Director, Managing Counsel-Privacy & Cyber Security

About The Position

Requirements

• Juris Doctorate degree from an accredited law school with strong academic credentials; and license to practice law in at least one state
• 8+ years of experience working in a law firm or corporate legal department (or a combination of the two) in the areas of U.S. privacy law, data/cyber security law, and data transfer law, including substantial responsibility advising business stakeholders.
• Demonstrated experience leading cross-functional privacy and/or cyber security programs, governance cadences, policy development, and training/enablement initiatives.
• Familiarity with commercial privacy compliance/privacy data management systems and implementing tool selection processes.
• Experience with drafting, reviewing, and negotiating IT and SaaS contracts
• High level expertise in privacy law and cyber security practices, experience with conducting privacy impact assessments, and extensive familiarity with other areas of IT and data transfer laws.
• Substantive privacy/cyber security experience and knowledge of relevant global data protection.
• Prior experience responding to and managing data breaches/data incidents, and participation in tabletop exercises and incident communications coordination.
• Demonstrated ability to operationalize enterprise governance programs and translate legal requirements into scalable processes, policies, and controls.
• Establishes and maintains relationships, credibility, and trust with members of the Legal Department, clients, stakeholders, and other colleagues.
• Demonstrates excellent verbal and written communication skills, including the ability to explain complex legal issues to technical and non-technical audiences.
• Demonstrates excellent judgment, ability to work under pressure, manage assigned workloads and competing priorities, and meet deadlines

Nice To Haves

• BS or BA undergraduate degree
• Privacy or information security certification (e.g., CIPP/US, CIPM, CISSP) or comparable advanced training
• Experience working with companies that collect and use personal information and consumer data at scale; CPG/food manufacturing experience is highly preferred.
• Familiarity with EU and Canadian AI and privacy laws.
• Excels in a collaborative, team-based work environment across various departments

Responsibilities

• Perform administrative duties in connection with the company’s Privacy Office operations.
• Develop, update, and implement internal/external policies, standards, procedures and guidelines across privacy, data governance, and records compliance, draft and provide guidance on AI and privacy notices for business stakeholders.
• Design and deliver training for enterprise stakeholders on AI and privacy regulations, and data/cyber security obligations.
• Manage outside counsel workstreams for AI, privacy, cyber security, and related matters.
• Monitor legal and regulatory trends and translate them into practical requirements.
• Lead updates on contractual and operational security requirements for our Data Privacy and Data Security Addendums, and AI Permitted Use Terms.
• Lead contract & transactional support for privacy and cyber security matters, including draft, review and negotiation of Data Privacy and Data Security Addendums, AI Permitted Use Terms, SaaS/IT contracts, and privacy and security provisions in supplier and customer agreements.
• Support strategic acquisitions, divestitures, joint ventures, and due diligence activities for privacy/cyber/data governance issues.
• Execute digital governance programs and initiatives entailing drafting and publishing of data management policies and playbooks, advising and counseling cross functional data stewardship teams, as well as core participation in AI impact assessments.
• Provide leadership for Data/Cyber Security readiness, and incident and data breach responses and other operational support, including: participating in cybersecurity tabletop exercises; developing cyber/legal readiness cross disciplinary end‑to‑end process flows; review and revise company data breach communication plans; participating in and providing specialized advisory support for investigations, incidents; and maintaining contact with law enforcement agencies
• Maintain other cyber/privacy incident governance artifacts, including the company’s data breach policy, cyber audit reporting processes, and maintenance of related procedures and playbooks.
• Design and implement the company’s Privacy Impact Assessment (PIA) program.
• Advise on and monitor privacy compliance implementation across the company in our consumer, employee/HR, and Canadian businesses including maintenance of our company’s data workbooks, data maps, consumer and employee data subject access requests, and cookie management processes.

Benefits

• competitive Total Rewards program