AI Governance & Data Privacy General Counsel

Honeywell · Industrial · Charlotte, NC +1

Seeking an experienced AI Governance & Data Privacy General Counsel to provide strategic legal guidance on AI innovation, data privacy, and enterprise risk management, enabling responsible AI adoption and compliance across internal operations, products, and third-party solutions in a highly regulated environment. Responsibilities include leading AI governance strategy, developing policies, advising on data governance for AI/ML, supporting AI contracting, and managing global privacy and data protection for business units.

What you'd actually do

Lead and execute Honeywell’s AI governance and legal strategy, maintaining and operationalizing Honeywell’s scalable Responsible AI Governance Framework to enable growth and innovation while managing risk.
Develop, maintain, and advise on the implementation of AI governance policies, standards, and processes under applicable regulations, including algorithmic accountability, model validation, bias testing, human-in/on-the-loop requirements, monitoring, testing, inventory management, and decommissioning of AI systems.
Provide legal oversight of AI marketing and external capability claims to ensure accuracy, consistency, and avoidance of misleading statements or “AI washing.”
Advise on data governance for AI/ML systems, including lawful basis/consent, data quality and provenance, privacy-enhancing techniques, retention, and access controls for training, fine-tuning, evaluation, and monitoring datasets.
Provide legal support for AI contracting, procurement, and third-party diligence, including developing standard customer and supplier terms and addressing AI risk considerations in commercial transactions and M&A.

Skills

Required

10+ years of relevant legal experience, including significant experience advising on AI, privacy/data protection, and technology matters.
J.D. (or equivalent) and admitted to practice law in a jurisdiction in the United States.
Established thought leader on AI law and governance, data privacy, and complex technology regulatory risk areas, with a demonstrated ability to influence at the senior leadership level.
Deep working knowledge of global AI, data privacy, and data protection regulations.
Proficiency partnering with technical teams on security and resilience, accuracy and robustness evaluation, bias and fairness assessment, explainability and transparency practices, and appropriate governance processes and artifacts.
Ability to define success criteria using KPIs, dashboards, and risk heat maps to assess risk and propose effective mitigation strategies.
Strong contracting capability for AI and data, including drafting and negotiating AI- and privacy-specific terms (data use restrictions, audit rights, security requirements, IP, and allocation of AI-related risk).
Incident response and regulatory engagement experience for AI- and privacy-related events, including investigations, audits, and interactions with regulators globally.

Nice to have

Experience with GDPR, CCPA/CPRA, LGPD, PIPL, cross-border transfer laws, and other sectoral and state privacy laws.
Experience leading and advising on Data Protection Impact Assessments (DPIAs), risk assessments, and other privacy reviews.
Experience drafting, reviewing, and negotiating privacy and data protection terms (DPAs, SCCs, cross-border transfer mechanisms, security addenda, and audit rights).
Experience partnering with cybersecurity and incident response teams on privacy incidents and data breaches.
Experience overseeing privacy compliance for marketing, digital analytics, and customer engagement activities.
Experience developing and delivering privacy training and awareness for business and technical stakeholders.

What the JD emphasized

AI Governance
Data Privacy
regulatory guidance
risk management
responsible AI adoption
AI policies
algorithmic accountability
model validation
bias testing
human-in/on-the-loop requirements
monitoring
testing
inventory management
decommissioning of AI systems
AI marketing
AI washing
data governance for AI/ML systems
lawful basis/consent
data quality and provenance
privacy-enhancing techniques
retention
access controls
training datasets
fine-tuning datasets
evaluation datasets
monitoring datasets
AI contracting
procurement
third-party diligence
customer terms
supplier terms
commercial transactions
M&A
AI literacy initiatives
Responsible AI Governance Framework
enterprise-wide training
function-specific training
awareness campaigns
senior leadership
AI policy trends
regulatory risk
contractual risk
reputational risk
AI-related incident response
escalation
legal
cybersecurity
engineering
HR
communications teams
litigation involving AI technologies
external forums
industry groups
standards bodies
global privacy
data protection
GDPR
CCPA/CPRA
LGPD
PIPL
cross-border transfer laws
sectoral and state privacy laws
Data Protection Impact Assessments (DPIAs)
risk assessments
privacy reviews
new products
AI use cases
third-party tools
remediation plans
risk acceptance
privacy and data protection terms
DPAs
SCCs
cross-border transfer mechanisms
security addenda
audit rights
customers
suppliers
strategic partners
privacy incidents
data breaches
regulatory notification analysis
communications strategy
post-incident corrective actions
marketing
digital analytics
customer engagement activities
cookies/trackers
consent management
targeted advertising
privacy notices
data subject rights workflows
internal operating procedures
audits
regulator inquiries
outside counsel
privacy training
awareness
business stakeholders
technical stakeholders
product lifecycle
procurement processes
AI law
complex technology regulatory risk
influence at the senior leadership level
global AI
data privacy
data protection regulations
technical teams
security
resilience
accuracy
robustness evaluation
bias
fairness assessment
explainability
transparency practices
governance processes
artifacts
success criteria
KPIs
dashboards
risk heat maps
risk mitigation strategies
AI contracting
data contracting
drafting
negotiating
AI-specific terms
data use restrictions
audit rights
security requirements
IP
allocation of AI-related risk
incident response
regulatory engagement
AI-related events
investigations
audits
regulators globally
10+ years of relevant legal experience
advising on AI
privacy/data protection
technology matters
J.D. (or equivalent)
admitted to practice law in a jurisdiction in the United States

