Senior Legal Counsel, Data Protection

An American Public Multinational Software Company

  • Washington, DC
  • 10 Years
  • Remote
  • Not Specified
  • 174,400 - 297,000 / Yearly
  • Not Specified
Apply now

Description:

An American Public Multinational Software Company is here to build a safer and more resilient digital world. The world's leading enterprises use our unified security and observability platform to keep their digital systems secure and reliable. While customers love our technology, it's our people that make An American Public Multinational Software Company stand out as an amazing career destination and why we've won so many awards as a best place to work. If you become a Splunker, we want your whole, authentic self - what we call your "million data points". So bring your work experience, problem-solving skills, and talent, as well as your joy, your passion, and all the things that make you, you.

Role Summary:
We seek an experienced Security and Incident Response Legal Counsel to join our Data Protection Legal team within our Innovation Legal group. The successful candidate will be an attorney with expertise in security advisory and incident response (cyber, physical, operational). You will work closely with members of An American Public Multinational Software Company's Global Security team and Product & Technology teams to manage incident response, advise on numerous security / resilience issues, drive operational improvements, and create programs and resources for various partners within the business. The role will report to An American Public Multinational Software Company's Director, Data Protection for Resilience, Trust, and Security. An American Public Multinational Software Company is based in the San Francisco Bay Area; for this position, we need an attorney based in the U.S. Eastern timezone, preferably licensed to practice law in the United States.

What you'll get to do
  • Manage legal-side handling of incidents, whether arising from cybersecurity events, physical security events, or operational events, and whether discovered through customer escalations or internal or external threat detections - in partnership with various incident command centers in the business. This includes:
    • identifying potential legal risks related to such incidents and how to mitigate them
    • explaining to internal team members what notifications may be required (whether to customers, regulators, and/or individuals)
    • directing the creation of, or creating, any legal work product required for the incident
    • reviewing, or preparing, draft notifications, internal guidelines, and public postings about such incidents
  • Advise on (including creating/reviewing/editing) public posts/resources regarding:
    • Product vulnerabilities and their ramifications as well as mitigations/remediations
    • Service outages and their causes and remediations
    • An American Public Multinational Software Company's security profile, security commitments, and supporting operations
  • Continually propose/advise on operational recommendations/legal requirements - based on staying a subject matter expert on direct or indirect security / resilience regulatory and technical certification requirements (including SOC2, ISO, HIPAA, PCI-DSS, and U.S. and various global federal regulations and guidelines on security / resilience, relating to critical services providers, and for the public sector, financial services sector, and health sector), customer demands, and industry trends - for business units focused on the following:
    • Product security programs and efforts, including secure software development lifecycle (SDLC), change management, access and user management, password management and authentication controls, encryption and key management
    • Threat detection and monitoring programs, efforts, and tools, including An American Public Multinational Software Company tool development and use of third-party tools, as well as threat intelligence sharing arrangements
    • Vulnerability management programs and efforts, including penetration and other security testing, bug bounty programs, etc.
    • Corporate and product-specific security policies, standards, and procedures, as well as on internal security testing, training and awareness programs and campaigns
    • Other security functions including physical security, human resources security, security architecture, security engineering, and vendor security
  • Create resources and trainings for the Legal and Field Sales organizations on key security / resilience topics, trends, and operations
  • Partner with Data Protection Legal Commercial colleagues to:
    • Advise on customer inquiries and escalations on security / resilience topics
    • Identify and draft amendments to security contractual terms and new templates or clauses as required
    • Create and provide training to Commercial Legal and Field Sales organizations on security / resilience topics

Must-Have Qualifications:
  • 10 years minimum experience in managing legal-side incident response, including relating to security and operational issues
  • 6 years minimum experience building data protection / security / resilience programs and shepherding supporting operations with the business
  • 4 years minimum experience advising on drafting and negotiation of contractual provisions relating to data protection / security / resilience, such as in Data Processing Agreements and Information Security Addenda
  • Foundational knowledge of security / resilience regulatory and technical certification requirements (including SOC2, ISO, HIPAA, PCI-DSS, and U.S. and various global federal regulations and guidelines on security / resilience, relating to critical services providers, and for the public sector, financial services sector, and health sector)
  • Good grasp of the commercial requirements of key data protection / security / resilience compliance programs in the EU/US/APAC (GDPR, CCPA, NIS2, DORA);
  • Experience with SaaS, cloud computing, and enterprise software (in-house experience strongly preferred)
  • Great ability to provide legal advice and appropriate level of detail when communicating with internal business stakeholders
  • Be proactive and demonstrate initiative, resourceful, and strong work ethic
  • Strong written and verbal communication skills in English, with ability to speak and write clearly and concisely with a flexible style adaptable to different needs globally
  • Excellent legal drafting, project management, communication and stakeholder management skills
  • Solid competence in Google Docs, Sheets, Slides, Word, Excel and PowerPoint
  • High EQ and a strong history of successful cross-functional collaboration with others
  • A passion for security / resilience and an interest in keeping up with industry and regulatory guidelines or requirements that relate to An American Public Multinational Software Company's products, including a fundamental understanding of how certain regulations apply to key service providers
  • Familiarity and interest in emerging technologies such as artificial intelligence, network and cyber security, infrastructure resiliency and cloud computing


Similar Jobs

Senior Product Counsel

TikTok
Washington, DC Full Time

VP, Special Litigation

Meta
Washington, DC Full Time

Senior Counsel, Regulatory & Legislative Affairs

The Clearing House Payments Company, LLC
Washington, DC Full Time

Assistant General Counsel - International Litig...

Kimberly-Clark
Washington, DC Remote

Senior Counsel - Corporate, Labor & Employment

Danaher Corporation
Washington, DC Remote

Associate General Counsel, Litigation

Meta
Washington, DC Full Time

Associate General Counsel

FTI Consulting, Inc.
Washington, DC Full Time