Senior Corporate Counsel, Privacy (Hybrid, Seattle)
About The Position
We are seeking an experienced and business-minded Senior Corporate Counsel to join our in-house legal team at one of the nation's largest retailers. This is a high-impact individual contributor role embedded within a dynamic, enterprise-scale legal function. You will serve as the company's subject matter expert on U.S. data privacy law, artificial intelligence governance, and data security, advising senior stakeholders across Technology, Marketing, Strategic Sourcing, Operations, and beyond. The position will collaborate with the Privacy team (housed within Technology) that partners with business units to understand and enable business objectives with practical privacy guidance. This team member will also work closely with other Privacy team members to support business initiatives, compliance efforts, privacy programs, and incident response efforts. A day in the life… Privacy Law & Compliance Serve as the primary legal advisor on U.S. state privacy laws, including CCPA/CPRA, and the growing patchwork of state comprehensive privacy statutes (Virginia, Texas, Colorado, etc.) Lead and maintain the company's U.S. privacy compliance program, including privacy notices, consent mechanisms, opt-out frameworks, and data subject rights processes Monitor legislative and regulatory developments in U.S. privacy law and advise on required compliance changes in the context of rapidly evolving business processes Monitor and assess emerging AI legislation, regulatory guidance, and enforcement trends across federal, state, and international jurisdictions, and advise on their practical implications for Nordstrom’s use of AI and automated decision-making AI Governance & Policy Develop and implement the company's AI governance framework, including policies for responsible AI use, vendor AI due diligence, and internal AI deployment standards Advise on legal and regulatory risks associated with the use of AI and machine learning in retail contexts, including personalization, pricing, fraud detection, hiring tools, and generative AI applications Track and interpret emerging AI-specific regulations at the federal and state level and assess applicability to company operations Collaborate with internal teams to embed legal and ethical AI review into the product development lifecycle Data Security & Incident Response Provide legal support for the company's data security program, including review of security policies, vendor contracts, and data processing agreements Serve as legal counsel for data security incidents and breaches, including breach notification obligations under state laws and coordination with forensic, communications, and regulatory response teams Cross-Functional & Strategic Counsel Draft, review, and negotiate privacy and data-related provisions in commercial agreements, technology contracts, and vendor agreements Serve as a trusted legal partner to the Privacy, Information Security, and Technology teams Develop and deliver training programs on privacy, AI governance, and data security topics for business stakeholders Represent the legal function on cross-functional data governance committees
Requirements
- J.D. with a license to practice law in Washington State
- 7-10 years of legal experience with a meaningful focus on U.S. privacy law, with at least some in-house or law firm experience advising large, complex organizations
- Experience in privacy law, including working with CAN-SPAM, TCPA, behavioral advertising, GLBA, HIPAA, PIPEDA, comprehensive U.S. state privacy laws such as CCPA/CPRA; familiarity with emerging state-level and GDPR privacy laws strongly preferred, including the Washington My Health My Data Act and similar consumer health data legislation
- Familiarity with AI governance frameworks and applicable AI laws and regulations, including state automated decision-making laws, the EU AI Act, and FTC guidance on algorithmic transparency and fairness
- Experience advising on data security incidents and breach notification obligations
- Proven ability to translate complex legal requirements into practical, business-friendly guidance
- Strong drafting skills for policies, contracts, and legal summaries
- Ability to successfully navigate quickly changing priorities, ambiguity, and the unexpected with a positive attitude
- Comfort operating in a rapidly evolving AI regulatory landscape, with the ability to provide timely, practical guidance as new laws and enforcement priorities emerge
- IAPP Certified Information Privacy Professional / United States (CIPP/US)
Nice To Haves
- IAPP AI Governance Professional (AIGP) certification or equivalent
- Prior in-house experience at a retailer, e-commerce company, or consumer-facing enterprise
- Familiarity with adtech, loyalty program data practices, and consumer data monetization
- Experience with AI vendor due diligence and negotiating AI-specific contract provisions
- Exposure to FTC enforcement actions, state AG investigations, or privacy litigation
Responsibilities
- Serve as the primary legal advisor on U.S. state privacy laws, including CCPA/CPRA, and the growing patchwork of state comprehensive privacy statutes (Virginia, Texas, Colorado, etc.)
- Lead and maintain the company's U.S. privacy compliance program, including privacy notices, consent mechanisms, opt-out frameworks, and data subject rights processes
- Monitor legislative and regulatory developments in U.S. privacy law and advise on required compliance changes in the context of rapidly evolving business processes
- Monitor and assess emerging AI legislation, regulatory guidance, and enforcement trends across federal, state, and international jurisdictions, and advise on their practical implications for Nordstrom’s use of AI and automated decision-making
- Develop and implement the company's AI governance framework, including policies for responsible AI use, vendor AI due diligence, and internal AI deployment standards
- Advise on legal and regulatory risks associated with the use of AI and machine learning in retail contexts, including personalization, pricing, fraud detection, hiring tools, and generative AI applications
- Track and interpret emerging AI-specific regulations at the federal and state level and assess applicability to company operations
- Collaborate with internal teams to embed legal and ethical AI review into the product development lifecycle
- Provide legal support for the company's data security program, including review of security policies, vendor contracts, and data processing agreements
- Serve as legal counsel for data security incidents and breaches, including breach notification obligations under state laws and coordination with forensic, communications, and regulatory response teams
- Draft, review, and negotiate privacy and data-related provisions in commercial agreements, technology contracts, and vendor agreements
- Serve as a trusted legal partner to the Privacy, Information Security, and Technology teams
- Develop and deliver training programs on privacy, AI governance, and data security topics for business stakeholders
- Represent the legal function on cross-functional data governance committees
Benefits
- Medical/Vision
- Dental
- Retirement and Paid Time Away
- Life Insurance and Disability
- Merchandise Discount and EAP Resources
- 401k
- medical/vision/dental/life/disability insurance options
- PTO accruals
- Holidays
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
Education Level
Ph.D. or professional degree
