Global HR Head of Risk, Privacy & AI Governance

Job summary:

The Global HR Head of Risk, Privacy & AI Governance is responsible for the Global HR Strategy for Privacy and Risk with a particular focus on AI.  The role ensures proactive identification, management, and mitigation of HR‑related risks while ensuring compliance with global privacy laws, regulations, and emerging standards for AI governance. The role leads a small global team of Risk and Privacy professionals to establish and evolve the strategy for HR risk management, HR Privacy, and the responsible use of people‑related data, including data used in AI‑enabled HR technologies.  The successful candidate will monitor, interpret, and operationalize global privacy and AI‑related legal and regulatory changes. This role ensures that HR practices uphold the highest standards of data risk, privacy, security, and ethical handling

Key responsibilities:

This role will provide YOU the opportunity to lead key activities to progress YOUR career. These responsibilities include some of the following:

• Develop and implement Global HR Privacy and Risk strategy in collaboration with HRLT and GSK Privacy and Risk specialist teams, whilst ensuring BAU Privacy and Risk operations run efficiently
• Provide strategic leadership and clear direction on global privacy frameworks, digital solutions, and risk mitigation across the business
• Design, implement, and govern global privacy policies aligned with international regulatory standards, with a focus on new and emerging technologies
• Own and lead GSK’s response to HR data and employee privacy incidents, ensuring timely, proportionate, and effective resolution

Privacy Leadership

• Lead and conduct privacy impact assessments
• Oversee data minimization, retention, and governance
• Maintain privacy policies and compliance programs
• Lead GSK’s response to HR data and employee privacy incidents, ensuring timely, proportionate, and effective resolution

Risk Leadership:

• Develop, implement, and refine HR risk management strategies, policies, and procedures

• Conduct comprehensive HR risk assessments and build actionable mitigation plans

AI Governance & Responsible Data Use:

• Establish governance frameworks for HR’s use of AI and algorithmic tools
• Lead privacy risk assessments for AI‑driven HR use cases relating to data privacy, algorithmic bias, and ethical considerations
• Guide HR teams and vendors on responsible AI and bias mitigation
• Embed privacy‑by‑design and ethics‑by‑design principles

Capability Building & Advisory:

• Advise HR leaders on risk, privacy, and AI governance
• Deliver ongoing training and awareness programs
• Develop guidance materials and frameworks

Monitoring & Reporting:

• Establish monitoring mechanisms for HR risks and AI performance
• Provide reports, insights, and recommendations to senior leadership

Qualifications:

• We are seeking professionals with the following required skills and qualifications to help us achieve our goals:
• Lawyer or compliance professional with a degree in a relevant field
• Additional privacy qualifications including CIPP/E, CIPP/US or CIPP/M are advantageous but not essential
• Minimum of 10 years of experience in all aspects of data privacy
• Proven experience advising on established privacy regimes, including GDPR and US state privacy laws, with genuine hands-on exposure in other global markets across the Middle East, Asia Pacific and Latin America
• A proactive business partner who actively tracks emerging privacy laws, regulatory trends, enforcement themes, and industry direction

• Well-connected with regulators, peers, industry groups, advisors, and thought leaders. Brings external insight into the business and uses it to shape practical, informed advice with a solutions-first approach
• Hands-on experience advising on privacy risks in AI-driven and data-heavy technologies, including:
• AI training data, model risk, and data minimisation
• Human oversight, transparency, and accountability
• Translating AI governance principles into operational reality with a practical approach that builds credibility with stakeholders
• Has a wealth of in-house experience and knows which risks matter, how to prioritise them, and how to present them in a way that enables decision-making, not paralysis. Always comes with options, not just problems
• Excellent communicator who can easily transition between detailed operational guidance to crisp, board-level advice depending on the audience
• Trusted, calm and credible under pressure. Asks thoughtful questions, challenges assumptions, and actively seeks to understand what’s coming next – in regulation, technology, and business models
• Experience with HR processes and risk assessments, well-versed in advising on employee data lifecycle management from recruitment through exit, experienced in HR privacy risk assessments and DPIAs and global HR data transfers
• Management experience with an ability to lead and inspire a global team of privacy and risk professionals

Why GSK?

Uniting science, technology and talent to get ahead of disease together.

GSK is a global biopharma company with a purpose to unite science, technology and talent to get ahead of disease together. We aim to positively impact the health of 2.5 billion people by the end of the decade, as a successful, growing company where people can thrive.

We get ahead of disease by preventing and treating it with innovation in specialty medicines and vaccines. We focus on four therapeutic areas: respiratory, immunology and inflammation; oncology; HIV; and infectious diseases – to impact health at scale.

People and patients around the world count on the medicines and vaccines we make, so we’re committed to creating an environment where our people can thrive and focus on what matters most. Our culture of being ambitious for patients, accountable for impact and doing the right thing is the foundation for how, together, we deliver for patients, shareholders and our people.

GSK is an Equal Opportunity Employer. This ensures that all qualified applicants will receive equal consideration for employment without regard to race, color, religion, sex (including pregnancy, gender identity, and sexual orientation), parental status, national origin, age, disability, genetic information (including family medical history), military service or any basis prohibited under federal, state or local law.

We believe in an agile working culture for all our roles. If flexibility is important to you, we encourage you to explore with our hiring team what the opportunities are.

Should you require any adjustments to our process to assist you in demonstrating your strengths and capabilities contact us at [email protected] where you can also request a call.

Please note should your enquiry not relate to adjustments, we will not be able to support you through these channels. However, we have created a Recruitment FAQ guide. Click the Link where you will find answers to multiple questions we receive

Important notice to Employment businesses/ Agencies

GSK does not accept referrals from employment businesses and/or employment agencies in respect of the vacancies posted on this site. All employment businesses/agencies are required to contact GSK's commercial and general procurement/human resources department to obtain prior written authorization before referring any candidates to GSK. The obtaining of prior written authorization is a condition precedent to any agreement (verbal or written) between the employment business/ agency and GSK. In the absence of such written authorization being obtained any actions undertaken by the employment business/agency shall be deemed to have been performed without the consent or contractual agreement of GSK. GSK shall therefore not be liable for any fees arising from such actions or any fees arising from any referrals by employment businesses/agencies in respect of the vacancies posted on this site.

Please note that if you are a US Licensed Healthcare Professional or Healthcare Professional as defined by the laws of the state issuing your license, GSK may be required to capture and report expenses GSK incurs, on your behalf, in the event you are afforded an interview for employment. This capture of applicable transfers of value is necessary to ensure GSK’s compliance to all federal and state US Transparency requirements. For more information, please visit the Centers for Medicare and Medicaid Services (CMS) website at https://openpaymentsdata.cms.gov/