Director, Managing Counsel-Privacy & Cyber Security

Your Opportunity as the Director, Managing Counsel Privacy and Cyber Security

The Director, Managing Counsel, Privacy and Cyber Security is responsible for legal aspects of the Companys privacy, cyber security and AI governance programs, including coordinating with internal teams and experts to implement enterprise-wide risk management, privacy-by-design and security-by-design practices, as necessary. This individual serves as a principal advisor to cross-functional stakeholders (including Corporate Communications, HR, Information Services, Innovation, Marketing, Procurement, and Products Research) and leads privacy impact assessments, training, and policy development to maintain compliance with applicable domestic and foreign privacy and AI regulations, data protection, and cyber security requirements. The individual is also a core member of the AI Governance Committee, and the companys cyber readiness and incident response teams, and provides thought leadership on the privacy and cyber security elements of our strategic transactions. This person will engage with outside counsel and with vendors to ensure aligned, practical, and consistent execution across the organization.

Location: Orrville Corporate Offices in Orrville, Ohio

Work Arrangements: Hybrid - onsite during core weeks as determined by the Company (estimated up to 9 days a month); adjusted as the need requires; approximately 15% travel expectations

In this role you will:

• Perform administrative duties in connection with the companys Privacy Office operations.

• Develop, update, and implement internal/external policies, standards, procedures and guidelines across privacy, data governance, and records compliance, draft and provide guidance on AI and privacy notices for business stakeholders.

• Design and deliver training for enterprise stakeholders on AI and privacy regulations, and data/cyber security obligations.

• Manage outside counsel workstreams for AI, privacy, cyber security, and related matters.

• Monitor legal and regulatory trends and translate them into practical requirements.

• Lead updates on contractual and operational security requirements for our Data Privacy and Data Security Addendums, and AI Permitted Use Terms.

• Lead contract & transactional support for privacy and cyber security matters, including draft, review and negotiation of Data Privacy and Data Security Addendums, AI Permitted Use Terms, SaaS/IT contracts, and privacy and security provisions in supplier and customer agreements.

• Support strategic acquisitions, divestitures, joint ventures, and due diligence activities for privacy/cyber/data governance issues.

• Execute digital governance programs and initiatives entailing drafting and publishing of data management policies and playbooks, advising and counseling cross functional data stewardship teams, as well as core participation in AI impact assessments.

• Provide leadership for Data/Cyber Security readiness, and incident and data breach responses and other operational support, including:

• participating in cybersecurity tabletop exercises;

• developing cyber/legal readiness cross disciplinary end-to-end process flows;

• review and revise company data breach communication plans;

• participating in and providing specialized advisory support for investigations, incidents; and

• maintaining contact with law enforcement agencies

• Maintain other cyber/privacy incident governance artifacts, including the companys data breach policy, cyber audit reporting processes, and maintenance of related procedures and playbooks.

• Design and implement the companys Privacy Impact Assessment (PIA) program.

• Advise on and monitor privacy compliance implementation across the company in our consumer, employee/HR, and Canadian businesses including maintenance of our companys data workbooks, data maps, consumer and employee data subject access requests, and cookie management processes.

What we are looking for:

Minimum Requirements:

• Juris Doctorate degree from an accredited law school with strong academic credentials; and license to practice law in at least one state
• 8+ years of experience working in a law firm or corporate legal department (or a combination of the two) in the areas of U.S. privacy law, data/cyber security law, and data transfer law, including substantial responsibility advising business stakeholders.
• Demonstrated experience leading cross-functional privacy and/or cyber security programs, governance cadences, policy development, and training/enablement initiatives.
• Familiarity with commercial privacy compliance/privacy data management systems and implementing tool selection processes.
• Experience with drafting, reviewing, and negotiating IT and SaaS contracts
• High level expertise in privacy law and cyber security practices, experience with conducting privacy impact assessments, and extensive familiarity with other areas of IT and data transfer laws.
• Substantive privacy/cyber security experience and knowledge of relevant global data protection.
• Prior experience responding to and managing data breaches/data incidents, and participation in tabletop exercises and incident communications coordination.
• Demonstrated ability to operationalize enterprise governance programs and translate legal requirements into scalable processes, policies, and controls.
• Establishes and maintains relationships, credibility, and trust with members of the Legal Department, clients, stakeholders, and other colleagues.
• Demonstrates excellent verbal and written communication skills, including the ability to explain complex legal issues to technical and non-technical audiences.
• Demonstrates excellent judgment, ability to work under pressure, manage assigned workloads and competing priorities, and meet deadlines

Additional skills and experience that we think would make someone successful in this role:

• BS or BA undergraduate degree
• Privacy or information security certification (e.g., CIPP/US, CIPM, CISSP) or comparable advanced training
• Experience working with companies that collect and use personal information and consumer data at scale; CPG/food manufacturing experience is highly preferred.
• Familiarity with EU and Canadian AI and privacy laws.
• Excels in a collaborative, team-based work environment across various departments

#LI-MR1

The Right Place for You

We are bold, kind, strive to do the right thing, we play to win, and we believe in a strong community that thrives together. Our culture is rooted in our Basic Beliefs, and we believe in supporting every employee by meeting their physical, emotional, and financial needs.

Stay connected with us on LinkedIn

We're an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, genetic information, age, national origin, disability status or protected veteran status.