Global Head AI and Data Privacy Legal

Role Summary

Location: East Hanover, NJ or Cambridge, MA. We’re looking for a visionary legal leader to join us as Global Head AI and Data Privacy Legal, shaping the future of Artificial intelligence (AI) and data privacy across the organization. You will provide and organize legal advice to support compliance with global data privacy regulations (including EU AI Act, FTC, HIPAAA and state AI regulations, GDPR, CCPA, and other relevant legislation), and support the development and implementation of AI and data privacy policies and procedures and providing legal guidance in these areas.

Responsibilities

• Leadership and Management: Lead and manage the global Data Privacy and AI Legal team, providing direction, mentorship, and development opportunities. Ensure a close working relationship with the Novartis Data Privacy, Digital & AI (DPDAI) function (which resides in the Ethics Risk and Compliance (ERC) function), within Legal and across the enterprise.
• Policy Development: Contribute to Enterprise AI Governance and support the development, implementation, and maintenance of AI and data privacy policies and procedures to ensure a responsible use of AI, protect personal data. Track evolving global AI and data privacy laws (e.g., EU AI Act, OECD AI principles, US AI laws, UK DPDI) and translate requirements into actionable guidance.
• Strategic Legal Guidance: Provide and organize expert legal advice and guidance on AI use cases and data privacy issues to internal stakeholders, including senior management, ERC, IT, and P&O. Manage outside counsel for advice on AI and data privacy legal issues as needed.
• Risk Management: Support the identification and mitigation of AI, data privacy and cybersecurity risks conducting regular assessments in close collaboration with DPDAI, IT and business teams.
• Training and Awareness: Support the development and delivery of training programs to educate employees on AI and data privacy best practices and legal requirements.
• Incident Response: Lead and support the legal response to AI-related incidents, date privacy data breaches (including in and cybersecurity incidents), ensuring timely and effective resolution.
• Collaboration: Collaborate with cross-functional teams, including ERC, IT, security, P&O, Legal and the business to ensure an integrated approach to AI and data privacy. Collaborate to influence policy/legislation, including within trade associations, and update senior management on AI and data privacy legal developments. Represent the company in global regulatory discussions, industry groups, and associations on AI and data privacy matters.
• Reporting: Prepare and present reports on AI and data privacy compliance and incidents to senior management and regulatory authorities.

Qualifications

• Required: University degree in law; admission to the US bar required.
• Required: Proven working experience on AI (in particular in relation to the EU AI Act) and data privacy, including in cybersecurity matters and ethics in a multi-disciplinary and international setting, as well as significant experience assessing AI systems from a legal and compliance perspective (including risk categorization, audit requirements, transparency obligations, and lifecycle governance).
• Required: Several years of experience in leading a team of lawyers.
• Required: Excellent leadership, communication, and analytical skills paired with the ability to manage complex legal issues and provide clear, actionable advice.
• Required: Relevant certifications such as certifications related to AI ethics, compliance, and CIPP/E, CIPP/US, CIPM are required.
• Required: Strong ethical standards and integrity.
• Required: Ability to work in a fast-paced, dynamic environment.
• Required: Proficiency in English (written and spoken).
• Preferred: Experience in a multinational company. Experience in the healthcare and/or tech sectors is preferred.

Skills

• Leadership and people management
• Strategic thinking and policy development
• Legal risk assessment
• Stakeholder communication and collaboration
• Cross-functional teamwork across Legal, IT, Security, ERC, and business units
• Understanding of AI governance, data privacy, and cybersecurity
• Fluent written and spoken English