Senior Counsel, Cybersecurity, Data Litigation, and Data Risk

Our client, a global automotive leader, is seeking an experienced Senior Counsel, Cybersecurity, Data Litigation, and Data Risk to take on a critical role within its legal team. This position is designed to address a range of evolving legal and technical challenges, including cybersecurity compliance, data breach response, litigation strategy, and collaboration with information security on audits and risk assessments. The ideal candidate will have a solid foundation in cyber and privacy law—with a focus on cyber—combined with technical fluency around data architecture, cloud security, and regulatory frameworks like ISO 27001. This role will work closely with legal and IT leadership and offers the opportunity to help shape how the company manages and protects sensitive information. The position is a hybrid role, requiring three days per week in office in either DC, Detroit, or Chattanooga.

Role Responsibilities:

Oversees legal advice to the Company and provides day-to-day counsel on matters and projects related to areas of expertise (Cybersecurity and Data Risk - 50%)

• Serves as Chief Information Security Officer’s primary legal advisor and lead lawyer supporting the Cybersecurity team
• Provides cybersecurity legal advice and compliance support on state, federal, and international laws (UNECE, cyber and data breach legislation, Automated Vehicle legislation, CISA regulations, state “right to repair” laws, etc.) and assist business units to map legal frameworks to cybersecurity standards and procedures
• Advises on responses to international, federal and state governmental and other external inquiries regarding cybersecurity practices
• Provides legal support for cybersecurity vendor and application risk management, the information security management system, product development, product regulatory teams, and the Car Security Board, developing new processes and procedures as appropriate
• Leads tabletop exercises in conjunction with cybersecurity and business
• Supports cybersecurity and privacy audits and regulatory inquiries
• Focuses on and advance enterprise-wide compliance with global cybersecurity regulatory requirements, developing new processes and procedures as appropriate
• Legal support for cybersecurity contract term negotiation
• Participates on behalf of the company in industry cybersecurity legal working groups
• Provides backup support to privacy legal team as needed, providing privacy legal advice and risk assessment
  
  

Oversees legal advice to the Company and provides day-to-day counsel on matters and projects related to areas of expertise (Incident Response, Data Litigation, and E-Discovery- 40%)

• Leads privacy incident response team, and advises on incident response in general, working with internal teams to understand the scope and details of exposures, advising on incident disclosure obligations, and working with outside counsel, vendors, and law enforcement, and other Company entities when necessary
• Manages all privacy, cybersecurity and related data litigation claims, litigation, and regulatory investigations: proactively manages litigation matters, including formulating litigation strategies and budgets; assisting in drafting and reviewing briefs, motions, and court pleadings; coordinating and preparing witnesses; managing discovery; and other litigation activities
• Supports Company’s eDiscovery Team by serving as a legal expert, providing strategic direction, and day-to-day counsel, review and commentary with respect to legal topics relating to eDiscovery and records information management, including state, federal, and international rules of procedure, eDiscovery law, records retention statutes, and cross-border e-discovery laws. brands, in particular:
• Assists all OGC case teams in development of eDiscovery strategy consistent with Company procedures, client goals, eDiscovery Best Practices, and case variables
• Assists eDiscovery team and Company IT to build and maintain legally compliant preservation and collection processes, procedures, and operations
• Supports Company non-US affiliates on US eDiscovery issues, including by participating in Company Global Discovery Center activities
• Supports implementation of data preservation policies and procedures within business environment
• Reviews and provides recommendations regarding eDiscovery legal risk on technology implementation and configuration
• Supports and advises on records management program and defensible disposition projects
• Serves as primary managing attorney handling certain subpoenas, warrants, and law enforcement requests served on Company
  
  

Training and Processes (10%)

• Attends industry and legal seminars, workshops, etc., as appropriate to keep current on issues, laws and regulations
• Conducts training in relevant practice areas for business units
• Designs and implements relevant procedures and processes and proper documentation with respect to the above-listed responsibilities and activities
  
  

Qualifications - External

Years of Relevant Experience:

• Significant experience in a law firm, corporate legal department, or equivalent environment, with a focus on cybersecurity, litigation, privacy law
  
  

Education- Required:

• Bachelor’s and Law Degrees from top-tier academic institutions
• Membership in good standing in the State Bar of Virginia, or at least one other US state and the ability to operate with a Virginia corporate counsel certificate
  
  

Education- Desired:

• IAPP certifications (CIPP-US, CIPM, CIPT)
• Certified Information Systems Security Professional certification
  
  

Skills:

• Sound professional judgment
• Strong communication skills
• Ability to analyze legal issues in business context with solution-oriented approach
• Ability to foster partnership between legal department and business
• Excellent drafting and written/oral communications abilities
• Excellent client handling skills
• Excellent attention to detail and organization skills
• Excellent negotiation and persuasion skills
• Strong presentation skills
• Strong resource and people management skills
  
  

Specialized Skills- Required:

• Significant experience (related to the topics listed in this job description) as an attorney and litigator at a recognized commercial law firm, regulatory agency, or in-house position, or the equivalent
• Experience managing attorneys and legal professionals to address cross-functional and multi-disciplinary legal and business issues
• Experience advocating and presenting to senior executives
• Ability to quickly learn and become conversant in a variety of legal issues
• Substantial experience providing cybersecurity legal advice to information security organizations and product development teams within a corporation or the government
• Substantial experience managing privacy and legal aspects of cybersecurity incidents
• Substantial experience managing litigation and claims, and/or regulatory inquiries and investigations
• Substantial understanding of and experience in data privacy law (including GDPR, CCPA, FTC Section 5, TCPA, data breach & notification practices)
• Substantial experience drafting and negotiating data licenses and data privacy and security contract provisions
• Substantial experience managing and advising on eDiscovery topics within litigation matters
  
  

Specialized Skills- Required:

• Automotive industry experience
• Strong technical background in cybersecurity, data, and IT infrastructure concepts
• Experience supporting privacy and cybersecurity by design review and concepts in product and service development
• Experience advising on privacy compliance and governance in AdTech
• Experience with global company addressing privacy laws of multiple jurisdictions
• Experience operationalizing privacy laws into a privacy compliance program
• German Language Skills
  
  

Expected salary for this exempt role is $200,000 - $215,000, commensurate with experience, training, skills, qualifications, and other market factors.