Senior Director, Law, Privacy and Cyber

This role requires the ability to work lawfully in the U.S. without employment-based immigration sponsorship, now or in the future.

The Sr Dir, Law-Privacy and Cyber will focus on both privacy law and cybersecurity law. Provides strategic legal counsel to business partners on the full range of data privacy, cybersecurity, and telecommunications privacy matters. Ensures the organization maintains appropriate privacy, information security, and telecommunications compliance policies, and other practices and processes cross-functionally. Support the company's privacy and cybersecurity governance framework.

• Provide legal counsel to the company on incident response actions, internal investigations, emerging risks, and compliance with mandatory cyber incident reporting obligations
• Provide legal support for the company's data strategy efforts as well as analytics and AI/machine learning initiatives, to ensure compliance with applicable privacy and telecommunications laws
• Counsel business teams on consumer consent frameworks, permissible data practices, and the legal implications of new data products or services that involve consumer personal information
• Advise on consumer and employee privacy rights, data subject requests, cross-border data transfers, privacy-by-design principles, and telecommunications subscriber privacy protections under federal and state law
• Ensure the organization maintains appropriate privacy, information security, and telecommunications compliance policies (i.e. privacy impact assessments, data processing agreements, records of processing activities, CPNI safeguarding procedures, and Cable Act subscriber notice and consent protocols)
• Work with senior in-house attorneys to proactively identify and address key legal issues for management to ensure that appropriate risk management strategies are in place
• Assist with drafting and participating in the company's privacy impact assessments and cybersecurity risk assessments
• Partner with other legal functions to develop approved data privacy and cybersecurity-related contract clauses and track any deviations from these established provisions
• Translate complex technical and legal privacy and cybersecurity concepts into clear, actionable guidance for non-technical stakeholders
• Engage law enforcement and information sharing organizations
• Monitor the evolving privacy, cybersecurity, and telecommunications regulatory landscape at the federal, state, and international levels
• Partner effectively and coordinate across the business to identify creative solutions and compliance practices for information, products, and internal operations
• Perform other duties and projects as required

• Active license to practice law in at least one of the fifty states
• Legally authorized to be employed in the United States
• Expertise in privacy law — including telecommunications-specific (CPNI and the Cable Act)
• Expertise in cybersecurity law
• Knowledge of the Electronic Communications Privacy Act
• Knowledge of the critical infrastructure provisions of the Homeland Security Act
• Knowledge of the Cybersecurity Information Sharing Act
• Knowledge of the Cyber Incident Reporting for Critical Infrastructure Act
• Knowledge of the Federal Trade Commission Act, data breach notification laws, and applicable sector-specific state and federal laws
• Knowledge state comprehensive privacy laws
• Knowledge of the SEC's cybersecurity disclosure rules
• Knowledge of international frameworks (EU General Data Protection Regulation, ePrivacy Directive, and the NIS2 Directive)
• Knowledge of emerging privacy and cybersecurity legal issues
• Ability to provide guidance to technical security, data governance, and data strategy teams

• Bachelor's and Juris Doctor degrees from accredited institutions

• 5+ years of experience as a practicing attorney, with meaningful exposure to both data privacy and cybersecurity

• Familiarity with cybersecurity frameworks and standards

• Certifications such as CIPP/US, CIPP/E, CIPM, or CISSP
• 7+ years of combined law firm and in-house experience (focus on data privacy, cybersecurity, and telecommunications law)

• Office environment
• Occasional travel may be required

We offer a comprehensive pay and benefits package that rewards employees for their contributions to our success, supporting all aspects of their well-being at every stage of life.

A qualified applicant’s criminal history, if any, will be considered in a manner consistent with applicable laws, including local ordinances.

Spectrum is an Equal Opportunity Employer, including job seekers with disabilities and veterans.