Provide legal review and guidance on initiatives impacting privacy, data protection and security. Partner cross-functionally to inform, influence and advise on data uses and privacy strategies while managing legal risk and ensuring regulatory compliance. Provide privacy and data security subject matter expertise to our other attorneys as they negotiate commercial deals involving use of personal information. Demonstrate the company's core values of respect, honesty, integrity, diversity, inclusion and safety.
Responsibilities
- Ensure that the company complies with all applicable laws, rules and regulations related to privacy and data security
- Provide expertise and guidance to legal colleagues (including product, employment and commercial counsel), Corporate Information Security, Procurement/Sourcing, product development and engineering teams
- Identify and communicate the requirements of existing and new laws and/or regulations applicable to Kroger and any changes on a timely and ongoing basis
- Draft responses to privacy and security related customer, associate, and regulatory inquiries and investigations.
- Draft external privacy notices and disclosures, and manage/update internal policies and procedures to ensure compliance with laws regarding privacy and cybersecurity
- Assist with enhancing, scaling and running the existing privacy program, including privacy operations and documentation; employee training; policy enforcement, monitoring and auditing; and incident response
- Work with the Data Sharing Governance, Compliance, CIS and others to scope and perform data privacy risk assessments, contract reviews, mitigation and remediation, including data control design and monitoring, as well as the mitigation of privacy and security risks
- Remain up-to-date on relevant consumer protection, privacy and data security laws and regulations, as well as on technological developments, threat vectors, and evolving industry standards
- Interact with others in a professional, tactful and sensitive manner
- Must be able to perform the essential job functions of this position with or without reasonable accommodation
Qualifications
Minimum
- Other Law Degree from accredited U.S. law school and admission to state bar; Juris Doctor and active membership in at least one state bar
- 2+ years of experience providing pragmatic and actionable advice to clients on various legal risks and obligations under privacy and data security laws in the U.S. or Europe (including GDPR)
- 5+ years combined experience in law firms, governmental agencies, and/or in-house legal departments
- Experience developing and implementing external privacy notices
- Ability to build and manage a network of key stakeholder relationships
- Experience advising on privacy and data security in commercial transactions a plus
- Strong ethical compass and problem-solving skills
- Strong analytical, strategic thinking, and communication skills with demonstrated legal and business judgment
- Ability to work with large multi-stakeholder teams
- Ability to work with IT professionals and knowledge of basic IT terms and concepts
- Ability to translate legal advice into actionable guidance for product, engineering, security, and business teams
- Prior experience having advised on policies and procedures on data use, security, and privacy
Desired
- Bachelor's Degree IT, Data Analytics or Cybersecurity