The Privacy Counsel role will provide guidance to marketing, operations, compliance, enterprise technology, and line of business partners on all data and consumer privacy matters. On a day to day basis, the attorney in this role will be advising on privacy matters as related to various laws and regulations (GLBA, HIPAA, COPPA, CPRA, TCPA, etc.), assist with implementing new regulations and drafting applicable related documents, and facilitate the maturity of the Truist’s overall privacy program.Essential Duties and Responsibilities:
Following is a summary of the essential functions for this job. Other duties may be performed, both major and minor, which are not mentioned below. Specific activities may change from time to time.
Required Skills and Competencies:
- Work as a member of Truist’s technology, privacy and procurement legal team to provide business and risk partners strategic legal counsel that not only meets current privacy requirements, but anticipates changes (to law and/or technology) to better maintain business flexibility and efficiency. Act as legal subject matter expert for U.S. federal and state privacy and data protection laws and regulations impacting financial institutions, including but not limited to, GLBA and Regulation P, HIPAA, PCI-DSS, TCPA, COPPA, CAN SPAM, New York Department of Financial Services Cybersecurity Regulations, CPRA and state data breach notification requirements.
- Support line-of-business attorneys in evaluating the impact of privacy laws, regulatory guidance and enforcement actions, and other related guidelines on banking, insurance and related financial services products, IT and application development, and R&D. Support members of the legal, business, and policy teams on privacy and security-related legal matters, including areas related to legislation, partnerships, acquisitions, integrations, and other business development opportunities.
- Support data governance, risk management, information security, and compliance efforts. Provide guidance on privacy implications of proposed business changes, as needed. Assist with developing, implementing, and maintaining policies and procedures regarding the privacy of, access to, and use of personal information. Assist where needed with data mapping, classification and related data management/compliance programs. Assist with data protection impact assessments.
- Act as escalation point for review and negotiation of contracts addressing legal concerns relative to the sharing and use of consumer data. Candidates should have a general understanding and preferably some experience with negotiation of IT contracts including but not limited to data privacy and security standards, disaster recovery, encryption, geographical restrictions, regulatory and compliance issues, service level requirements and penalties, change management processes, business continuity, mandatory flow-down of terms to subcontractors, and termination rights.
- Partner with the Enterprise Data Office to continue to build and adapt the Truist privacy and data management program to existing and impending privacy legislation
- Advise business partners on the impact and requirements for CPRA, including through issuing legal memorandums, providing educational sessions, delivering legal requirements, and working with outside counsel as appropriate
- Evaluate potential privacy concerns for pending FinTech investments and M&A transactions. Candidates should feel comfortable working under pressure and in tight timeframes.
The requirements listed below are representative of the knowledge, skill and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
- A JD/law degree with law review or equivalent outstanding academic credentials from an ABA-accredited law school.
- Active membership in good standing in the bar of at least one U.S. state/jurisdiction.
- 3+ years of law firm or in-house counsel experience (or some combination of both) related to technology, cybersecurity, and/or privacy.
- Experience providing strategic legal support to ensure GDPR, CCPA or similar compliance readiness by an organization
- A working knowledge of US privacy and security laws, incident response frameworks and notification procedures.
- A strong interest in working on cutting edge matters in technology, privacy and cybersecurity for a large financial institution. Ability to create and execute detailed project plans and effectively collaborate with stakeholders.
- A shared passion for inspiring and building better lives and communities for our clients, teammates and shareholders.
- The following is preferred: Prior employment within financial services, experience with marketing technology and data science, familiarity with international privacy and data protection laws, and one or more of the following certifications: Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), Certified Information Privacy Professional (CIPP), or other relevant certifications offered by the International Association of Privacy Professionals.
- Experience or related training in the financial services industry
- Experience in a corporate legal department having successfully held positions of advancing responsibility
- Comfortable working in the entrepreneurial environment of a large, complex corporation