Counsel, Privacy, AI, and Data Protection

Why Valvoline Global Operations? At Valvoline Global Operations, we're proud to be The Original Motor Oil, but we've never rested on being first. Founded in 1866, we introduced the world's first branded motor oil, staking our claim as a pioneer in the automotive and industrial solutions industry. Today, as an affiliate of Aramco, one of the world's largest integrated energy and chemicals companies, we are driven by innovation and committed to creating sustainable solutions for a better future.

With a global presence, we develop future-ready products and provide best-in-class services for our partners around the world. For us, originality isn't just about where we began; it's about where we're headed and how we'll lead the way. We are originality in motion. Our corporate values-Care, Integrity, Passion, Unity, and Excellence-are at the heart of everything we do. These values define how we operate, how we treat one another, and how we engage with our partners, customers, and the communities we serve.

At Valvoline Global, we are united in our commitment to:
* Treating everyone with care.
* Acting with unwavering integrity.
* Striving for excellence in all endeavors.
* Delivering on our commitments with passion.
* Collaborating as one unified team. When you join Valvoline Global, you'll become part of a culture that celebrates creativity, innovation, and excellence. Together, we're shaping the future of automotive and industrial solutions. Valvoline Global Operations Headquarters is located in Lexington, KY. We prefer local candidates willing to work an in-office work schedule (3 days per week).
* We're also open to candidates working in a remote capacity. The Counsel for Privacy, AI, and Data Protection serves as the enterprise subject matter authority and accountable legal owner for Valvoline Global Operations' global privacy, data protection, and AI governance programs. This role is responsible for establishing and maintaining scalable, compliant, and business-enabling frameworks that govern the organization's use of data and artificial intelligence across all regions.

Operating with significant independence, this role translates complex and evolving regulatory requirements into actionable enterprise policies, standards, and risk-based guidance. The position has direct accountability for the effectiveness, maturity, and continuous improvement of privacy and AI governance programs, influencing senior leadership decisions and enabling responsible innovation while protecting the organization from regulatory, legal, and reputational risk.

Key Responsibilities Include
* Privacy & Data Protection Program Leadership *

Accountable for the design, implementation, and ongoing effectiveness of Valvoline's global privacy program, including governance structure, policies, and operational processes. *

• Owns enterprise interpretation and application of global privacy laws (e.g., GDPR, CCPA/CPRA), establishing company-wide standards and guidance. *
• Accountable for core privacy program operations, including DPIAs/PIAs, DSAR processes, data mapping, and records of processing activities, ensuring they are scalable, auditable, and consistently executed. *
• Establishes and monitors program KPIs and metrics to measure compliance, maturity, and operational effectiveness; drives remediation where gaps exist. *
• Leads integration of privacy-by-design principles into business processes, systems, and product development, ensuring consistent adoption across functions.
  * Artificial Intelligence Governance & Responsible Innovation *
• Accountable for the enterprise AI governance framework, including policy development, risk classification models, and required controls. *
• Owns the legal review and risk determination framework for AI/ML use cases, including defining approval thresholds and escalation criteria. *
• Ensures AI initiatives meet regulatory, ethical, and internal governance standards, providing final legal guidance on high-risk or ambiguous use cases. *
• Translates global AI regulatory developments into enforceable internal requirements, ensuring timely adoption across the enterprise. *
• Partners cross-functionally but retain accountability for the legal sufficiency and defensibility of AI governance practices.
  * Regulatory Compliance, Risk Management & Incident Response *
• Accountable for identifying and assessing enterprise-level legal risks related to data protection, cybersecurity, and AI. *
• Owns legal guidance on cross-border data transfers and data governance structures, including approval of compliant transfer mechanisms. *
• Serves as the lead legal advisor during data incidents, accountable for legal risk assessment, privilege strategy, and notification obligations. *
• Oversees legal support for regulatory inquiries, audits, and investigations, ensuring consistency and defensibility of the company's position. *
• Drives alignment with Information Security and Compliance, while maintaining ownership of legal risk positions and interpretations.
  *…