Assistant General Counsel, Privacy

Assistant General Counsel, Privacy Reporting to the Chief Privacy Officer, this role leads global privacy compliance at Thomson Reuters, with a primary focus on Canadian and U.S. privacy laws and global cybersecurity regulations. The successful candidate serves as a strategic legal advisor navigating complex regulatory landscapes while enabling business growth and innovation through privacy‑by‑design principles. Core Responsibilities Lead a team of attorneys and privacy professionals, partnering with executive leadership to integrate privacy considerations into business strategy and product development. Monitor evolving privacy laws and regulations globally, translating legal requirements into business guidance and operational execution. Serve as subject matter expert on specialized legal issues unique to data privacy and cybersecurity. Design, maintain, and continuously enhance the Thomson Reuters Privacy Program, including drafting privacy policies and establishing governance frameworks. Conduct comprehensive privacy risk assessments for products, systems, and operations, advising on risk‑mitigation counseling. Advise on privacy‑by‑design principles, review Privacy Impact Assessments (PIAs), and conduct risk assessments for new products, services, and business initiatives. Assess privacy implications of AI, machine learning, and other emerging technologies. Work closely with product teams, Information Security, Data & Analytics, and other internal functions to identify and address privacy risks. Lead and/or serve as subject matter expert for privacy due diligence and integration activities as part of mergers, acquisitions, and divestitures. Develop and manage procedures for vetting and auditing vendors and third parties on privacy compliance requirements. Assist contracting teams in drafting, maintaining, and negotiating data protection agreements. Provide legal counsel to cybersecurity teams during privacy incident investigations and breach response, ensuring investigations are conducted and documented appropriately to minimize risks, protect individual privacy, and fulfill legal obligations. Oversee consumer/data subject rights (DSR) request processes in collaboration with the Privacy Office. Support relationships with regulatory authorities during investigations or inquiries. Qualifications Juris Doctor from an accredited law school. Active bar admission in at least one U.S. state (Canadian bar admission a plus). 10+ years of progressive privacy and data protection legal experience. International privacy experience, particularly with Canadian and U.S. privacy laws. Experience in fast‑paced, technology‑driven organizations. Proven track record advising on enterprise‑wide privacy programs. Experience with incident response and regulatory interactions. Background in management consulting or law firm advisory services preferred. Strong people leadership experience with ability to build and develop teams. Exceptional communication skills with ability to translate complex legal terms into business requirements for diverse audiences. Strategic thinking with ability to provide practical, risk‑balanced counsel that enables business objectives. Deep understanding of global privacy laws (GDPR, CCPA, PIPEDA, LGPD, etc.). Knowledge of information security principles, cybersecurity laws, and data processing operations. Strong sense of urgency and results‑orientation. Proven ability to lead, motivate, influence, and guide cross‑functional teams and direct reports. Strong interpersonal skills, fostering a culture of belonging that enables everyone to contribute to their full potential. Ethical, with the ability to handle confidential information with discretion. Demonstrates a commitment to the company’s vision, mission, and values. Preferred Qualifications Professional privacy certification (CIPP/US, CIPP/C, CIPP/E, CIPM, CIPT, or equivalent). Experience advising content‑driven AI companies. Experience managing privacy requirements as a service provider to regulated entities (healthcare/HIPAA, financial services/GLBA, etc.). Technical background in data architecture or cybersecurity. Benefits & Culture Hybrid Work Model: Flexible hybrid environment (2–3 days a week in the office, with work‑from‑anywhere for up to 8 weeks per year). Flexibility & Work‑Life Balance: “Flex My Way” supportive workplace policies. Career Development and Growth: Continuous learning, Grow My Way programs, and skills‑first approach. Industry‑Competitive Benefits: Flexible vacation, two company‑wide mental health days, Headspace app access, retirement savings, tuition reimbursement, employee incentive programs, and wellness resources. Culture of Inclusion & Belonging: Global reputation for inclusion, belonging, flexibility, and work‑life balance. Social Impact: Two paid volunteer days annually and opportunities to participate in pro‑bono consulting projects and ESG initiatives. Making a Real‑World Impact: Commitment to justice, truth, transparency, and trusted, unbiased information worldwide. About Thomson Reuters Thomson Reuters brings trusted content and technology to empower professionals with data, intelligence, and solutions for informed decisions. With 26,000 employees across more than 70 countries, we deliver on business goals through diverse talent and flexible work environments. Equal Employment Opportunity Thomson Reuters is a proud equal employment opportunity employer. We provide a drug‑free workplace and make reasonable accommodations for qualified individuals with disabilities and sincerely held religious beliefs in accordance with applicable law. Learn more about how to protect yourself from fraudulent job postings here. #J-18808-Ljbffr