Description:

The Senior Director and Counsel, Privacy serves as A Private Corporation's Chief Privacy Officer (CPO) and leads A Private Corporation's Enterprise Data Privacy Office, overseeing the organization's privacy function. The CPO is responsible for designing, implementing and operating a best-in-class privacy program for the company. The CPO is responsible for understanding the company's risk profile and developing and implementing policies and procedures, training and awareness programs, and monitoring, testing and compliance programs intended to successfully mitigate risk. The CPO has an expert level of understanding of federal and state privacy laws and regulations, as well as industry best practices, applicable to the company. They must be able to lead without direct authority, make difficult decisions in ambiguous situations, and value collaboration as a means of building consensus.

Essential Job Functions:

Develops and implements A Private Corporation's enterprise-wide data privacy strategy and roadmap, with a focus on maturing the privacy program, including refining enterprise-wide privacy policies and establishing a comprehensive risk matrix and risk register
Oversees the privacy program, including policies, standards, and controls to ensure compliance with applicable US laws and regulations
Establishes and oversees privacy compliance monitoring programs, including regular audits to ensure ongoing compliance
Oversees the Office's program to conduct privacy impact assessments for new and existing business activities and systems across the enterprise
Leads the Enterprise Data Privacy Office, to include managing a team of legal and non-legal privacy professionals to execute the privacy program and managing the budget
Advises senior leadership on privacy risks and mitigation strategies, including those related to disruptive technologies such as generative and agentic artificial intelligence
Fosters a culture of privacy awareness and accountability across the organization, including through delivery of enterprise–wide and targeted training and communications
Collaborates cross-functionally with business units, Technology, Legal, and other stakeholders to address privacy concerns
Monitors US privacy regulatory developments and updates A Private Corporation's practices accordingly
Demonstration of A Private Corporation's values
Collaboration, both in-person and virtually, in furtherance of A Private Corporation's mission of investor protection and market integrity

Education/Experience Requirements:

Juris Doctor (J.D.) degree and a minimum of ten (10) years of legal, regulatory or compliance experience, with at least five years experience in privacy
Supervisory experience required
Demonstrated ability to influence and drive change without direct authority
Confidence in making timely decisions in gray areas and ambiguous situations
Strong demonstrated collaboration and consensus-building skills
Excellent communication and stakeholder management abilities
In-depth knowledge of US privacy laws, regulations, and industry best practices; experience working in a legal capacity for a not-for-profit a plus
Understanding of emerging technologies and their privacy implications

Working Conditions: