Senior Corporate Counsel, Privacy (hybr… at Nordstrom

What you'd actually do

Serve as the primary legal advisor on U.S. state privacy laws, including CCPA/CPRA, and the growing patchwork of state comprehensive privacy statutes (Virginia, Texas, Colorado, etc.)

Lead and maintain the company's U.S. privacy compliance program, including privacy notices, consent mechanisms, opt-out frameworks, and data subject rights processes

Monitor and assess emerging AI legislation, regulatory guidance, and enforcement trends across federal, state, and international jurisdictions, and advise on their practical implications for Nordstrom’s use of AI and automated decision-making

Develop and implement the company's AI governance framework, including policies for responsible AI use, vendor AI due diligence, and internal AI deployment standards

Provide legal support for the company's data security program, including review of security policies, vendor contracts, and data processing agreements

Skills

Required

J.D. with a license to practice law in Washington State
7-10 years of legal experience with a meaningful focus on U.S. privacy law
Experience in privacy law, including working with CAN-SPAM, TCPA, behavioral advertising, GLBA, HIPAA, PIPEDA, comprehensive U.S. state privacy laws such as CCPA/CPRA
Familiarity with AI governance frameworks and applicable AI laws and regulations, including state automated decision-making laws, the EU AI Act, and FTC guidance on algorithmic transparency and fairness
Experience advising on data security incidents and breach notification obligations
Proven ability to translate complex legal requirements into practical, business-friendly guidance
Strong drafting skills for policies, contracts, and legal summaries
Ability to successfully navigate quickly changing priorities, ambiguity, and the unexpected with a positive attitude
Comfort operating in a rapidly evolving AI regulatory landscape, with the ability to provide timely, practical guidance as new laws and enforcement priorities emerge
IAPP Certified Information Privacy Professional / United States (CIPP/US)

Nice to have

Familiarity with emerging state-level and GDPR privacy laws strongly preferred, including the Washington My Health My Data Act and similar consumer health data legislation
IAPP AI Governance Professional (AIGP) certification or equivalent
Prior in-house experience at a retailer, e-commerce company, or consumer-facing enterprise
Familiarity with adtech, loyalty program data practices, and consumer data monetization
Experience with AI vendor due diligence and negotiating AI-specific contract provisions
Exposure to FTC enforcement actions, state AG investigations, or privacy litigation

Job Description

We are seeking an experienced and business-minded Senior Corporate Counsel to join our in-house legal team at one of the nation's largest retailers. This is a high-impact individual contributor role embedded within a dynamic, enterprise-scale legal function. You will serve as the company's subject matter expert on U.S. data privacy law, artificial intelligence governance, and data security, advising senior stakeholders across Technology, Marketing, Strategic Sourcing, Operations, and beyond.

The position will collaborate with the Privacy team (housed within Technology) that partners with business units to understand and enable business objectives with practical privacy guidance. This team member will also work closely with other Privacy team members to support business initiatives, compliance efforts, privacy programs, and incident response efforts.

A day in the life…

Privacy Law & Compliance

Serve as the primary legal advisor on U.S. state privacy laws, including CCPA/CPRA, and the growing patchwork of state comprehensive privacy statutes (Virginia, Texas, Colorado, etc.)
Lead and maintain the company's U.S. privacy compliance program, including privacy notices, consent mechanisms, opt-out frameworks, and data subject rights processes
Monitor legislative and regulatory developments in U.S. privacy law and advise on required compliance changes in the context of rapidly evolving business processes
Monitor and assess emerging AI legislation, regulatory guidance, and enforcement trends across federal, state, and international jurisdictions, and advise on their practical implications for Nordstrom’s use of AI and automated decision-making

AI Governance & Policy

Develop and implement the company's AI governance framework, including policies for responsible AI use, vendor AI due diligence, and internal AI deployment standards
Advise on legal and regulatory risks associated with the use of AI and machine learning in retail contexts, including personalization, pricing, fraud detection, hiring tools, and generative AI applications
Track and interpret emerging AI-specific regulations at the federal and state level and assess applicability to company operations
Collaborate with internal teams to embed legal and ethical AI review into the product development lifecycle

