Lead Counsel, Cybersecurity and Privacy

Wabtec•Pittsburgh, PA

1d•Hybrid

About The Position

Reporting to the Chief Compliance Officer, the Lead Counsel, Cybersecurity & Privacy will lead and help mature the company’s global privacy and cybersecurity legal and compliance program, partnering closely with Legal, Information Security, IT, HR, Procurement, and business leaders across a diverse, fast-moving environment. This position is based at Wabtec’s Headquarters in Pittsburgh, PA (in-office, hybrid work schedule). As a Legal/Compliance team member, you will be responsible for supporting various company-wide projects and initiatives addressing privacy and regulatory compliance risks. Translate global privacy and cybersecurity requirements into practical, scalable controls for the business (including GDPR/UK GDPR, ePrivacy, and U.S. state privacy laws such as CCPA/CPRA). Advise on EU/UK cybersecurity and digital operations requirements (e.g., NIS2/UK NIS; emerging product/cybersecurity frameworks). Supply-chain due diligence/disclosure regimes experience is a plus. The successful candidate will bring excellent interpersonal skills and executive presence, with the ability to influence decisions across functions, translate complex requirements for non-technical stakeholders, and build trusted partnerships. Must be able to independently prioritize competing demands based on risk, manage deadlines, and drive outcomes in a fast-paced, global, and culturally diverse environment. Strategic, risk-based approach with experience scaling privacy/cybersecurity programs, building repeatable governance, and leveraging automation to improve execution.

Requirements

Juris Doctor (JD) degree from an accredited law school.
Member of a state bar (in good standing).
7+ years of legal experience, with a focus on data privacy and cybersecurity compliance.
Experience with privacy compliance operations and tooling (e.g., DPIAs/RoPA, DSAR intake/fulfillment, and vendor assessments; OneTrust/TrustArc a plus).
Experience scaling and advising on third-party risk management from privacy and cybersecurity perspectives, and navigating global cybersecurity regulatory frameworks.
Familiarity with AI governance and emerging technology legal risk (e.g., AI tool adoption, data use/security considerations) and related cross-functional governance.

Nice To Haves

Privacy and cybersecurity law experience in a global manufacturing company (preferred).
People leadership experience (preferred).
CIPP or similar certification (preferred).

Responsibilities

Develop and implement a global data privacy strategy that aligns with the company’s objectives, relevant laws and regulations, and industry best practices, including by drafting data privacy policies and procedures and internal and external facing privacy notices.
Supervise a Data Privacy Specialist and provide strategic direction, escalation support, and governance for regional privacy resources, including managing relationships with contracted Data Protection Officers (DPOs) where used, to ensure consistent global execution while accounting for local requirements.
Partner with HR, IT, Information Security, Procurement, and Legal to assess privacy/security risk and implement consistent, practical controls.
Draft, review, and negotiate privacy and cybersecurity terms in commercial contracts, data processing agreements, cross-border transfer arrangements, and other privacy/security-related agreements.
Lead/oversee DPIAs and privacy/security risk assessments; track remediation to reduce risk.
Monitor global privacy and cybersecurity laws/regulatory developments; advise on impact and required program changes.
Advise on AI governance and emerging technology matters (risk assessments, standards/guardrails, and vendor/tool adoption).
Serve as a point of contact for data privacy inquiries and data subject requests from employees and external parties, including global data protection authorities.
Lead/oversee third-party privacy and security assessments; advise on risk tiering, remediation, and contractual safeguards, and improve the program through process and automation.
Educate and train employees on data privacy and cybersecurity, in order to foster a culture of security and privacy within Wabtec.
Partner with Information Security/IT on security governance, policies, and response protocols.
Support enterprise compliance training and communications to promote a culture of integrity.
Act as lead legal counsel during cybersecurity and data incidents, providing incident response advice and support including investigation strategy, privilege considerations, engagement and management of outside counsel and forensic providers, notification decisioning, mitigation, and remediation.