Corporate Legal Counsel - Global P&C Insurance Carrier - Privacy Focus!

Reporting to the Head of Legal, the Corporate Counsel, Privacy serves as a key member of the legal team and will own and run data privacy operations for the business.

THE ROLE:

The right candidate has a proven background advising, owning, and operating a data privacy framework, and experience in developing, implementing, and managing the business processes and practices necessary to drive compliant privacy transformation initiatives and BAU operations simultaneously. This role will partner with the Group DPO and Privacy global team to ensure the US business maintains an effective program that is compliant with US privacy and data security laws and regulation and is responsible for keeping abreast of all emerging laws, regulations and communicating expected impact and recommending solutions to the business and management.

This role will serve as the point person for US customer queries and will ensure all necessary and relevant privacy trainings and tools are effectively delivered to the US business. Additionally, the individual will collaborate closely with key stakeholders in Data, Risk, Claims, Operations, and Marketing to drive compliance and best practices. This role is suited to an experienced privacy professional who is comfortable taking decisions and operating as part of an embedded legal function and simultaneously part of a global privacy team.

This role will be a member of the US legal team, providing day to day legal advice and counselling to the business regarding marketing initiatives, contract negotiations, and data incident management.

Key Responsibilities:

• Lead Privacy initiatives within the US:
  • Simultaneously run the annual US privacy program and BAU responsibilities for a leading specialist commercial insurer with growth plans in the US market.
  • Lead on the development and own the US privacy roadmap, delivering through others in Digital, Data, IT and Marketing where required.
  • Drive the development of US adherence to Group data protection and privacy policies, standards and guidelines that are consistent with US state legal and regulatory requirements.
  • Be the escalation point for US customer queries on privacy and the exercising of their rights and escalation point for teams managing these processes.
  • Manage, triage, and escalate any data incidents - actively promoting an open reporting culture with awareness and communication initiatives.

• Advice and Counselling:
  • Research and advise the business on current and developing regulatory and legal changes that will or may affect the business; timely communicate and provide solutions.
  • Support stakeholders with the appropriate uses of personal and consumer data within the company for new products, services, marketing, and changes to our business.
  • Run, support, and approve Data Privacy Impact Assessment (DPIA) processes for the US business. Raise awareness and drive best practice in completion of the DPIA processes.
  • Maintain an existing data processing inventory including an annual refresh campaign, drawing insight and reporting results to Management.
  • Provide ad hoc guidance and support for privacy and customer data related queries.
  • Work with the Learning and Development teams to produce and enhance privacy training programmes and communications
  • Collaborate with an international network of the companies Privacy experts.

• Involvement in related data initiatives and business projects:
  • Collaborate with the Data team on process reviews and advisory work to ensure the compliant use of personal data.
  • Support the Data and Digital Enablement team to ensure sensitive data protection is clearly defined, communicated, and well understood and considered as part of operational prioritization and planning.

• Manage US third party risk assurance:
  • Ensure appropriate contract and audit management with respect to US business partners and vendors accessing or processing personal data.
  • Review, draft, and negotiate commercial contracts, including non-disclosure, vendor/supplier, software, consulting, broker, agency, and partnership agreements.

• Project Management and Team Supervision:
  • Represent and lead on behalf of legal in various business projects and initiatives
  • Ensure the completion of key activities such as monitoring reviews or internal audit actions.

If interested, please reach out for a confidential conversation to discuss more!

Must Haves:

• J.D. from an accredited law school.
• CIPP-US or comparable certification or training.
• Experience or knowledge of global privacy laws and practice including relevant legislation.
• Experience with risk and control frameworks - including GRC (Governance Risk and Control) technology
• Experience or interest in Privacy Enhancing Technology (ideally OneTrust)
• A keen attention to detail, pride in delivery and personally accountability for areas of responsibility
• Experience in managing privacy operations and programs.
• Experience in digital technology and cookies technology
• Knowledge of information security policies, standards, and best practices.
• Capability to make and recommend risk-based judgments to senior leadership.
• Ability to build and maintain relationships across the business and Group roles.
• Self-motivated and able to work under pressure.
• Ability to think strategically, designing solutions to complex problems that balance multiple inputs.
• Experience negotiating commercial contracts, including SaaS, supplier agreements, and broker/partner and reinsurance agreements.
• Ownership mentality with the ability to own and run an agenda of privacy.
• Effective communication skills and ability to present to diverse range of colleagues, with the solid experience of presenting to senior leadership.