Airwallex is the only unified payments and financial platform for global businesses. Powered by our unique combination of proprietary infrastructure and software, we empower over 200,000 businesses worldwide â including Brex, Rippling, Navan, Qantas, SHEIN and many more â with fully integrated solutions to manage everything from business accounts, payments, spend management and treasury, to embedded finance at a global scale.
Proudly founded in Melbourne, we have a team of over 2,000 of the brightest and most innovative people in tech across 26 offices around the globe. Valued at US$8 billion and backed by world-leading investors including T. Rowe Price, Visa, Mastercard, Robinhood Ventures, Sequoia, Salesforce Ventures, DST Global, and Lone Pine Capital, Airwallex is leading the charge in building the global payments and financial platform of the future. If youâre ready to do the most ambitious work of your career, join us.
We hire successful builders with founder-like energy who want real impact, accelerated learning, and true ownership. You bring strong role-related expertise and sharp thinking, and youâre motivated by our mission and operating principles. You move fast with good judgment, dig deep with curiosity, and make decisions from first principles, balancing speed and rigor.
You're humble and collaborative; turn zeroâtoâone ideas into real products, and you âget stuff doneâ end-to-end. You use AI to work smarter and solve problems faster. Here, youâll tackle complex, highâvisibility problems with exceptional teammates and grow your career as we build the future of global banking. If that sounds like you, letâs build whatâs next.
About the team
The Legal, Risk & Compliance (LRC) team at Airwallex is a collaborative group of legal and compliance minds and risk management experts. Weâre passionate about safeguarding Airwallexâs operations, fostering a culture of compliance and ethical conduct, and ensuring we navigate the global financial landscape with integrity. We provide expert guidance and support to all areas of the business, proactively identifying, mitigating, and managing legal and financial risks.
Within LRC, the Data & Privacy team provides specialist guidance on data protection, data privacy, data governance and AI, partnering closely with other LRC teams as well as Product, Engineering, Information Security, Operations, and other business units across all regions. We support a global financial platform handling large volumes of customer and endâuser data under financialâservices regulation and data protection laws worldwide. Strong data protection practices are therefore essential for regulatory and customer trust and for our brand.
What youâll do
You will join as Counsel, Data & Privacy, with primary responsibility for data and privacy legal and regulatory matters across the US and broader Americas. You will be a key partner to senior stakeholders on topics spanning data protection, AI, cybersecurity, crossâborder data access, and US financial privacy regulation. Youâll help shape and execute Airwallexâs data and privacy strategy in the Americas region, design scalable compliance approaches for complex fintech and AIâdriven products, and translate fastâmoving regulatory requirements into pragmatic solutions that enable growth.
This hybrid role is based in San Francisco or New York.
Responsibilities:
Serve as data and privacy counsel for the US and Americas region, providing riskâbased, businessâoriented advice on US, Canada, and South American, data protection, AI and cybersecurity issues (including crossâborder access and nationalâsecurityâadjacent topics), grounded in global data protection regulation and frameworks.
Spearhead AI governance development and implementation globally, providing guidance on relevant global and US AI frameworks and executing a fit-for-purpose AI governance approach at Airwallex, including developing and implementing AI policies, procedures, privacy-related AI mitigations, and accountability frameworks.
Develop and help execute privacy and data protection compliance programs for the Americas, specifically focused on compliance with US federal and state consumer financial privacy frameworks (GLBA, FCRA, CalFIPA) compliance, Executive Order 14117, and comprehensive state privacy compliance.
Partner closely with Product, Engineering, Information Security, Regulatory Legal, Regulatory Compliance, Commercial Legal and Risk to embed privacyâ and securityâbyâdesign in product development, technical architecture, UX, and goâtoâmarket, including by spearheading DPIAs/PIAs, AI risk assessments, and other privacy impact assessments.
Draft, review, and negotiate complex data protection and dataâsharing terms (including DPAs, crossâborder transfer terms, and AIârelated clauses) with customers, vendors, financial partners, and other third parties, acting as an escalation point for highârisk matters.
Coordinate and oversee international data flows touching the Americas, ensuring appropriate transfer tools and governance (e.g. SCCs or equivalent), and supporting initiatives on data localisation, storage, and access controls.
Coâlead the privacy and dataâprotection workstream for security and data incidents related to the Americas with Information Security and other stakeholders, including triage, investigation, regulatory and customer notifications, remediation, and lessons learned.
Advise on highârisk or novel processing activities (e.g. new AI use cases, advanced analytics, innovative platform and embeddedâfinance data models), helping structure appropriate safeguards, governance, and documentation.
Support interactions with US and Americas regulators and policymakers on privacy, cybersecurity, dataâaccess and related topics, in close coordination with Regulatory Legal and Regulatory Compliance.
Help build and refine tools and processes for privacy workflows (e.g., intake, assessment, DPIA/PIA/DPIA for AI, ROPA, DSRs), including the use of specialist tooling, metrics, and dashboards to track and evidence compliance.
Contribute to training and enablement for Product, Engineering, Sales, Operations and other teams on privacy, data, AI and cybersecurity topics, using playbooks, guidance and officeâhours to make it easy to âdo the right thing by default.â
Who you are
We're looking for people who meet the minimum requirements for this role. The preferred qualifications are great to have, but are not mandatory.
Minimum qualifications:
U.S. legal qualification (or foreign equivalent) and active license to practice in at least one US jurisdiction.
5 years of experience in an inâhouse legal department and/or in private practice advising on technology, data and privacy issues related to technical platforms and products.
Strong knowledge of US federal and state privacy and dataâsecurity laws (such as CCPA/CPRA and GLBA/Reg P) and how they intersect with payments and broader financialâservices regulation, plus working knowledge of GDPR and Canadian/South American privacy requirements (such as LGPD).
Experience providing guidance on US related privacy adtech requirements and technologies, including varying consent frameworks under US state privacy laws, and operationalizing consent management requirements.
Demonstrated experience partnering with technical teams (Product, Engineering, Information Security) to translate legal and regulatory requirements into practical technical designs, controls, and processes.
Demonstrated experience advising on emerging US and global AI legal requirements and AIâgovernance best practices, and experience advising on AI/ML tools, vendors, or products from a privacy and dataâprotection perspective.
Experience providing data and privacy legal support during security or privacy incidents, including incident assessment, notification analysis, and remediation planning.
Excellent written and verbal communication skills, with the ability to explain complex legal concepts to nonâlawyers and senior executives, and to drive clear decisions in ambiguous, timeâsensitive situations.
High degree of ownership, resilience, and pragma
airwallex