Director, Privacy Operations & Data Governance | Technology Operations | Technology
FTI Consulting is the leading global expert firm for organizations facing crisis and transformation. We work with many of the world’s top multinational corporations, law firms, banks and private equity firms on their most important issues to deliver impact that makes a difference. From resolving disputes, navigating crises, managing risk and optimizing performance, our teams respond rapidly to dynamic and complex situations.
At FTI Consulting, you’ll work side‑by‑side with leaders who have shaped history, helping solve the biggest challenges making headlines today. From day one, you’ll be an integral part of a focused team where you can make a real impact. You’ll be surrounded by an open, collaborative culture that embraces diversity, recognition, professional development and, most importantly, you.
Are you ready to make your impact?
About The Role
The Director works as a member of our in‑house Service Delivery, Privacy, AI Governance & GRC team within the Technology segment of FTI Consulting. The role is an operational leadership (non‑consulting) position that fosters intergroup relationships while enabling scalable, compliant, and commercially practical service delivery and ensuring governance, compliance and best practices. You support global privacy operations, third‑party risk management, service delivery and AI governance across the Technology segment by working closely with the Vice President, legal, sales, DPO, security, architecture/engineering, and data center operations teams to ensure compliance with applicable regulations, laws and industry standards.
This role will support EMEA‑focused governance, contracting, and operational readiness efforts, including GDPR, UK GDPR, cross‑border data transfers, transfer impact assessments, Standard Contractual Clauses, AI governance, and regional regulatory change management. With your passion for data protection and responsible innovation, you will champion governance and risk management initiatives to ensure privacy by design, responsible AI, and security remain embedded into scalable operations, negotiations, content, commercial agreements, products, and the delivery of services.
You will lead and drive core program objectives and product solutions by leveraging your knowledge of hyperscale/SaaS/IaaS technology and risk management with technical, GRC and legal acumen.
What You’ll Do
While this role requires strong legal and regulatory acumen, it does not act as legal counsel and must partner closely with internal legal, DPO and security stakeholders on matters requiring legal interpretation or technical control validation.
Partner with various stakeholders to ensure appropriate GRC provisions are incorporated into customer, vendor, partner and other GTM content including portals, Trust, DPAs, LOEs, development/maintenance of standard positions, playbooks, and reusable governance artifacts, identifying areas of automation.
Support Technology segment transformation initiatives, including cross‑segment programs such as scalable IT; interaction with external counsel, FTI’s senior leadership and clients.
Proactively horizon scan and monitor data protection, cyber and AI regulations/standards (e.g., GDPR, CCPA, EU AI Act, EU AI pact, DORA), assess regulations for applicability to context, FTI’s solutions and translate requirements into practical controls, contract positions, governance artifacts, and business process changes.
Exercise sound judgment to effectively assess, communicate, balance and resolve risk in the provision of compliance guidance to the business.
Ensure AI/Development and other technology initiatives or products comply with regulations, governance principles, ISO standards and industry best practices.
Partner with teams and data stewards to coordinate and perform various audits and assessments (PIA, DPIA, TIA, AI impact assessment, Data Inventories) as needed; maintain and evolve risk registers, risk matrices and supporting artifacts to strengthen operational accountability consistent with ISO 27701, ISO 42001.
Build and operationalize negotiation playbooks, risk matrices, data maps and standardized artifacts that enable self‑service and reduce ad‑hoc escalations, including intake and triage mechanisms to further consistency across business workflows.
Review and negotiate both client and third‑party agreements accounting for compliance and alignment with standard positions, cross‑border transfers to enable product/solution delivery and client engagements; evaluate third parties’ compliance and risk disposition as required.
Govern risk exception handling for sales enablement & product risk acceptance, establishing standardization (90 %) and exception (10 %) protocols.
Collaborate on administration, areas of automation, create content and provide support of various systems: Salesforce, TRUST site, TPRM system (Prevalent) and AI CLM.
Champion and evangelize new technology and policy as needed to further strengthen governance and enforce policies and frameworks that ensure ethical, secure and compliant solution deployment. Proactively evaluate advanced tools and suppliers and continuously evaluate opportunities for automation or self‑service.
