Responsible for supporting the development, implementation and maintenance of the company's Global Privacy and Data Protection program with the goal of ensuring compliance with all applicable laws and regulations globally. This position is part of the Compliance team within the company’s larger Legal, Risk and Compliance function. The position will work closely with central service departments and business units across the company; provide legal advice and operational compliance support to HR, IT, Information Security, Procurement and the businesses; and provide legal support to senior lawyers on the team.
Supporting the company’s Compliance and Privacy function:
- Supports the development and implementation of the company’s Privacy and Data Protection policies, processes and procedures.
- Monitors changes in Privacy and Data Protection laws and regulations globally to ensure company adaptation and compliance, including all required country registrations.
- Provides legal advice regarding the implications of new privacy and data protection laws and regulations globally that impact the company’s business.
- Identifies and implements data privacy best practices.
- Assists with compliance communications, trainings and awareness activities and campaigns.
- Closely collaborates with Information Security to ensure alignment between Information Security and Privacy policies and practices.
- Assists with the review of data protection impact assessments and provides support and guidance for such assessments.
- Collaborates with and supports the commercial legal and contracting functions on the drafting, review, and negotiation of Privacy and Data Protection matters related to customer, vendor and third-party contracts (e.g., data transfer agreements, model clauses, privacy notices/policies).
- Serves and supports activities with regulatory and data protection authorities for matters relating to privacy and data protection (e.g., UK’s ICO and FCA, U.S. state attorneys general).
- Assists with the investigation and management of Data Subject Access Rights requests (e.g., changes to/deletion of information from systems) and complaints.
- Assists with the collection, analysis and reporting of Privacy and Data Protection program data and metrics for continuous process improvement.
- Assists with client queries and audits and regulatory inspections related to the company’s Privacy and Data Protection program.
- Assists with data security incident responses, including handling privacy impact assessments and breach notification obligations.
- Provides legal advice and assistance on matters related to HIPAA, PCI compliance, TCPA, and other data privacy and data protection laws.
- Assists with other projects and initiatives as needed.
- Completion of law school with a J.D. or L.L.B. degree and admission to the bar and in good standing in at least one jurisdiction in the United States required.
- 2+ years of legal experience as a practicing attorney, with demonstrated interest and experience advising on global data protection/ privacy laws and requirements.
- Experience as in-house counsel and litigation/law firm experience preferred.
- Experience with U.S. data breach laws and incident response.
- Experience with IT, Information Security and cyber risk issues.
- Knowledge of U.S., Canada, European, and APAC privacy and data protection laws, regulations and best practices (CASL, CAN-SPAM, PCI DSS, HIPAA, GDPR, Privacy Shield, APEC’s CBPR, etc.).
- Innovative, forward-thinking and results-oriented with a passion to solve complex problems in a creative and pragmatic way and to translate laws and regulations into actionable policies and procedures that enable business objectives.
- Demonstrated ability to influence and drive internal and external stakeholders to a decision in a matrix corporate environment.
- Ability to work independently, meet tight deadlines and work effectively in a multi-functional, international team environment.
- Excellent interpersonal skills, work ethic and team/collaboration experience.
- Strong investigative, analytical, communication and writing skills.
- Demonstrated ability to get things done and stay mission focused.
- Strong sense of accountability and ability to make decisions efficiently and quickly.
- Passion for learning and growing, and comfortable with a fast-moving, innovative culture.
- IAPP certification(s) (CIPP/US, CIPP/E, CIPM) preferred.