Read full job description

We are seeking a highly experienced and skilled AI Governance & Data Privacy General Counsel to join our legal team and serve as a strategic legal partner to the business, providing critical regulatory guidance across product and engagement lifecycles and helping the business anticipate and manage complex regulatory risk in an increasingly dynamic environment.

This role sits at the intersection of AI innovation, data privacy, and enterprise risk management, enabling responsible AI adoption and data privacy compliance across internal operations, products, and third-party solutions. The position carries primarily strategic responsibility with execution responsibilities as needed—shaping enterprise policies and governance, partnering with legal, compliance, engineering, cybersecurity, product, and commercial teams to enable growth, and proactively managing day-to-day legal and regulatory risk in highly regulated environments. Honeywell is seeking a senior, established thought leader who can provide global practical risk-based guidance, influence stakeholders, and drive measurable outcomes through practical implementation as needed.

You will report directly to our VP & GC Data Privacy and you’ll work out of our Charlotte, NC (preferred), OR Washington, DC locations on a **hybrid **work schedule.

Key Responsibilities:

AI Governance

Lead and execute Honeywell’s AI governance and legal strategy, maintaining and operationalizing Honeywell’s scalable Responsible AI Governance Framework to enable growth and innovation while managing risk.
Develop, maintain, and advise on the implementation of AI governance policies, standards, and processes under applicable regulations, including algorithmic accountability, model validation, bias testing, human-in/on-the-loop requirements, monitoring, testing, inventory management, and decommissioning of AI systems.
Provide legal oversight of AI marketing and external capability claims to ensure accuracy, consistency, and avoidance of misleading statements or “AI washing.”
Advise on data governance for AI/ML systems, including lawful basis/consent, data quality and provenance, privacy-enhancing techniques, retention, and access controls for training, fine-tuning, evaluation, and monitoring datasets.
Provide legal support for AI contracting, procurement, and third-party diligence, including developing standard customer and supplier terms and addressing AI risk considerations in commercial transactions and M&A.
Support AI literacy initiatives and Honeywell’s Responsible AI Governance Framework through enterprise-wide and function-specific training and awareness campaigns.
Act as a trusted advisor to senior leadership on AI policy trends affecting the company’s markets, including regulatory, contractual, and reputational risk considerations.
Support AI-related incident response and escalation, coordinating with legal, cybersecurity, engineering, HR, and communications teams.
Support litigation involving AI technologies.
Serve as Honeywell’s principal legal representative in external forums, including engagement with industry groups and standards bodies.

Data Privacy

Serve as the primary legal advisor for global privacy and data protection for one or more Honeywell business units, including interpretation and implementation of applicable laws and frameworks (e.g., GDPR, CCPA/CPRA, LGPD, PIPL, cross-border transfer laws, sectoral and state privacy laws).
Lead and advise on Data Protection Impact Assessments (DPIAs), risk assessments, and other privacy reviews for new products, AI use cases, and third-party tools; drive remediation plans and document risk acceptance where appropriate.
Draft, review, and negotiate privacy and data protection terms (DPAs, SCCs, cross-border transfer mechanisms, security addenda, and audit rights) for customers, suppliers, and strategic partners.
Partner with cybersecurity and incident response teams on privacy incidents and data breaches, including regulatory notification analysis, communications strategy, and post-incident corrective actions.
Oversee privacy compliance for marketing, digital analytics, and customer engagement activities (e.g., cookies/trackers, consent management, targeted advertising considerations, and privacy notices).
Advise on data subject rights workflows and internal operating procedures; support audits and regulator inquiries; and manage outside counsel as needed.
Develop and deliver privacy training and awareness for business and technical stakeholders; help embed privacy requirements into product lifecycle and procurement processes.

