The Legal Department’s mission is to effectively administer the legal affairs of the Company by providing professional, timely, and useful legal advice and services, recommending appropriate policies, practices, and procedures to mitigate legal risk, arranging and actively managing the services of outside counsel as needed, all while balancing control of the Company’s legal risks against business goals.
The Assistant General Counsel for Privacy and Cybersecurity will be an integral part of our legal department at Moody’s. Along with maintaining current knowledge of applicable US and international privacy and cybersecurity laws and standards, monitor new developments to facilitate organizational adaptation and compliance. While designing and implementing a global privacy law compliance program, including processes for the completion of personal information inventories, privacy impact assessments, and data protection policies and procedures
• Create and retain a data record inventory of data processing activities of the company and any other privacy-related documentation required by the GDPR or similar laws or regulations
• Coordinate with other members of the legal team, information security and business stakeholders to ensure existing and new products, services and processes comply with applicable privacy requirements
• Oversee, direct and assist with delivery of privacy training to company employees
• Support incident response team for incidents or breaches involving personal data
• Act as privacy subject matter expert in the negotiation and implementation of contract terms concerning data privacy and protection, between the company and vendors, third-party contractors, suppliers, customers, and agencies
• Liaise with privacy and cybersecurity professionals at peer companies and industry organizations to benchmark efforts and learn best practices
• Experience managing privacy programs from inception to operation, including privacy risk and compliance management, metrics tracking, privacy training development and deployment, and incident management
• Strong technical understanding relating to IT environments, cloud computing and the online space (e.g., social media, cookies, mobile apps, big data analytics, etc.), with particular focus on how these technologies are used to communicate, collect, use and/or share personal data
• Strong project management skills with proficiency in managing multiple projects simultaneously
• Minimum of 10+ years of experience in a role focused on data privacy/protection compliance.
• Law degree from well-respected university.
• Certification in privacy and data protection (CIPP, CIPM or CIPT) is a plus
• Prior experience in the financial services /business information provider industries or B2B industry is an advantage
• Experience working in a multi-national corporation (in particular, headquartered in the U.S.) or experience working on projects involving stakeholders from multiple jurisdictions strongly preferred
• Excellent leadership and communication skills, and desire to work as part of a global team in a fast paced environment
For San Francisco positions, qualified applicants with criminal histories will be considered for employment consistent with the requirements of the San Francisco Fair Chance Ordinance. For New York City positions, qualified applicants with criminal histories will be considered for employment consistent with the requirements of the New York City Fair Chance Act. For all other applicants, qualified applicants with criminal histories will be considered for employment consistent with the requirements of applicable law.
Click here to view our full EEO policy statement. Click here for more information on your EEO rights under the law. Click here to view our Pay Transparency Nondiscrimination statement.