Description:

Description:
Why Valvoline Global Operations?
At Valvoline Global Operations, we're proud to be The Original Motor Oil, but we've never rested on being first. Founded in 1866, we introduced the world's first branded motor oil, staking our claim as a pioneer in the automotive and industrial solutions industry. Today, as an affiliate of Aramco, one of the world's largest integrated energy and chemicals companies, we are driven by innovation and committed to creating sustainable solutions for a better future.

With a global presence, we develop future-ready products and provide best-in-class services for our partners around the world. For us, originality isn't just about where we began; it's about where we're headed and how we'll lead the way. We are originality in motion.

Our corporate values—Care, Integrity, Passion, Unity, and Excellence—are at the heart of everything we do. These values define how we operate, how we treat one another, and how we engage with our partners, customers, and the communities we serve. At Valvoline Global, we are united in our commitment to:

Treating everyone with care.
Acting with unwavering integrity.
Striving for excellence in all endeavors.
Delivering on our commitments with passion.
Collaborating as one unified team.

When you join Valvoline Global, you'll become part of a culture that celebrates creativity, innovation, and excellence. Together, we're shaping the future of automotive and industrial solutions.

Valvoline Global Operations Headquarters is located in Lexington, KY. We prefer local candidates willing to work an in-office work schedule (3 days per week). *We're also open to candidates working in a remote capacity.

The Counsel for Privacy, AI, and Data Protection serves as the enterprise subject matter authority and accountable legal owner for Valvoline Global Operations' global privacy, data protection, and AI governance programs. This role is responsible for establishing and maintaining scalable, compliant, and business-enabling frameworks that govern the organization's use of data and artificial intelligence across all regions.

Operating with significant independence, this role translates complex and evolving regulatory requirements into actionable enterprise policies, standards, and risk-based guidance. The position has direct accountability for the effectiveness, maturity, and continuous improvement of privacy and AI governance programs, influencing senior leadership decisions and enabling responsible innovation while protecting the organization from regulatory, legal, and reputational risk.

Key Responsibilities include:

Privacy & Data Protection Program Leadership

Accountable for the design, implementation, and ongoing effectiveness of Valvoline's global privacy program, including governance structure, policies, and operational processes.
Owns enterprise interpretation and application of global privacy laws (e.g., GDPR, CCPA/CPRA), establishing company-wide standards and guidance.
Accountable for core privacy program operations, including DPIAs/PIAs, DSAR processes, data mapping, and records of processing activities, ensuring they are scalable, auditable, and consistently executed.
Establishes and monitors program KPIs and metrics to measure compliance, maturity, and operational effectiveness; drives remediation where gaps exist.
Leads integration of privacy-by-design principles into business processes, systems, and product development, ensuring consistent adoption across functions.

Artificial Intelligence Governance & Responsible Innovation

Accountable for the enterprise AI governance framework, including policy development, risk classification models, and required controls.
Owns the legal review and risk determination framework for AI/ML use cases, including defining approval thresholds and escalation criteria.
Ensures AI initiatives meet regulatory, ethical, and internal governance standards, providing final legal guidance on high-risk or ambiguous use cases.
Translates global AI regulatory developments into enforceable internal requirements, ensuring timely adoption across the enterprise.
Partners cross-functionally but retain accountability for the legal sufficiency and defensibility of AI governance practices.

Regulatory Compliance, Risk Management & Incident Response

Accountable for identifying and assessing enterprise-level legal risks related to data protection, cybersecurity, and AI.
Owns legal guidance on cross-border data transfers and data governance structures, including approval of compliant transfer mechanisms.
Serves as the lead legal advisor during data incidents, accountable for legal risk assessment, privilege strategy, and notification obligations.
Oversees legal support for regulatory inquiries, audits, and investigations, ensuring consistency and defensibility of the company's position.
Drives alignment with Information Security and Compliance, while maintaining ownership of legal risk positions and interpretations.

Commercial Contracting & Third-Party Risk Management

Accountable for establishing legal standards and required clauses for data protection and AI in commercial agreements.
Provides final legal approval on complex or high-risk data-related contractual terms, including cross-border arrangements.
Oversees third-party privacy and AI risk assessment frameworks, ensuring vendors meet company standards.
Supports strategic initiatives and transactions, retaining accountability for privacy and AI risk positions.

Stakeholder Engagement, Training & Enablement

Acts as the primary legal authority and advisor to senior leadership on privacy, cybersecurity, and AI matters.
Drives enterprise-wide understanding and adoption of privacy and AI requirements through training, frameworks, and practical tools.
Influences decision-making at the leadership level, particularly where legal risk and business strategy intersect.
Ensures alignment across Legal, Compliance, Risk, and business functions, while maintaining clear ownership of legal interpretations and positions.

What You'll Need:

Juris Doctor (JD) degree from an accredited law school and active license to practice law in at least one U.S. jurisdiction.
Minimum of 8–12 years of legal experience, with significant focus on privacy, data protection, cybersecurity, and/or technology law.
Demonstrated expertise in U.S. and global privacy laws and frameworks (e.g., GDPR, CCPA/CPRA) and strong familiarity with emerging AI regulatory requirements.
Experience advising on AI/ML technologies, data-driven business models, or digital products, including governance and risk management considerations.
Proven experience building or supporting global privacy programs and operationalizing compliance frameworks (e.g., DPIAs, DSARs, data mapping).
Strong experience partnering with Product, Engineering, IT, and Security teams to translate legal requirements into practical solutions.
Demonstrated ability to operate independently, manage complex cross-functional initiatives, and provide strategic, risk-based legal advice.
Excellent communication, negotiation, and stakeholder engagement skills, with the ability to influence senior leaders.
Relevant certifications (e.g., CIPP/US, CIPP/E, CIPM, AIGP) preferred.
Ability to travel (approximately 10–20%) to support global business initiatives and team engagement.
Collaborate effectively across global time zones, providing support to regional stakeholders and participating in meetings outside standard business hours as needed to support a globally distributed organization.