Senior Counsel, Cybersecurity

About The Position

Requirements

• Juris Doctorate; licensed and in good standing to practice in at least one state
• Experience working in a global law firm and a global corporation (in-house counsel)
• Minimum of ten (10) years in cybersecurity, cyber risk, incident response, or closely related domains, with significant cross functional leadership.
• Demonstrated experience leading complex incidents/tabletops and working directly with outside counsel/insurers/regulators.
• Up to 10% travel
• Eaton will not consider applicants for employment immigration sponsorship or support for this position. This means that Eaton will not support any CPT, OPT, or STEM OPT plans, F-1 to H-1B, H-1B cap registration, O-1, E-3, TN status, I-485 job portability, etc.

Nice To Haves

• Certifications: CISSP, CISM, CISA, CCSP, or relevant privacy credentials (e.g., CIPP/E, CIPP/US, CIPM).
• Experience with OT security governance and enterprise Zero Trust transformations.
• Experience working within a complex, multinational company.
• Experience within a manufacturer or other highly-engineered, physical product-based organization helpful.
• Strong command of global cyber/data protection frameworks
• Proven ability to translate legal/regulatory obligations into executable controls and measurable program outcomes.
• Executive presence; excellent written/oral communication with board level stakeholders.

Responsibilities

• Own the legal aspects of the enterprise incident response (IR) program including preparation, detection, response, recovery, and lessons learned; manage executive ready IR playbooks that clearly define roles functions.
• Contribute by assisting with the planning, deployment, and debriefing tabletop exercises with internal teams and outside firms; track remediation items through to closure and report outcomes to senior leadership and the board.
• Serve as on call executive advisor for material incidents, coordinating with security operations center, corporate event response team, outside counsel, insurers, regulators, and law enforcement as needed.
• Ensure eDiscovery, privilege, and regulatory timeline considerations are embedded in IR workflows (e.g., notification triggers, insurer engagement).
• Coordinate with Engineering and IT on AI incident reporting obligations under emerging regulations.
• Contribute to cross functional Cybersecurity/IT/OT governance forums; align policy and standards with Zero Trust, identity, network, cloud, and OT security programs.
• Oversee policy lifecycle (draft, socialize, approve, measure), including AI security monitoring standards and privacy by design controls in partnership with Data Protection Privacy teams.
• Direct risk assessments for major programs and products; track risk treatment plans and KRIs/KPIs in collaboration with GRC and Internal Audit.
• Act as the executive point of contact for global cybersecurity and data protection laws (e.g., U.S. sectoral rules, EU NIS2/GDPR, China’s Cybersecurity Law), coordinating with regional counsel and external advisors to interpret obligations and translate them into operational controls.
• Lead regulatory response readiness (notifications, supervisory inquiries, exam prep) and ensure documentation/attestations are accurate and defensible.
• Track and interpret AI-related regulatory developments (EU AI Act, U.S. state AI laws) and translate them into actionable compliance requirements.
• Co lead Cyber Product Review and security architecture gates for enterprise platforms and customer facing products/solutions; drive decision logs, actions, and risk acceptance processes with accountable owners (IT, Engineering, Product, Legal).
• Expand Cyber Product Reviews to include AI risk assessments for products and internal tools; ensure secure model deployment and vendor risk evaluations.
• Ensure integration, vulnerability management, and cloud security roadmaps; report progress, risks, and dependencies through executive dashboards.
• Provide board/C suite briefings on AI risk and cyber posture, material risks, control maturity, and incident updates, including emerging threats and compliance obligations; craft clear, business outcome focused narratives.
• Partner with Corporate Communications to prepare proactive/reactive statements and media strategies as part of IR planning and exercises.
• Coach and enable business/function leaders to own cyber risk within their domains.

Benefits

• competitive pay
• a variety of benefit programs
• variable incentive program
• Health and Welfare benefits
• Retirement benefits
• programs that provide for paid and unpaid time away from work