Data Security & Incident Response

Provide legal support for the company's data security program, including review of security policies, vendor contracts, and data processing agreements
Serve as legal counsel for data security incidents and breaches, including breach notification obligations under state laws and coordination with forensic, communications, and regulatory response teams

Cross-Functional & Strategic Counsel

Draft, review, and negotiate privacy and data-related provisions in commercial agreements, technology contracts, and vendor agreements
Serve as a trusted legal partner to the Privacy, Information Security, and Technology teams
Develop and deliver training programs on privacy, AI governance, and data security topics for business stakeholders
Represent the legal function on cross-functional data governance committees

You got this if…

Required Qualifications

J.D. with a license to practice law in Washington State
7-10 years of legal experience with a meaningful focus on U.S. privacy law, with at least some in-house or law firm experience advising large, complex organizations
Experience in privacy law, including working with CAN-SPAM, TCPA, behavioral advertising, GLBA, HIPAA, PIPEDA, comprehensive U.S. state privacy laws such as CCPA/CPRA; familiarity with emerging state-level and GDPR privacy laws strongly preferred, including the Washington My Health My Data Act and similar consumer health data legislation
Familiarity with AI governance frameworks and applicable AI laws and regulations, including state automated decision-making laws, the EU AI Act, and FTC guidance on algorithmic transparency and fairness
Experience advising on data security incidents and breach notification obligations
Proven ability to translate complex legal requirements into practical, business-friendly guidance
Strong drafting skills for policies, contracts, and legal summaries
Ability to successfully navigate quickly changing priorities, ambiguity, and the unexpected with a positive attitude
Comfort operating in a rapidly evolving AI regulatory landscape, with the ability to provide timely, practical guidance as new laws and enforcement priorities emerge
IAPP Certified Information Privacy Professional / United States (CIPP/US)

Preferred Qualifications

IAPP AI Governance Professional (AIGP) certification or equivalent
Prior in-house experience at a retailer, e-commerce company, or consumer-facing enterprise
Familiarity with adtech, loyalty program data practices, and consumer data monetization
Experience with AI vendor due diligence and negotiating AI-specific contract provisions
Exposure to FTC enforcement actions, state AG investigations, or privacy litigation

We’ve got you covered…

Our employees are our most important asset and that’s reflected in our benefits. Nordstrom is proud to offer a variety of benefits to support employees and their families, including:

Medical/Vision, Dental, Retirement and Paid Time Away
Life Insurance and Disability
Merchandise Discount and EAP Resources

A few more important points...

The job posting highlights the most critical responsibilities and requirements of the job. It’s not all-inclusive. There may be additional duties, responsibilities and qualifications for this job.

For Los Angeles or San Francisco applicants: Nordstrom is required to inform you that we conduct background checks after conditional offer and consider qualified applicants with criminal histories in a manner consistent with legal requirements per Los Angeles, Cal. Muni. Code 189.04 and the San Francisco Fair Chance Ordinance. For additional state and location specific notices, please refer to the Legal Notices document within the FAQ section of the Nordstrom Careers site.

Applicants with disabilities who require assistance or accommodation should contact the nearest Nordstrom location, which can be identified at www.nordstrom.com.

Please be mindful that there may be legal notices and requirements related to this job posting that are specific to your state. Review the Career Site FAQ’s for relevant information and guidelines.

Current Nordstrom employees: To apply, log into Workday, click the Careers button and then click Find Jobs.

Applications are accepted on an ongoing basis.

Pay Range Details

The pay range(s) below has been provided in compliance with state specific laws. Pay ranges may be different for other locations. Pay offers are dependent on the location, as well as job-related knowledge, skills, and experience.

$141,500.00 - $233,500.00 Annual

This position may be eligible for performance-based incentives/bonuses. Benefits include 401k, medical/vision/dental/life/disability insurance options, PTO accruals, Holidays, and more. Eligibility requirements may apply based on location, job level, classification, and length of employment. Learn more in the Nordstrom Benefits Overview by copying and pasting the following URL into your browser: https://careers.nordstrom.com/pdfs/Ben_Overview_17-19.pdf

