Provides legal counsel to the Bank’s business units and support functions on all aspects of data protection and privacy, including satisfying legal requirements to ensure the security and confidentiality of customer information and protect against unauthorized access, issuing appropriate privacy notice disclosures about the Bank’s use of customer information and information sharing practices, complying with applicable regulatory and industry guidance to promote data security, and satisfying legal requirements in the event of a data compromise.  Has in-depth knowledge of federal and state laws and regulations regarding data protection and privacy.

Essential Job Functions:

  • Provide legal advice regarding all issues concerning privacy, data protection, data-sharing, and information systems
  • Serve as lead attorney to support activities of the Bank’s Information Security team, and closely collaborate with the Bank’s support functions on privacy-related issues
  • Advise on privacy and data security-related provisions of third party contracts
  • Advise on potential application of EU and other cross-border data security laws to the Bank’s activities
  • Work with the Bank’s Security, Corporate Compliance, Risk, Information Technology, HR Departments in responding to any federal or state regulatory investigations concerning privacy-related matters
  • Monitoring newly enacted privacy laws and regulations, including participating in regulatory development impact assessments, and advising the business units on best practices to comply with legal and regulatory requirements
  • Ensure that corporate data collection, storage and protection programs are consistent and comply with legal requirements
  • Advise on privacy policies for Bank activities, ensuring adoption of industry best practices
  • Advise on the sharing of confidential supervisory information (CSI)
  • Advise on the sufficiency of cybersecurity insurance
  • Advise on notification and other obligations in connection with security and privacy incidents and incident response programs
  • Advise the business units on physical security standards under the FFIEC Guidance and applicable federal laws


 Required Experience:

  • Juris Doctor degree from an accredited law school
  • Thorough knowledge of federal privacy and data protection laws, including the Gramm-Leach-Bliley Act, the Federal Trade Commission Act, the Health Insurance Portability and Accountability Act (HIPAA), and general familiarity with state data breach notification laws
  • 4+ years experience providing legal counsel on data protection and privacy-related laws and regulations
  • Experience with providing legal support to business units which may be impacted by European Union data protection and privacy laws
  • Business-oriented professional with the ability to suggest practical and innovative solutions around legal issues in support of strategic business initiatives and objectives
  • Candidate must be a member of the California State Bar or otherwise qualified to practice law in California as registered in-house counsel
  • Excellent academic and employment credentials
  • Excellent interpersonal skills, with an ability to communicate with multiple levels within an organization
  • Keeps informed of legislative and regulatory proposals related to privacy or data protection
  • A high-level of professionalism and outstanding business judgment
  • Experience with vendor relationship management and contract negotiations
  • Experience with technology solutions or systems used to safeguard privacy and data protection
  • Experience in a dynamic in-house environment preferred

To apply for this job please visit botw.taleo.net.

You can apply to this job and others using your online resume. Click the link below to submit your online resume and email your application to this employer.