Counsel Cyber Security and US Privacy Manager

About The Position

Requirements

• A licensed U.S. attorney with at least five years of experience advising on cybersecurity and privacy matters in-house or in private practice.
• Strong knowledge of U.S. privacy laws, state breach‑notification rules, and cybersecurity frameworks such as NIST and ISO 27001.
• Familiarity with global privacy, cybersecurity, and emerging digital regulations.
• Ability to thrive in a fast‑paced environment, manage competing priorities, and remain steady and effective during crisis situations.
• Excellent written and verbal communication skills with the ability to draft high‑quality legal documents in English.
• Proven strategic thinking, sound judgment, and the ability to translate complex technical concepts into clear, actionable legal guidance.
• Hands‑on experience advising during cybersecurity incidents and willingness to respond rapidly, including outside regular business hours.
• Demonstrated success negotiating cybersecurity, privacy, and AI‑related contractual terms and contributing to governance frameworks.

Nice To Haves

• 6+ years of combined law firm and in‑house experience focused on cybersecurity, privacy, digital regulation, or information security.
• Experience advising multinational companies and interacting with regulatory authorities.
• Litigation experience and exposure to OT security, manufacturing environments, or consumer‑facing digital ecosystems.
• Experience supporting digital transformation, AI governance, and enterprise technology initiatives.
• Technical fluency in cybersecurity, IT, or digital systems, with comfort navigating multijurisdictional regulatory landscapes.

Responsibilities

• Provide legal guidance on cybersecurity, digital regulatory matters, IT/OT security, and incident response across PMI’s global operations, with emphasis on U.S. requirements.
• Support the SOC, Cyber Defense, and Incident Response teams during potential security events, including triage, investigation, remediation, notifications, and documentation.
• Contribute to PMI’s cybersecurity governance frameworks, including policies, playbooks, standards, processes, tabletop exercises, and cross‑market alignment.
• Draft and negotiate cybersecurity, data protection, and technology‑related contractual provisions such as DPAs, security addenda, AI clauses, and vendor due‑diligence terms.
• Monitor U.S. and global developments in cybersecurity, AI, digital regulation, and emerging technologies, translating legal requirements into actionable guidance for business and technical teams.
• Develop and maintain cyber and privacy policies, standards, controls, notices, training materials, and program improvements.
• Identify and advise on legal and compliance risks arising from audits, assessments, testing, and new digital or data initiatives.
• Serve as a key U.S. privacy legal contact, advising on federal and state privacy laws (including CCPA/CPRA, CTDPA, CPA, VCDPA, HIPAA) and their operational impact.
• Support U.S. privacy compliance activities including DPIAs/PIAs, consumer transparency, data subject requests, retention, notices, and governance for new technologies (AI, ML, IoT, biometrics, geolocation).
• Align U.S. privacy and cybersecurity practices with PMI’s global frameworks by partnering closely with global legal, digital, commercial, IT, and market teams.
• Build strong relationships with cross‑functional stakeholders, serving as a trusted advisor who provides practical, risk‑based guidance.
• Communicate complex technical and legal concepts clearly to executives, business leaders, engineers, and security teams.
• Manage competing priorities with sound judgment, independence, and urgency, particularly during fast‑moving cybersecurity incidents.
• Drive effective execution of legal and compliance initiatives through strong planning, problem‑solving, project management, and analytical capabilities.
• Contribute to global cyber, privacy, and AI governance initiatives and help localize them for U.S. needs.
• Demonstrate high integrity, accountability, and collaboration while influencing stakeholders and supporting a culture of strong cyber and privacy governance.

Benefits

• We offer a competitive base salary, annual bonus (applicable based on level of position), great medical, dental and vision coverage, 401k with a generous company match, incredible wellness benefits, commuter benefits, pet insurance, generous PTO, and much more!
• We have implemented Smart Work, a hybrid model of working that promotes flexibility in the workplace.