Job Description

A day in the life…

Privacy Law & Compliance

Serve as the primary legal advisor on U.S. state privacy laws, including CCPA/CPRA, and the growing patchwork of state comprehensive privacy statutes (Virginia, Texas, Colorado, etc.)
Lead and maintain the company's U.S. privacy compliance program, including privacy notices, consent mechanisms, opt-out frameworks, and data subject rights processes
Monitor legislative and regulatory developments in U.S. privacy law and advise on required compliance changes in the context of rapidly evolving business processes
Monitor and assess emerging AI legislation, regulatory guidance, and enforcement trends across federal, state, and international jurisdictions, and advise on their practical implications for Nordstrom’s use of AI and automated decision-making

AI Governance & Policy

Develop and implement the company's AI governance framework, including policies for responsible AI use, vendor AI due diligence, and internal AI deployment standards
Advise on legal and regulatory risks associated with the use of AI and machine learning in retail contexts, including personalization, pricing, fraud detection, hiring tools, and generative AI applications
Track and interpret emerging AI-specific regulations at the federal and state level and assess applicability to company operations
Collaborate with internal teams to embed legal and ethical AI review into the product development lifecycle

Data Security & Incident Response

Provide legal support for the company's data security program, including review of security policies, vendor contracts, and data processing agreements
Serve as legal counsel for data security incidents and breaches, including breach notification obligations under state laws and coordination with forensic, communications, and regulatory response teams

Cross-Functional & Strategic Counsel

Draft, review, and negotiate privacy and data-related provisions in commercial agreements, technology contracts, and vendor agreements
Serve as a trusted legal partner to the Privacy, Information Security, and Technology teams
Develop and deliver training programs on privacy, AI governance, and data security topics for business stakeholders
Represent the legal function on cross-functional data governance committees

You got this if…

Required Qualifications

J.D. with a license to practice law in Washington State
7-10 years of legal experience with a meaningful focus on U.S. privacy law, with at least some in-house or law firm experience advising large, complex organizations
Experience in privacy law, including working with CAN-SPAM, TCPA, behavioral advertising, GLBA, HIPAA, PIPEDA, comprehensive U.S. state privacy laws such as CCPA/CPRA; familiarity with emerging state-level and GDPR privacy laws strongly preferred, including the Washington My Health My Data Act and similar consumer health data legislation
Familiarity with AI governance frameworks and applicable AI laws and regulations, including state automated decision-making laws, the EU AI Act, and FTC guidance on algorithmic transparency and fairness
Experience advising on data security incidents and breach notification obligations
Proven ability to translate complex legal requirements into practical, business-friendly guidance
Strong drafting skills for policies, contracts, and legal summaries
Ability to successfully navigate quickly changing priorities, ambiguity, and the unexpected with a positive attitude
Comfort operating in a rapidly evolving AI regulatory landscape, with the ability to provide timely, practical guidance as new laws and enforcement priorities emerge
IAPP Certified Information Privacy Professional / United States (CIPP/US)

Preferred Qualifications

IAPP AI Governance Professional (AIGP) certification or equivalent
Prior in-house experience at a retailer, e-commerce company, or consumer-facing enterprise
Familiarity with adtech, loyalty program data practices, and consumer data monetization
Experience with AI vendor due diligence and negotiating AI-specific contract provisions
Exposure to FTC enforcement actions, state AG investigations, or privacy litigation

We’ve got you covered…

Our employees are our most important asset and that’s reflected in our benefits. Nordstrom is proud to offer a variety of benefits to support employees and their families, including:

Medical/Vision, Dental, Retirement and Paid Time Away
Life Insurance and Disability
Merchandise Discount and EAP Resources

A few more important points...

The job posting highlights the most critical responsibilities and requirements of the job. It’s not all-inclusive. There may be additional duties, responsibilities and qualifications for this job.

Applicants with disabilities who require assistance or accommodation should contact the nearest Nordstrom location, which can be identified at www.nordstrom.com.

Please be mindful that there may be legal notices and requirements related to this job posting that are specific to your state. Review the Career Site FAQ’s for relevant information and guidelines.

Current Nordstrom employees: To apply, log into Workday, click the Careers button and then click Find Jobs.

Applications are accepted on an ongoing basis.

Pay Range Details

$141,500.00 - $233,500.00 Annual

Senior Corporate Counsel, Privacy (hybrid, Seattle)

What you'd actually do

Skills

Required

Nice to have

What the JD emphasized

Job Description

Job Description