National Grid Data Privacy/Protection and Cybersecurity, Sr. Counsel, In-house Counsel in Brooklyn, New York
As part of National Grid’s continued commitment to safety, all new hires must be fully vaccinated against COVID-19. Anyone unable to be vaccinated, either because of a sincerely held religious belief or medical reason can request a reasonable accommodation.
This position can be located in DNY, Syracuse or MA.
We are currently looking for highly motivated individuals who want to join a dynamic and fast paced organization going through a major transformation. If you are someone who’s looking to bring innovation, contribute ideas and play a part in ensuring we have a 0% carbon footprint by the year 2050 we want to hear from you!
Lead attorney for US Data Privacy and Cybersecurity responsible for creating, updating, and implementing the Company’s privacy policies and coordinating such policies with the Company’s global privacy program in collaboration with the Company Global Privacy Office, Information Security, Corporate Legal and other stakeholders. The successful candidate will have substantial, demonstrable, and excellent technical legal skills in the areas of data privacy and security, information protection, with a focus on providing legal advice on a range of global privacy and security laws, regulatory guidance and enforcement actions.
Guidance, interpretation, application and advice:
• Interpret the application of GDPR, the California Consumer Privacy Act, the New York SHIELD Act, the Massachusetts data privacy and security laws; the Rhode Island data privacy and security laws, HIPAA and other relevant and developing State and National laws and regulations to the Company’s US operations;
• Provide advice and counsel to leaders across the Company on issues related to data privacy, security and protection and operate from a continuous improvement mindset to ensure that Company’s data privacy program evolves with changes in the law and regulatory landscape;
• Maintain, modify and implement corporate privacy-related notices, policies, guidelines and other process documentation, ensuring content is up to date and relevant;
• Manage the Company’s response to data subject rights requests;
• Serve as the main contact for and manager of external data privacy attorneys;
• Serve on Company privacy committees and provide legal and strategic guidance on privacy activities and initiatives for the Company;
• Ensure that transfer of personal data is compliant with applicable data protection legislation;
• Advance privacy accountability across the organization through effective tools, training, and guidance.
• Counsel and assist with the review and resolution of data privacy and security issues that come up during commercial negotiations;
• Support, assist and train other attorneys in negotiating, and directly negotiate as necessary, data privacy and security-related terms in commercial agreements;
• Advise on data privacy and security concerns in connection with onboarding and managing vendors and other third parties.
Incidents / Investigations:
• Coordinate and partner with the Incident Response Team in response to security incidents, data breaches and cybercrimes, provide legal guidance and advice on information security incidents, data breaches and cybercrimes and on any resulting notification and reporting requirements;
• Coordinate and lead members of the internal legal department in response to incidents and investigations;
• Investigate, identify issues, and make recommendations for resolutions in relation to issues of non-compliance with data privacy, security and employment privacy laws;
• Provide legal guidance and advice on remediation steps and implementation.
Policies and Programs:
• Provide legal guidance and advice on network initiatives focused on data privacy, security and information protection;
• Monitor and understand existing and new data privacy and security laws, regulations and other mandates related to the protection, use, collection, maintenance, sharing, storage and destruction of data (including personal), including the impact of such laws, regulations, and mandates on the Company’s businesses;
• Counsel and assist with the development, review and resolution of privacy assessments and related ongoing compliance monitoring activities such as DPIAs/PIAs, and with internal and external-facing privacy policies and program documents;
• Draft and keep updated Company policies on data privacy issues and work with other legal functions to draft and update contractual provisions related to data privacy;
• Create training and awareness materials to help educate Company employees on issues related to compliance with global data privacy laws.
• JD Degree from an accredited Law School
• State and Federal Bar Admission
• A minimum of 3 years in a data privacy role, in the areas of data privacy, security and information protection law, with significant experience advising on laws and regulations across multiple jurisdictions involving GDPR, the California Consumer Privacy Act, the New York SHIELD Act, Massachusetts data privacy and security laws; Rhode Island data privacy and security laws, HIPAA and other relevant State and national laws and regulations
• Privacy or compliance accreditation. CIPP/CIPM or comparable privacy certification desirable.
• Experience with compliance matters and interacting with regulators
• Experience in negotiating and drafting a wide variety of inter-Company governance, commercial, and vendor agreements focused on data privacy and information security
• Experience with data privacy, security and protection issues and challenges faced by a large global organization, along with an understanding as to how to balance the needs, demands and requirements of a global business with legal risks and protections
• Knowledge of the core concepts of information security and the ability to quickly understand how these relate to the data privacy aspects of services and business
• Ability to work remotely as required, to work under pressure and to effectively manage high volume of work and meet deadlines in a changing, fast-paced environment
• Travel required as needed
This position has a career path which provides for advancement opportunities within and across bands as you develop and evolve in the position; gaining experience, expertise and acquiring and applying technical skills. Candidates will be assessed and provided offers against the minimum qualifications of this role and their individual experience.
National Grid is an equal opportunity employer that values a broad diversity of talent, knowledge, experience and expertise. We foster a culture of inclusion that drives employee engagement to deliver superior performance to the communities we serve. National Grid is proud to be an affirmative action employer. We encourage minorities, women, individuals with disabilities and protected veterans to join the National Grid team.