Corporate Counsel - Privacy

UFG is currently hiring for Corporate Counsel - Privacy to provide privacy, cybersecurity and artificial intelligence advice and counsel to the business. It will support the company’s development, implementation, maintenance of, and adherence to legal requirements and the company’s policies and procedures regarding the privacy of, and access to, company confidential information, including customer and employee personal information. The position will also provide privacy impact assessments and contract negotiations for business developments. It will require familiarity with technology and information technology/security.

Responsibilities:

• Maintain strong subject matter expertise in applicable data privacy and protection laws (e.g., GLBA, GDPR, CCPA/CPRA, NYDFS, TCPA, CAN-SPAM), and draft, implement and maintain privacy notices, consents, and disclosures to ensure compliance with the same.
• Serve as privacy subject matter expert to the Company for all departments and appropriate entities.
• Implement and update privacy, cybersecurity, and data protection related policies, procedures, best practices, and guidelines consistent with applicable laws and industry-specific guidelines.
• Maintain current knowledge of applicable federal and state privacy and cybersecurity legislation and regulation and monitor industry trends and advancements to ensure company adaptation and compliance.
• Counsel business units on data privacy and cybersecurity legal requirements for company products and services.
• Educate and train the Company through development and use of training materials on privacy, cybersecurity, and data protection and contribute to increasing privacy, cybersecurity, and data protection awareness among Company personnel.
• Provide cybersecurity legal and regulatory counsel to the company in order to mitigate risks associated with a cybersecurity or privacy breach.
• Monitor company’s data usage including data usage rights, data ownership with partners, vendors and affiliates, etc.
• Assist IT with the creation of data maps and inventories.
• Assist in corporate alignment to industry privacy and cybersecurity frameworks (e.g., ISO, NIST, etc.)
• Manage third party data sharing including affiliate, vendor, and other third-party data sharing.
• Draft, review and negotiate technology outsourcing, software, platform, subscription, hosted service, cloud-based service, data, service level, SaaS, professional service and license agreements and other third-party vendor agreements.
• Support internal and external audit of company data practices and remediation of gaps.
• Maintain knowledge of privacy practices across the company in order to better understand and isolate the risk of exposure or liabilities, develop practical preventive measures, and respond to information security incidents.
• Assist with obtaining relevant company privacy certifications and manage any applicable registrations with state and federal authorities.
• Assist with creation of regular privacy reports.

Qualifications:

Education:

• Juris Doctor from an accredited law school required. Active bar admission in any U.S. state required.

Certifications/Designations:

• CIPP preferred.

Experience:

• 6+ years of experience as a practicing attorney, with a focus in privacy and information management
• Expertise and knowledge of data privacy and security laws (such as the GLBA, GDPR, CCPA/CPRA, NYDFS, CAN-SPAM and TCPA) and financial reporting standards (e.g., SOX).
• Ideal candidate will have strong experience managing a privacy and cyber compliance program or privacy and cyber legal team.
• In-house experience is preferred.

Knowledge, skills & abilities:

• Ability to manage multiple tasks and work effectively under pressure.
• Keen analytical abilities and excellent judgment, a pragmatic approach to problem solving, flexibility to adapt and thrive in an environment that is constantly changing, and the ability to make smart decisions in the face of ambiguity and imperfect information.
• Self-directed, solution-focused individual who has a strong work ethic, strong business acumen, and the ability to collaborate cross-functionally to achieve enterprise-wide results.
• Excellent negotiation skills and transactional experience.
• Skilled attention to detail and organization required.
• Ability to prioritize and complete time-sensitive filings and projects on time.
• Must deploy sound, mature legal judgment, and influence to build effective working relationships with a wide variety of internal and external colleagues.

Working Conditions:

• General office environment
• Must be available for occasional business travel. Estimated to be 5% of time or less.