Description:

The position is described below. If you want to apply, click the Apply button at the top or bottom of this page. You'll be required to create an account or sign in to an existing one.

If you have a disability and need assistance with the application, you can request a reasonable accommodation. Send an email to Accessibility (careers@crcgroup.com) (accommodation requests only; other inquiries won't receive a response).

Regular or Temporary:
Regular

Language Fluency: English (Required)

Work Shift:
1st Shift (United States of America)

Please review the following job description:
The In-House Privacy Counsel will lead all aspects of data privacy and protection across the organization. This role will be responsible for providing strategic direction for the company's privacy compliance program, including policy development, risk assessment, incident response, and training. The successful candidate will bring deep expertise in privacy law and cybersecurity regulations, and will collaborate closely with cross-functional teams to ensure compliance and mitigate risk.

Key Responsibilities:
Following is a summary of the essential functions for this job. Other duties may be performed, both major and minor, which are not mentioned below. Specific activities may change from time to time.

Provide strategic legal counsel on data privacy and protection matters across the organization.
Lead and scale the company's privacy compliance program, ensuring alignment with business objectives and regulatory requirements.
Develop and implement comprehensive data privacy and security policies and procedures.
Oversee the protection of data collected by the company and ensure compliance with applicable laws and regulations.
Draft, review, and negotiate privacy and security contractual clauses and data protection agreements.
Monitor and assess changes in privacy laws and regulations, including CCPA, GLBA, GDPR, HIPAA, NYDFS, and others.
Conduct privacy risk assessments and manage incident response for data breaches and cybersecurity events.
Deliver ongoing training and education to employees on data privacy and security best practices.
Collaborate with cybersecurity, IT, HR, and other cross-functional teams to ensure cohesive privacy strategies.
Support privacy-related aspects of M&A activity, including due diligence and integration planning.
Maintain strong relationships with internal stakeholders and external counsel to manage privacy-related legal matters.

Education and Experience:
The requirements listed below are representative of the knowledge, skill and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Juris Doctor (JD) from an ABA-accredited law school (Required)
Licensed to practice law in any U.S. state (Required)
7+ years of sophisticated data privacy and security experience, preferably with an Am Law 200 or boutique law firm and/or in-house legal department
Experience assessing data privacy compliance and developing comprehensive data privacy and security policies
Experience addressing data breach or incidents and providing strategic advice and training on data security issues
Insurance industry, CFIUS, and/or sanctions experience a plus

Certifications, Licenses, Registrations:
Active law license in good standing (Required)

Functional Skills:

Strong legal research and analytical skills
Outstanding written and verbal communication skills
Ability to build trusted partnerships with cross-functional teams including cybersecurity, IT, and HR
Proven ability to manage multiple priorities in a fast-paced environment
High level of discretion and professionalism
Ability to work independently and collaboratively across teams
Strategic mindset with a practical, solution-oriented approach
Experience managing outside counsel and privacy-related legal matters
Familiarity with privacy training and policy development