Lead Counsel, Data Privacy

About Airwallex
Airwallex is the only unified payments and financial platform for global businesses. Powered by our unique combination of proprietary infrastructure and software, we empower over 200,000 businesses worldwide - including Brex, Rippling, Navan, Qantas, SHEIN and many more - with fully integrated solutions to manage everything from business accounts, payments, spend management and treasury, to embedded finance at a global scale.
Proudly founded in Melbourne, we have a team of over 2,000 of the brightest and most innovative people in tech across 26 offices around the globe. Valued at US$8 billion and backed by world-leading investors including T. Rowe Price, Visa, Mastercard, Robinhood Ventures, Sequoia, Salesforce Ventures, DST Global, and Lone Pine Capital, Airwallex is leading the charge in building the global payments and financial platform of the future. If you're ready to do the most ambitious work of your career, join us.
Attributes We Value
We hire successful builders with founder-like energy who want real impact, accelerated learning, and true ownership. You bring strong role-related expertise and sharp thinking, and you're motivated by our mission and operating principles. You move fast with good judgment, dig deep with curiosity, and make decisions from first principles, balancing speed and rigor.
You're humble and collaborative; turn zero-to-one ideas into real products, and you "get stuff done" end-to-end. You use AI to work smarter and solve problems faster. Here, you'll tackle complex, high-visibility problems with exceptional teammates and grow your career as we build the future of global banking. If that sounds like you, let's build what's next.
About the team
The Legal, Risk & Compliance (LRC) team at Airwallex is a collaborative group of legal and compliance minds and risk management experts. We're passionate about safeguarding Airwallex's operations, fostering a culture of compliance and ethical conduct, and ensuring we navigate the global financial landscape with integrity. We provide expert guidance and support to all areas of the business, proactively identifying, mitigating, and managing legal and financial risks.
Within LRC, the Data & Privacy team provides specialist guidance on data protection, data privacy, data governance and AI, partnering closely with other LRC teams as well as Product, Engineering, Information Security, Operations, and other business units across all regions. We support a global financial platform handling large volumes of customer and end-user data under financial-services regulation and data protection laws worldwide. Strong data protection practices are therefore essential for regulatory and customer trust and for our brand.
What you'll do
You will join as Senior Lead Counsel, Data & Privacy, with primary responsibility for data and privacy legal and regulatory matters across the US and broader Americas. You will be a key partner to senior stakeholders on topics spanning data protection, AI, cybersecurity, cross-border data access, and US financial privacy regulation. You'll help shape and execute Airwallex's data and privacy strategy in the Americas region, design scalable compliance approaches for complex fintech and AI-driven products, and translate fast-moving regulatory requirements into pragmatic solutions that enable growth.
This remote role is based in the United States.
Responsibilities:

• Serve as lead data and privacy counsel for the US and Americas region, providing risk-based, business-oriented advice on US, Canada, and South American, data protection, AI and cybersecurity issues (including cross-border access and national-security-adjacent topics), grounded in global data protection regulation and frameworks.
• Spearhead AI governance development and implementation globally, providing guidance on relevant global and US AI frameworks and executing a fit-for-purpose AI governance approach at Airwallex, including developing and implementing AI policies, procedures, privacy-related AI mitigations, and accountability frameworks.
• Develop and help execute privacy and data protection compliance programs for the Americas, specifically focused on compliance with US federal and state consumer financial privacy frameworks (GLBA, FCRA, CalFIPA) compliance, Executive Order 14117, and comprehensive state privacy compliance.
• Partner closely with Product, Engineering, Information Security, Regulatory Legal, Regulatory Compliance, Commercial Legal and Risk to embed privacy- and security-by-design in product development, technical architecture, UX, and go-to-market, including by spearheading DPIAs/PIAs, AI risk assessments, and other privacy impact assessments.
• Draft, review, and negotiate complex data protection and data-sharing terms (including DPAs, cross-border transfer terms, and AI-related clauses) with customers, vendors, financial partners, and other third parties, acting as an escalation point for high-risk matters.
• Coordinate and oversee international data flows touching the Americas, ensuring appropriate transfer tools and governance (e.g. SCCs or equivalent), and supporting initiatives on data localisation, storage, and access controls.
• Co-lead the privacy and data-protection workstream for security and data incidents related to the Americas with Information Security and other stakeholders, including triage, investigation, regulatory and customer notifications, remediation, and lessons learned.
• Advise on high-risk or novel processing activities (e.g. new AI use cases, advanced analytics, innovative platform and embedded-finance data models), helping structure appropriate safeguards, governance, and documentation.
• Support interactions with US and Americas regulators and policymakers on privacy, cybersecurity, data-access and related topics, in close coordination with Regulatory Legal and Regulatory Compliance.
• Help build and refine tools and processes for privacy workflows (e.g., intake, assessment, DPIA/PIA/DPIA for AI, ROPA, DSRs), including the use of specialist tooling, metrics, and dashboards to track and evidence compliance.
• Contribute to training and enablement for Product, Engineering, Sales, Operations and other teams on privacy, data, AI and cybersecurity topics, using playbooks, guidance and office-hours to make it easy to "do the right thing by default."

