Senior Counsel, Privacy & Cybersecurity

Date: Sep 14, 2023

Location: Fountain Valley, CA, US, 92708

Company: Hyundai Motor America

At Hyundai, we’ve rethought our business and created cars that combine performance, quality, design and innovation into a complete package.

It’s time you rethink what you expect from an employer.

At Hyundai, we understand you're not just building a career – you're building a life. We believe in our people and realize that our success is a direct result of our commitment in offering you great opportunities for your career. If you would enjoy working in a dynamic environment and are looking for a chance to become part of a stellar team of professionals, we invite you to apply online today.

 

Location

NHQ

Purpose

Lead all ongoing activities related to the development, implementation, maintenance of, and adherence to HMA and GMA (“company”) policies and procedures regarding the processing, privacy of, and protection of data. This includes compliance with privacy laws concerning consumers, employees, and business data. Responsible for providing cybersecurity (vehicle and enterprise) legal counsel to the company. The position requires collaboration with HMA’s Digital Business Planning (HMA Cybersecurity, Office of Customer Management, Digital Intelligence Group, Dealer Data group), HMA’s IT service provider, the parent company and affiliates (such as HAEA, HATCI, IWA). It also requires familiarity with technology, information technology/security, and vehicle and telematics systems.

Major Responsibilities

~ Review, revise, and negotiate privacy and security provisions within contractual agreements.

~ Serve as privacy subject matter expert to the Company for all departments and appropriate entities.

~ Maintain knowledge of privacy practices across the Hyundai organization in order to better understand and isolate the risk of exposure or liabilities, recommend realistic preventive measures, and respond to information security incidents.

~ Support controls and compliance requirements specified by internal and/or external audit.

~ Manage and lead the development, implementation, maintenance, and adherence to the company’s privacy strategy and program. Ensure that privacy practices are in place and compliant with applicable laws and industry-specific regulations.

~ Collaborate with key internal stakeholders and committees to ensure that the company has and maintains appropriate privacy requirements reflecting current legal practices and organization requirements.

~ Perform initial and periodic information privacy impact assessments and support vendor management functions.

~ Provide cybersecurity legal and regulatory counsel to the company in order to mitigate risks associated with a cybersecurity or privacy breach. Collaborate with HMC Legal, HMC R&D, HMC IT Division, HATCI, and other relevant Hyundai affiliates on vehicle cybersecurity matters. Co-host semi-annual HMA/HATCI/HMC Vehicle Cybersecurity Workshops, support Hyundai participation in DHS Cybers storm, and plan semi-annual tabletop simulations.

~ Provide legal support to work streams and processes relating to the maintenance of the California Consumer Privacy Act and implementation of the California Privacy Rights Act, Virginia Consumer Data Protection Act, Colorado Privacy Act, and similar state legislation.

~ Provide privacy counsel in connection with new business models including digital retailing, autonomy/mobility, and ride sharing.

~ Support HMA Cybersecurity Program as necessary to ensure adherence to US cybersecurity legal and regulatory requirements.

Major Responsibilities (continued)

~ Counsel business units, parent company, and affiliates on data privacy and cybersecurity legal requirements for HMA products and services, including Internet of Things (IoT) efforts such as vehicle telematics, mobile apps, and wearables.

~ Manage potential liability and other legal aspects related to privacy and cybersecurity incidents/allegations and lead/support (as appropriate) the company’s Incident Response activities, including investigating potential incidents, identifying applicable legal obligations, and supporting incident response. Represent the Privacy Office within the organization and with third parties as necessary, including researchers, law enforcement, and government regulators during the incident response process. Oversee vulnerability remediation, as appropriate. Update Incident Response Plan as necessary.

~ Initiate, facilitate and promote activities to foster information privacy awareness within the organization and related entities.

~ Maintain current knowledge of applicable federal and state privacy and cybersecurity legislation and regulation and monitor industry trends and advancements to ensure company adaptation and compliance.

~ Knowledge of self-regulatory privacy/cyber frameworks and industry standards (e.g., ISO, NIST, CIS).

~ Monitor HMA's and GMA’s data usage including vehicle technologies, data usage rights, data ownership with partners, vendors and affiliates, online behavioral advertising, mobile device usage, social media, etc. Create data maps and support updates to same.

~ Collaborate with HMA Cybersecurity and HAEA as well as relevant vendors and business units to manage data breach and cybersecurity incidents or allegations, any required breach notifications and any required remediation.

~ Assist in responding to inquiries from outside parties (e.g., government, NGOs, etc.)

~ Assist with obtaining relevant Company privacy certifications and manage any applicable registrations with state and federal authorities.

~ Represent the company with trade associations, legislators, law enforcement, and think tanks.

~ Assist in the preparation of written reports for review by senior management regarding privacy trends.

Authority

~ Decision making on critical privacy, cybersecurity, and data breach issues.

~ Identification and resolution of privacy and cybersecurity issues and data breaches.

~ Manage outside counsel and third-party consulting firms on discrete data privacy and cyber security projects.

~ Manage Privacy Office attorney(s)/staff.

~ Represent Privacy Office vis-à-vis government regulators and trade and industry associations.

~ Maintain relevant privacy and cybersecurity certifications.

Education

~ Bachelor’s degree required.
~ Juris Doctorate required.

Related Experience

~ Ten or more years of relevant legal experience and six years of privacy experience.

~Automotive industry experience preferred.

~ Technical knowledge preferred.

Skills/Knowledge

~ Strong analytical skills, drafting and negotiation skills, oral and written communication skills.

~ Strong legal operational skills.

~ Excellent people skills.

~ Team-oriented and willing to work collectively.

~ Strong work ethic essential.

~ Self-motivated and innovative.

Certification Required

~ Member California State Bar Association.

~ International Association of Privacy Professionals certification.

Physical Requirements

Normal office duties

Work Model

#LI-Hybrid (80% Onsite/20% Remote)

Affiliate

#Hyundai

Compensation

$132,300.00 - $196,000.00 Annual

Benefits

Benefits include healthcare insurance (medical/prescription, dental, vision), 401(k) company match, a quarterly employer enhanced contribution, basic life insurance, short- and long-term disability, employee assistance program (work/life balance programs and confidential counseling), expert medical services (provider referrals, second opinion), business travel accident insurance, health advocacy (coordinate care and services, assistance with claim and billing issues, understanding Hyundai benefits), annual discretionary bonus, accrued vacation pay, company provided sick pay, vehicle lease program (monthly fee includes insurance and maintenance).

#LI-BD1

 

 

Our Company adheres to the equal employment opportunity guidelines set forth by federal, state and local laws.  The information requested on this form is sought in good faith and will not be used to discriminate against the applicant based on race, religion or creed, color, national origin, ancestry, physical disability, mental disability, medical condition, genetic characteristics, marital status, sex or gender (which includes pregnancy, childbirth, or related circumstances), gender identity, gender expression, age, citizenship, sexual orientation, family care or medical leave status, military and veteran status, political affiliation, or any other characteristic protected by federal, state and local laws.


Nearest Major Market: Orange County
Nearest Secondary Market: Los Angeles