Critical Skills

Established thought leader on AI law and governance, data privacy, and complex technology regulatory risk areas, with a demonstrated ability to influence at the senior leadership level.
Deep working knowledge of global AI, data privacy, and data protection regulations.
Proficiency partnering with technical teams on security and resilience, accuracy and robustness evaluation, bias and fairness assessment, explainability and transparency practices, and appropriate governance processes and artifacts.
Ability to define success criteria using KPIs, dashboards, and risk heat maps to assess risk and propose effective mitigation strategies.
Strong contracting capability for AI and data, including drafting and negotiating AI- and privacy-specific terms (data use restrictions, audit rights, security requirements, IP, and allocation of AI-related risk).
Incident response and regulatory engagement experience for AI- and privacy-related events, including investigations, audits, and interactions with regulators globally.

You Must Have:

10+ years of relevant legal experience, including significant experience advising on AI, privacy/data protection, and technology matters.
J.D. (or equivalent) and admitted to practice law in a jurisdiction in the United States.
Demonstrated ability to synthesize complex issues quickly and communicate clearly and succinctly to technical and non-technical audiences.
Proven subject matter expertise in AI governance, data privacy, and regulatory risk management.

We Value:

Prior in-house or top law firm legal experience.
Experience with global regulatory regimes.
Background in regulated or safety-critical industries.
Strong, independent leadership and the ability to set strategic direction and execute effectively in a matrixed organization.
CIPP/E, CIPP/US, CIPM certification or experience with ISO/IEC 42001

BENEFITS OF WORKING FOR HONEYWELL

In addition to a competitive salary, leading-edge work, and developing solutions side-by-side with dedicated experts in their fields, Honeywell employees are eligible for a comprehensive benefits package. This package includes employer subsidized Medical, Dental, Vision, and Life Insurance; Short-Term and Long-Term Disability; 401(k) match, Flexible Spending Accounts, Health Savings Accounts, EAP, and Educational Assistance; Parental Leave, Paid Time Off (for vacation, personal business, sick time, and parental leave), and 12 Paid Holidays. For more information visit: click here

The application period for the job is estimated to be 40 days from the job posting date; however, this may be shortened or extended depending on business needs and the availability of qualified candidates.

PAY EQUITY

The annual base salary range for this position is $242,000 - $302,000. Please note that this salary information serves as a general guideline. Honeywell considers various factors when extending an offer, including but not limited to the scope and responsibilities of the position, the candidate's work experience, education and training, key skills, as well as market and business considerations.

ABOUT HONEYWELL

Honeywell International Inc. (Nasdaq: HON) invents and commercializes technologies that address some of the world's most critical challenges around energy, safety, security, air travel, productivity, and global urbanization. We are a leading software-industrial company committed to introducing state of the art technology solutions to improve efficiency, productivity, sustainability, and safety in high growth businesses in broad-based, attractive industrial end markets. Our products and solutions enable a safer, more comfortable, and more productive world, enhancing the quality of life of people around the globe. Learn more about Honeywell: click here

THE BUSINESS UNIT

The Corporate Strategic Business Group (CORP SBG) at Honeywell is a division focused on corporate-level functions and initiatives that support the overall operations and strategy of the company. It is responsible for overseeing areas such as finance, legal, human resources, communications, and corporate governance, working closely with other business units and SBGs to ensure alignment and coordination across the organization. The CORP SBG plays a crucial role in the overall strategic direction and management of Honeywell's corporate functions and operations, supporting the company's business objectives.

_Honeywell is an equal opportunity employer. Qualified applicants will be considered without regard to age, race, creed, color, national origin, ancestry, marital status, affectional or sexual orientation, gender identity or expression, disability, nationality, sex, religion, or veteran status. Learn more about inclusion and diversity: _click here