Things you're good at
- You’re adept at identifying data privacy and security issues in financial services and technology environments, translating complex legal frameworks concisely into plain English, and crafting practical solutions to meet the company’s legal, regulatory, and contractual obligations.
- Drafting, implementing, and evangelizing data privacy and information security policies and procedures tailored to a company’s risk profile and overall corporate strategy is second nature to you.
- You’re intimately familiar with all major federal and state data privacy and information security laws and remain current with legal, industry, and practice area developments.
- You have excellent judgment, strong analytical skills, and communicate effectively verbally and in writing to business clients.
- Ensure Albert’s mobile app, website, and data handling and storage practices comply with all federal and state data privacy and information security laws applicable to Albert’s business.
- Advise Albert’s management team on data privacy and cybersecurity laws while helping to enable the development and execution of data-driven business initiatives.
- Provide legal guidance on the company’s data privacy and security programs and support their implementation and maintenance.
- Advise on data privacy and information security legal requirements for the company’s vendor management program, including reviewing, drafting, and negotiating data privacy and security provisions in agreements with service providers and business partners.
- Monitor, research, and evaluate state and federal regulatory developments, as well as other risk factors affecting Albert’s business and operations.
- Develop and maintain a strong working knowledge of the company’s product offerings and overall business objectives.
- Respond to regulatory and customer inquiries related to privacy and information security in coordination with legal, compliance, and business team colleagues.
- Support the company’s incident response program, including investigating potential incidents, identifying applicable legal obligations, and managing the company’s notification of and response communications to confirmed data security incidents.
- Develop and update data privacy and information security-related templates (e.g., contract language, consents, privacy notices, policies), and provide counsel on the use of these templates.
- Monitor and advise the company’s leadership on the potential business impact of new, pending, or proposed federal and state legislation, rules, and regulations, as well as industry developments and trends related to privacy, information security, and data governance that may affect the company and its operations.
- Advise on compliance best practices with regard to applicable federal and state data protection laws, including business data analytics, data retention, data use/sharing, data security, and data breach response.
- Drive awareness within the company around privacy and data security issues, including developing and delivering training on relevant privacy, data security, and data governance-related matters.
- A JD from an ABA-accredited law school and an active bar license in good standing.
- 8+ years of experience in data privacy and cybersecurity at a major law firm or in-house with financial services or technology companies.
- Strong working knowledge of US data privacy and cybersecurity laws, including CCPA and the Gramm-Leach-Bliley Act.
- One or more of the following certifications is a plus: Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), Certified Information Privacy Professional (CIPP), or other relevant certifications offered by the International Association of Privacy Professionals.
- Experience advising multiple stakeholders and teams across an organization, including Product, Growth, Engineering, Compliance, IT/Information Security, and HR.
- Ability to work well under pressure with diligence, organization, and minimal supervision.
- Experience with data privacy impact assessments, risk assessments, and data mapping.
- Ability to manage a diverse and complex workload while maintaining priorities and proactively anticipating issues in an ever-evolving and fast-paced startup environment.
- Experience in responding to regulatory inquiries involving data privacy and data security matters is a plus.
- Competitive salary and meaningful equity
- 401k match
- Health, vision and dental insurance
- Free lunch