Support internal and external governance communications by ensuring client‑facing content, trust materials and governance statements are accurate, supportable and aligned to operational reality.
Support and lead initiatives as required under the team’s GRC charter.
How You’ll Grow
We are committed to investing and supporting you in your professional development and have developed a range of programs focused on fostering leadership, growth and development opportunities. We aim to promote continuous learning and individual skills development through on‑the‑job learning, self‑guided professional development courses and certifications. You’ll be assigned a dedicated coach to mentor, guide and support you through regular coaching sessions and serve as an advocate for your professional growth.
As you progress through your career at FTI Consulting, we offer tailored programs for critical professional milestones to ensure you are prepared and empowered to take on your next role.
What You Will Need to Succeed
Basic Qualifications
Bachelor’s or Master’s degree in a relevant field, such as computer science, engineering, law or public policy.
A few years of experience in data governance, privacy and/or AI governance, policy, or related fields.
A couple of years navigating, negotiating and reviewing commercial agreements involving complex data protection, AI terms, information technology and security schedules, cross‑border data transfers and operational service levels.
Significant years of total applicable work experience with at least half of those years in information technology, information security and/or operational risk management in the context of enterprise AI platforms, including managed services across cloud & hybrid cloud environments.
Any of the following certifications: Certified Information Privacy Professional (CIPP/US), Artificial Intelligence Governance Professional (AIGP), Certified Risk Professional (CRP), CRISC (Certified in Risk and Information Systems Control), or Certified Regulatory Compliance Manager (CRCM).
Demonstrated experience synthesizing legal, regulatory and contractual obligations into workstreams and related policy frequently.
Demonstrated experience scaling governance programs through operating model design (intake, triage, playbooks, automation) and measurable reporting metrics (KPIs).
Expert knowledge of domestic and global data protection regulations, emerging AI regulations and security frameworks (such as GDPR, CCPA, CPRA, HIPAA, GLBA, NIST, ISO 27701, ISO 42001) and applying them in complex global technology environments.
Demonstrated experience with cross‑border data protection transfer analysis and implementation, including transfer impact assessments, Standard Contractual Clauses and related governance or contracting workflows.
Comfort navigating ambiguity in evolving initiatives where scope, tooling and processes are still being defined.
Preferred Qualifications
Juris Doctor or Masters in Law strongly preferred. While this position will not be acting as legal counsel for FTI, in‑depth demonstrative legal acumen is required.
Demonstrated project management expertise.
Familiarity and ideally, previous experience with at least one major data governance enterprise platform (e.g., OneTrust), vendor risk management system, a Contract Lifecycle Management system (e.g., Ironclad, Docusign, Leah) and ServiceNow or similar workflow/intake platforms is a plus.
Experience working across multiple jurisdictions and supporting regional stakeholders in EMEA environments is strongly preferred.
Experience with Privacy Enhancing Technologies.
Experience governing agentic AI.
E-discovery or legal operations subject matter expertise.
Our goal is to support the wellbeing of you and your families—physically, emotionally, and financially. We offer market‑competitive benefits (including pension), supplemented by 15 flexible benefits, to meet your needs. These include health, lifestyle and family‑friendly options. We also offer professional development programme, wellness, recognition, community volunteering initiatives and flexible/hybrid working arrangements.
About FTI Consulting
FTI Consulting, Inc. is a leading global expert firm for organisations facing crisis and transformation, with more than 8,100 employees located in 32 countries and territories as of December 31, 2025. In certain jurisdictions, FTI Consulting’s services are provided through distinct legal entities that are separately capitalised and independently managed. The Company generated $3.80 billion in revenues during fiscal year 2025. More information can be found at www.fticonsulting.com.
FTI Consulting is an equal opportunity employer and does not discriminate on the basis of race, color, national origin, ancestry, citizenship status, protected veteran status, religion, physical or mental disability, marital status, sex, sexual orientation, gender identity or expression, age, or any other basis protected by law, ordinance, or regulation.
Job Family/Level: Op Level 3 — Director
Employee Status: Regular
#J-18808-Ljbffr