Who you are
We're looking for people who meet the minimum requirements for this role. The preferred qualifications are great to have, but are not mandatory.
Minimum qualifications:

• U.S. legal qualification (or foreign equivalent) and active license to practice in at least one US jurisdiction.
• 8 years of experience in an in-house legal department and/or in private practice advising on technology, data and privacy issues related to technical platforms and products.
• Strong knowledge of US federal and state privacy and data-security laws (such as CCPA/CPRA and GLBA/Reg P) and how they intersect with payments and broader financial-services regulation, plus working knowledge of GDPR and Canadian/South American privacy requirements (such as LGPD).
• Experience providing guidance on US related privacy adtech requirements and technologies, including varying consent frameworks under US state privacy laws, and operationalizing consent management requirements.
• Demonstrated experience partnering with technical teams (Product, Engineering, Information Security) to translate legal and regulatory requirements into practical technical designs, controls, and processes.
• Demonstrated experience advising on emerging US and global AI legal requirements and AI-governance best practices, and experience advising on AI/ML tools, vendors, or products from a privacy and data-protection perspective.
• Experience providing data and privacy legal support during security or privacy incidents, including incident assessment, notification analysis, and remediation planning.
• Excellent written and verbal communication skills, with the ability to explain complex legal concepts to non-lawyers and senior executives, and to drive clear decisions in ambiguous, time-sensitive situations.
• High degree of ownership, resilience, and pragmatism; comfortable working in a fast-paced, high-growth fintech environment and managing multiple complex matters in parallel.

Preferred qualifications:

• Experience advising on data, privacy, AI and cybersecurity issues in financial services, payments, or fintech, including US financial-privacy rules and national-security-adjacent data-access considerations.
• Experience interacting with regulators (privacy regulators, financial regulators, or other authorities) on privacy, cybersecurity, AI, or data-access issues, whether in supervisory, licensing, or enforcement contexts.
• Experience contributing to or leading elements of a global privacy program (such as acting as, or supporting, a DPO-style function, or building regional privacy frameworks and playbooks).
• Relevant privacy and/or AI certifications (e.g., CIPP/US, CIPP/E, CIPM, AIGP) or demonstrably equivalent experience in global privacy program design and execution.
• Prior in-house experience at a rapidly scaling tech or fintech company and working with globally distributed teams across time zones.

Applicant Safety Policy: Fraud and Third-Party Recruiters
To protect you from recruitment scams, please be aware that Airwallex will not ask for bank details, sensitive ID numbers (i.e. passport), or any form of payment during the application or interview process. All official communication will come from an @airwallex.com email address. Please apply only through careers.airwallex.com or our official LinkedIn page.
Airwallex does not accept unsolicited resumes from search firms/recruiters. Airwallex will not pay any fees to search firms/recruiters if a candidate is submitted by a search firm/recruiter unless an agreement has been entered into with respect to specific open position(s). Search firms/recruiters submitting resumes to Airwallex on an unsolicited basis shall be deemed to accept this condition, regardless of any other provision to the contrary.
Equal opportunity
Airwallex is proud to be an equal opportunity employer. We value diversity and anyone seeking employment at Airwallex is considered based on merit, qualifications, competence and talent. We don't regard color, religion, race, national origin, sexual orientation, ancestry, citizenship, sex, marital or family status, disability, gender, or any other legally protected status when making our hiring decisions. If you have a disability or special need that requires accommodation, please let us know.