~ Provide Privacy and Cybersecurity advice and counsel to the business and work with the Privacy Office in the development, implementation, maintenance of, and adherence to the company’s policies and procedures regarding the privacy of, and access to, company confidential information, including consumer and employee personal information
~ Partner in the implementation, maintenance and adherence to the company’s privacy strategy and program.
~ Assist in the implementation and maintenance of the California Consumer Privacy Act, California Privacy Rights Act, Virginia Consumer Data Protection Act, and other state and federal privacy legislation/regulation
~ Review Privacy Impact Assessments.
~ Support the internal privacy awareness program.
~ Assist in corporate alignment to industry privacy and cybersecurity frameworks (ISO, NIST, including, without limitation, ISO 27701 and CIS 18.)
~ Develop and maintain internal privacy policies.
~ Review and negotiate privacy and security provisions in service agreements.
~ Manage third party data sharing including affiliate and dealer data sharing.
~ Support Vendor Risk Management program.
~ Support Data Governance and data mapping/lineage activities.
~ Support third party audit of company data practices and remediation of gaps.
~ Maintain knowledge of privacy practices across the company in order to better understand and isolate the risk of exposure or liabilities, develop practical preventive measures, and respond to information security incidents.
~ Assist with creation of regular privacy reports.
~ Problem identification.
~ Problem solving.
~ Advice and counsel.
~ Must be a law school graduate.
~ Five to six years of broad privacy and data protection, compliance, technical, information security, audit or legal experience.
Skill / Knowledge:
~ Excellent verbal and written communication skills to allow effective interaction with all levels of the organization.
~ Ability to work independently, work under pressure of deadlines, handle multiple priorities, and pay close attention to detail.
~ Knowledge of IT, security and automotive/vehicle technologies a plus.
~ Strong interpersonal skills and the ability to communicate with all levels within the organization.
~ Strong organizational skills.
~ Strong legal and factual analytical abilities.
~ Ability to thrive in a team environment.
~ Ability to perform in a fast-paced environment.
~ Strong project management skills.
~ Must be a licensed attorney in the United States.
~ One of the following certifications required: Certified Information Privacy Professional/United States (CIPP/US) and/or Certified Information Privacy Technologist (CIPT) designation from the International Association of Privacy Professionals and/or Certified Information Systems Auditor (CISA) designation from ISACA.
~ Normal office duties.