Privacy Attorney

Job Description:

Responsibilities

• Support Global Privacy Office on creating and implementation of global privacy requirements.

• Guide the business on complex privacy and data issues as well how privacy interacts and impacts emerging technologies and develop creative solutions while ensuring compliance with global privacy regulations

• Analyze products, policies and initiatives to provide practical privacy risk mitigation strategies for products across multiple jurisdictions

• Provide oversight and expertise on a full range of domestic and international data protection and privacy regulations, compliance operations, trainings, and privacy incidents.

• Work cross-functionally with leaders to translate legal and policy requirements to enable the business to position privacy as a competitive advantage driving business growth and customer loyalty.

• Support the existing Global Privacy Program, including responsibility for the development, implementation and periodic review of privacy policies and procedures

• Review, redline, and negotiate changes on privacy term provisions under various contracts such as procurement contracts, sales contracts, etc.

• Collaborate with product and business teams at all stages of product development to identify any potential privacy risk and provide counseling on risk mitigation by conducting privacy impact assessments

• Support JCI customer due diligence on JCI privacy practices by addressing customer questionnaires

• Work with Global Privacy Office and business for creating and validating data privacy sheets for products and services

• Research and Monitor developments in privacy and data protection impacts to Johnson Controls (e.g., new laws, regulations, important judgements, regulatory guidance, etc.).

• Provide full-service support to the wider legal team on global data privacy and regulatory matters and liaise with regulators.

• Provide policy, legal, product, engineering, and other business teams with legal advice on global data protection laws and regulations for external communications, policy development, and enforcement decisions

Qualification & Experience

• The qualified candidate will have a demonstrated subject matter expertise in data protection and privacy in a multi-national environment.

• They must have a law degree with a minimum of 6-8 years of relevant experience including at least 4 years of in-house and/or law firm expertise ideally supporting complex data privacy matters within B2B and/or B2C environments.

• The successful candidate must be a disciplined legal drafter/writer and possess a problem-solving, “can do” orientation with a demonstrated ability to simplify complex situations.

• Ability to influence without authority and to work within a matrixed legal team is a key attribute.

• Ability to develop and sustain relationships with management at all levels across geographies, and demonstrate customer management skills is required.

• Good understanding of GDPR, North American privacy laws, such as HIPAA, Federal Trade Commission (“FTC”) requirements and guidelines, the California Consumer Protection Act (“CCPA”), the Canadian - Personal Information Protection and Electronic Documents Act (“PIPEDA”), and others.