Description:

At A Multinational Vehicle Manufacturing Company, we've rethought our business and created cars that combine performance, quality, design and innovation into a complete package.

It's time you rethink what you expect from an employer.

At A Multinational Vehicle Manufacturing Company, we understand you're not just building a career – you're building a life. We believe in our people and realize that our success is a direct result of our commitment in offering you great opportunities for your career. If you would enjoy working in a dynamic environment and are looking for a chance to become part of a stellar team of professionals, we invite you to apply online today.

Location:
NHQ

Purpose:
Provide privacy, cybersecurity and artificial intelligence advice and counsel to the business and work in the Privacy Office for the development, implementation, maintenance of, and adherence to legal requirements and the company's policies and procedures regarding the privacy of, and access to, company confidential information, including consumer and employee personal information. The position will also provide privacy impact assessments and contract negotiations for business developments. It will require familiarity with technology and information technology/security.

Major Responsibilities:

Partner in the implementation, maintenance and adherence to the company's privacy strategy and program.
Assist in the implementation and maintenance of the California Consumer Privacy Act, California Privacy Rights Act, Virginia Consumer Data Protection Act, and other state and federal privacy legislation/regulation.
Analyze Privacy Impact Assessments and work with other stakeholders to minimize risk to the company.
Negotiate privacy and security terms with Master Service Agreements, Scopes of Service, Information Sharing Agreements, and Data Licensing Agreements.
Serve as privacy subject matter expert to the Company for all departments and appropriate entities.
Support the company's internal privacy awareness program.
Contribute towards the development, implementation, maintenance, and adherence to the company's privacy strategy and program. Ensure that privacy practices are in place and compliant with applicable laws and industry-specific regulations.
Maintain current knowledge of applicable federal and state privacy and cybersecurity legislation and regulation and monitor industry trends and advancements to ensure company adaptation and compliance.
Assist with the analysis and coordinated response to legal process.
Counsel business units, parent company, and affiliates on data privacy and cybersecurity legal requirements for company products and services, including Internet of Things (IoT) efforts such as vehicle telematics, mobile apps, and wearables.
Provide cybersecurity legal and regulatory counsel to the company in order to mitigate risks associated with a cybersecurity or privacy breach.
Monitor company's data usage including vehicle technologies, data usage rights, data ownership with partners, vendors and affiliates, online behavioral advertising, mobile device usage, social media, etc. Create data maps and support updates to same.
Assist in corporate alignment to industry privacy and cybersecurity frameworks (ISO, NIST, including, without limitation, ISO 27001 & 27701 and CIS 18.
Develop and maintain internal privacy policies.
Manage third party data sharing including affiliate, vendor, and dealer data sharing.
Support Vendor Risk Management program.
Support internal and external audit of company data practices and remediation of gaps.
Maintain knowledge of privacy practices across the company in order to better understand and isolate the risk of exposure or liabilities, develop practical preventive measures, and respond to information security incidents.
Represent the company with trade associations, legislators, law enforcement, and think tanks.
Assist in responding to inquiries from outside parties (e.g., government, NGOs, etc.).
Assist with obtaining relevant company privacy certifications and manage any applicable registrations with state and federal authorities.
Assist with creation of regular privacy reports.

Authority:

Problem identification.
Problem solving.
Advice and counsel.

Education:
Juris Doctorate required.

Related Experience:

Eight or more years of broad privacy and data protection, compliance, technical, information security, audit experience.
Some in-house experience is preferred.

Skills/Knowledge:

Excellent verbal and written communication skills to allow effective interaction with all levels of the organization.
Ability to work independently, work under pressure of deadlines, handle multiple priorities, and pay close attention to detail.
Knowledge of IT, security and automotive/vehicle technologies a plus.
Strong interpersonal skills and the ability to communicate with all levels within the organization.
Strong organizational skills.
Strong legal and factual analytical abilities.
Ability to thrive in a team environment.
Ability to perform in a fast-paced environment.
Strong project management skills.

Certification:

Must be a licensed attorney in the United States
One of the following certifications strongly preferred: Certified Information Privacy Professional/United States (CIPP/US) and/or Certified Information Privacy Technologist (CIPT) designation from the International Association of Privacy Professionals and/or Certified Information Systems Auditor (CISA) designation from ISACA.

Physical Requirements: