Call for Proposals!
Want to speak at an IAPP conference? Visit our Call for Proposals section to learn about submitting and find out which events we are currently accepting submissions for.

Counsel, Privacy & Cybersecurity, Hyundai Motor America, Fountain Valley, CA (Hybrid – 3 days a week)

Provide privacy, cybersecurity and artificial intelligence advice and counsel to the business and work in the Privacy Office for the development, implementation, maintenance of, and adherence to legal requirements and the company’s policies and procedures regarding the privacy of, and access to, company confidential information, including consumer and employee personal information. The position will also provide privacy impact assessments and contract negotiations for business developments.  It will require familiarity with technology and information technology/security.

Responsibilities:

  • Partner in the implementation, maintenance and adherence to the company’s privacy strategy and program.
  • Assist in the implementation and maintenance of the California Consumer Privacy Act, California Privacy Rights Act, Virginia Consumer Data Protection Act, and other state and federal privacy legislation/regulation.
  • Analyze Privacy Impact Assessments and work with other stakeholders to minimize risk to the company.
  • Negotiate privacy and security terms with Master Service Agreements, Scopes of Service, Information Sharing Agreements, and Data Licensing Agreements.
  • Serve as privacy subject matter expert to the Company for all departments and appropriate entities.
  • Support the company’s internal privacy awareness program. 
  • Contribute towards the development, implementation, maintenance, and adherence to the company’s privacy strategy and program. Ensure that privacy practices are in place and compliant with applicable laws and industry-specific regulations.
  • Maintain current knowledge of applicable federal and state privacy and cybersecurity legislation and regulation and monitor industry trends and advancements to ensure company adaptation and compliance.
  • Assist with the analysis and coordinated response to legal process.
  • Counsel business units, parent company, and affiliates on data privacy and cybersecurity legal requirements for company products and services, including Internet of Things (IoT) efforts such as vehicle telematics, mobile apps, and wearables.
  • Provide cybersecurity legal and regulatory counsel to the company in order to mitigate risks associated with a cybersecurity or privacy breach.
  • Monitor  company’s data usage including vehicle technologies, data usage rights, data ownership with partners, vendors and affiliates, online behavioral advertising, mobile device usage, social media, etc. Create data maps and support updates to same.
  • Assist in corporate alignment to industry privacy and cybersecurity frameworks (ISO, NIST, including, without limitation, ISO 27001 & 27701 and CIS 18.
  • Develop and maintain internal privacy policies.
  • Manage third party data sharing including affiliate, vendor, and dealer data sharing.
  • Support Vendor Risk Management program.
  • Support internal and external audit of company data practices and remediation of gaps.
  • Maintain knowledge of privacy practices across the company in order to better understand and isolate the risk of exposure or liabilities, develop practical preventive measures, and respond to information security incidents.
  • Represent the company with trade associations, legislators, law enforcement, and think tanks.
  • Assist in responding to inquiries from outside parties (e.g., government, NGOs, etc.).
  • Assist with obtaining relevant company privacy certifications and manage any applicable registrations with state and federal authorities.
  • Assist with creation of regular privacy reports.

Education & Certification:

  • Juris Doctorate required.
  • Must be a licensed attorney in the United States.
  • One of the following certifications strongly preferred: Certified Information Privacy Professional/United States (CIPP/US) and/or Certified Information Privacy Technologist (CIPT) designation from the International Association of Privacy Professionals and/or Certified Information Systems Auditor (CISA) designation from ISACA.

Related Experience:

  • Eight or more years of related experience with at least four years focusing on privacy and data protection, compliance, technical, information security, audit experience.
  • Some in-house experience is preferred.

Application Submission Information:

For more details and to be considered, please apply directly via our site https://bit.ly/492YYK7