersecurity, AI, or data-access issues, whether in supervisory, licensing, or enforcement contexts.
• Experience contributing to or leading elements of a global privacy program (such as acting as, or supporting, a DPO-style function, or building regional privacy frameworks and playbooks).
• Relevant privacy and/or AI certifications (e.g., CIPP/US, CIPP/E, CIPM, AIGP) or demonstrably equivalent experience in global privacy program design and execution.
• Prior in-house experience at a rapidly scaling tech or fintech company and working with globally distributed teams across time zones.

Team & Environment

• Part of the Legal, Risk & Compliance (LRC) team, with sub-focus on Data & Privacy; collaborates with Product, Engineering, Information Security, Operations, and other business units globally.
• Team size: over 2,000.

Benefits & Compensation

• Remote work in the United States
• Opportunity to work with globally distributed teams across 26 offices
• Accelerated learning and true ownership in a high-growth fintech environment
• Work on complex, high-visibility problems with exceptional teammates
• Career growth as part of building the future of global banking
• Use of AI to work smarter and solve problems faster
• Access to specialist tooling, metrics, and dashboards for compliance tracking
• Training and enablement programs for cross-functional teams
• Inclusive culture valuing diversity, merit, and competence

Work Mode

• Remote work within the United States

Airwallex is proud to be an equal opportunity employer. We value diversity and anyone seeking employment at Airwallex is considered based on merit, qualifications, competence and talent. We don’t regard color, religion, race, national origin, sexual orientation, ancestry, citizenship, sex, marital or family status, disability, gender, or any other legally protected status when making our hiring decisions. If you have a disability or special need that requires accommodation, please let us know.