Description:
Position Summary:We are seeking a highly skilled and business-oriented attorney to help lead the development and implementation of our global privacy, cybersecurity, and AI governance programs. This role will serve as a key strategic partner to our Information Security, Commercial Operations and Engineering teams, helping to build scalable legal frameworks that support innovation in connected and data-driven vehicle technologies. This role will further act as the overall Legal team lead in the enterprise-wide effort to increase utilization of AI across the company in a strategic, safe and compliant manner.
The ideal candidate will bring deep expertise in data protection, product cybersecurity, and emerging AI regulation, with experience building programs from the ground up in a fast-paced environment.
What You'll Do:
Become part of an iconic brand that is set to revolutionize the electric pick-up truck & rugged SUV marketplace by achieving the following:
Privacy:
Cybersecurity
AI Governance
Reporting Structure
Location & Travel Expectations:
What you'll bring
Required:
Preferred:
Key Competencies:
- Help design and implement a comprehensive global data privacy program, including governance structures, policies, and procedures.
- Advise on compliance with applicable laws and regulations (e.g., GDPR, CCPA/CPRA, U.S. state privacy laws, global data transfer regimes).
- Advise on and partner with the Commercial and IT teams to build a best-in-class consumer privacy regime for Scout Motors' direct-to-consumer business
- Advise on data protection terms in agreements including license, vendor, SaaS, technology, master services, confidentiality and other agreements.
- Draft privacy policies, notices, related disclosures, disclaimers, FAQs and communications to support and enable internal business team compliance.
- Act as the primary legal owner of data privacy obligations arising from connected vehicle operations, including telematics, over-the-air updates, and backend data processing.
- Assist security and R&D teams in establishing mature privacy-by-design and privacy-by-default frameworks integrated into product development lifecycle.
- Support incident response for privacy-related matters, including regulatory engagement.
- Help build and maintain the legal framework supporting a robust cybersecurity management program aligned with industry standards (e.g., ISO/SAE 21434, NIST, UNECE WP.29 regulations).
- Advise engineering and product teams on vehicle cybersecurity requirements, including secure software development, vulnerability management, and over-the-air (OTA) updates.
- Support compliance with automotive regulatory regimes governing cybersecurity and software updates by translating evolving automotive cybersecurity legislation into actionable internal requirements, building the contractual frameworks that protect the organization throughout the supply chain, and helping to manage data privacy obligations across the vehicle and connected services.
- Collaborate with IT, security, and engineering teams on risk assessments, audits, and mitigation strategies.
- Provide legal support for cybersecurity incidents, including investigation, reporting, and remediation obligations.
- Partner with Information Security to design and implement an AI governance program, including policies, vendor and use case reviews and risk assessments, enterprise-wide communications and training, documentation, and audit readiness.
- Advise on compliance with emerging AI regulations (e.g., EU AI Act, U.S. frameworks, global standards) and evolving industry best practices.
- Help establish responsible AI principles, including fairness, explainability, transparency, and accountability.
- Serve as lead and champion for developing internal AI use cases to improve efficiencies within the Legal team.
Reporting Structure
- Reports directly to the VP, Chief Intellectual Property Counsel
- Acts as a key advisor to senior leadership across legal, engineering, and product teams
- Opportunity to build critical governance frameworks from the ground up
Location & Travel Expectations:
- This role may be based out of the Scout Motors corporate headquarters in Charlotte, NC.
- This role requires 4-5 days per week in the office, with regular in-person meetings and events.
- Applicants should expect that the role will require the ability to convene with Scout colleagues in person and travel to participate in events on behalf of the company from time to time.
- We expect all Scout employees to have integrity, curiosity, resourcefulness, and strive to exhibit a positive attitude, as well as a growth mindset. You'll be comfortable with change and flexible in a fast-paced, high-growth environment. You'll take a collaborative approach to achieve ambitious goals. Here's what else you'll bring:
- J.D. from an accredited law school and active bar membership.
- 12–15 years of relevant experience in AI, privacy, cybersecurity, and/or technology law (mix of law firm and in-house preferred).
- Demonstrated experience building or scaling AI, privacy and/or cybersecurity programs.
- Strong knowledge of global data protection laws, cybersecurity regulatory frameworks, and emerging AI regulations.
- Experience advising on product counseling in a technology-driven environment.
Preferred:
- Experience in automotive, mobility, IoT, or connected device industries.
- Familiarity with vehicle cybersecurity standards (ISO/SAE 21434, UNECE WP.29).
- Experience with AI/ML governance frameworks and emerging regulation.
- Certifications such as CIPP, CIPM, CISSP, or similar.
- Comfort operating in a startup or high-growth environment with ambiguity.
Key Competencies:
- Strategic thinker with the ability to build programs from inception.
- Practical, solutions-oriented legal advisor with strong business judgment.
- Ability to translate complex regulatory requirements into actionable guidance.
- Strong stakeholder management and cross-functional collaboration skills.
- High degree of adaptability, ownership, and initiative.
