We are seeking a highly motivated attorney to join the Sirius XM and Pandora legal departments to work on cutting edge privacy issues. This position will be based in New York City and will provide legal subject matter expertise on a wide range of privacy law matters. This role requires 10+ years of direct experience with a focus on complex privacy and consumer law matters. This is an executive level role tasked with the responsibility of ensuring the protection and proper usage of all consumer and employee data.
Duties and Responsibilities:
This attorney will be the primary counsel for Sirius XM and Pandora's operations in the area of privacy. The position will support the Company's Chief Information Security Officer and General Counsel on maintenance of the Sirius XM's Enterprise Incident Response and Notification Plan. In addition, the role will be responsible for privacy advice and compliance across the entire consolidated organization, including Sirius XM, Pandora, Sirius XM Connected Vehicle Services, Automatic Labs and AdsWizz.
The specific responsibilities will include:
Developing a legal and business framework for the Company's privacy policies, including creation of a compliance regimen for the Company's privacy practices
Counseling and advising executive management on privacy matters
Working with a large cross section of the Company's personnel, including various business owners, to ensure both existing and new services comply with privacy laws and obligations
Working with management, key departments and committees to ensure the organization has and maintains appropriate privacy and confidentiality, consent and authorization forms and information notices and materials reflecting current organization and legal practices and requirements
Maintaining current knowledge of applicable federal, state and foreign privacy laws and accreditation standards, and monitor advancements in information privacy technologies to ensure organizational adaptation and compliance
Ensuring all processing and/or databases are registered with the local privacy/data protection authorities, where required
Working with business teams and senior management to ensure awareness of "best practices" on privacy issues
Working with the Chief Information Security Officer to develop strategies for data security and privacy engineering
Interfacing with senior management to develop strategic plans for the collection, use and sharing of privacy-related information in a manner that maximizes its value while complying with applicable privacy regulations and third party agreements
Assisting business units with development of tools and methodologies to ensure on-going privacy compliance
Coordinating with the General Counsel regarding procedures for documenting and reporting self-disclosures of any evidence of privacy violations
Providing leadership for the organization's privacy program
Ensuring compliance with privacy practices and consistent application of sanctions for failure to comply with privacy policies for all individuals in the organization's workforce, extended workforce and for all business associates in cooperation with Human Resources, the Chief Information Security Officer, administration and legal counsel, as applicable
Developing and manage procedures for vetting and auditing vendors for compliance with the Company's privacy policies and legal requirements
Participating in the implementation and ongoing compliance monitoring of all third party agreements, to ensure all privacy concerns, requirements and responsibilities are addressed
Reviewing a variety of agreements, both in-bound and out-bound, for privacy compliance
Assisting in any privacy related litigation, including consumer claims, threats and complaints
Monitoring legislation in the , and briefing executive management regularly on, US, EU and other jurisdictions regarding privacy
Developing privacy training materials and other communications to increase employee understanding of company privacy policies, data handling practices and procedures and legal obligations
Providing initial privacy training and orientation to all employees, volunteers, contractors, alliances, business associates and other appropriate third parties
Conducting on-going privacy training and awareness activities
Developing and coordinating a risk management and compliance framework for privacy; operationalize compliance efforts
Undertaking a comprehensive review of the company's data and privacy projects and ensure that they are consistent with corporate privacy goals and policies
Developing and managing enterprise-wide procedures to ensure the development of new products and services is consistent with company privacy policies and legal obligations
Establishing a process for receiving, documenting, tracking, investigating and taking action on all complaints concerning the organization's privacy policies and procedures
Providing development guidance and assist in the identification, implementation and maintenance of organization information privacy policies and procedures in coordination with organization management and administration and legal counsel
Assuring that the use of technologies maintain, and do not erode, privacy protections on use, collection and disclosure of personal information
Monitoring systems development and operations for privacy compliance
Conducting periodic information privacy impact assessments and ongoing compliance monitoring activities in coordination with the organization's other compliance and operational assessment functions
Working with all organization personnel involved with any aspect of release of protected information to ensure coordination with the organization's policies, procedures and legal requirements
Accounting for and administering individual requests for release or disclosure of personal and/or protected information
Must be licensed and in good standing to practice law in New York.
A Juris Doctorate from a nationally recognized law school is required.
10 years of experience in the privacy profession with an in-depth knowledge of global privacy laws and experience with building, implementing, and maintaining a global privacy program
Expert knowledge of privacy laws and practices
The ability to articulate privacy policies across the organization and drive awareness and adoption as required
Excellent analytical and judgement skills
Excellent written and verbal communications skills with the ability to communicate effectively at all levels of the organization and externally to vendors, partners, the media, and regulators
Ability to manage multiple priorities and changing requirements
Excellent change management skills with the ability to develop strategy, evaluate efficacy, influence stakeholders, drive implementation, and measure success
Must have legal right to work in the U.S.
Certified Information Privacy Professional (CIPP) certification required.
Direct privacy law experience required, some in-house experience preferred.
Demonstrated knowledge and experience drafting and negotiating complex agreements relating to in-bound and out-bound agreements.
Direct experience advising internal stakeholders on a wide range of marketing and consumer law matters.
Experience advising on privacy and data security law and compliance efforts, including the organization and coordination of privacy assessments, corporate policies and processes.
In-depth knowledge of cutting edge IT, web, mobile and ad-tech ecosystems and their Privacy and consumer law implications.
Ability to maintain strong working relationships with demanding internal clients.
Strong analytical capabilities and judgment.
Ability to make decisions and pivot quickly and fluidly, thinking practically and be solution-oriented.
A practical and proactive problem-solver who possesses strong business acumen and is confident, mature and calm under fire.
Excellent time management skills with the ability to prioritize and multitask and work under shifting deadlines in a fast-paced environment.
Ability to work independently and in a team environment.
Willingness to take initiative and to follow through on projects.
Excellent written and verbal communication skills.
Thorough knowledge of MS-Office Suite (Word, Excel, PowerPoint, Access).