Privacy & Cyber Counsel

Job Title: Privacy & Cyber Counsel
Location: One of the following (Harlow, Gloucester, Manchester, or Glenrothes)
Req ID: 182436BR

Summary of Role

To operate as the legal counsel and subject matter expert in data privacy, data management and cyber matters for the organisation, serving as part of the global privacy and cyber security teams, ensuring the application of industry best practices and concepts are implemented and maintained within the organisation.
Plan, direct and coordinate activities of RSL to ensure compliance with regulatory standards and corporate policy. Develop, implement and manage the process of adequately preparing the organisation for potential future opportunities, risks and/or threats.
The role is based in a fast paced defence technology/cyber security company ultimately reporting into the RSL’s General Counsel .
This is a high visibility role that will require the candidate to work across all layers of the organisation and across the company to manage internal stakeholders, collaborate closely with affiliate businesses and support corporate initiatives.
This role may require access to classified information and, as such, the candidate is required to hold (or be able to obtain) DV clearance. The role requires the ability to provide legal advice on emerging areas of law and the candidate should be able to demonstrate thought leadership in the areas of privacy and cyber security and develop an internal and external network (including within our customer community) to share best practice.

Main Duties

• To advise on all aspects of privacy and cyber security law.
• To design and implement a robust strategy to ensure the organisation is compliant with its obligations under the GDPR and UK data protection legal requirements in coordination with Raytheon’s Global Privacy Team.
• To inform and advise leadership, and employees who carry out processing, of their obligations under relevant data privacy requirements.
• To inform and advise leadership and employees of their obligations under relevant cyber requirements.
• To set data privacy goals and objectives for the organisation and deliver the means for enabling the organisation to succeed in such goals.
• To monitor compliance with applicable cyber security and data privacy requirements, and deliver leadership and advice on cyber security and data protection and provide metrics and reporting to reduce compliance risks.
• To undertake risk analysis and provide solutions to the organisation.
• To introduce new methods of data management practices and techniques to enable the organisation to be an industry leader in data privacy.
• To be accountable for and take leadership of the organisation’s data protection program and compliance with applicable data protection laws.
• To act as the point of contact for, and engage and co-ordinate with, the UK Information Commissioner’s Office (or other non-UK Supervisory Authorities).
• To conduct data privacy reviews, data protection impact assessments and audits.
• To lead communications and training initiatives on data privacy within the organisation.
• In consultation with other functions and external resources, identifying future data privacy/ cyber compliance opportunities, risks and/or threats.
• Brief stakeholders and management with respect to upcoming changes and impact to RSL.
• Establish and maintain links with key stakeholders to ensure policies are resilient to different future environments.
• Coordinate work between departments and share information to mitigate risk and provide opportunity within communities of interest.
• Elevate emerging issues to senior level audience and commission work on areas of interest, risk or threat.
• Responsible for coordinating the establishment and implementation of policies and processes for company activities to safeguard vulnerability and reduce risk in relation to privacy and cyber issues.
• Responsible for the coordination of key stakeholders to ensure compliance with applicable statues and regulations including corrective action activity.
• Developing techniques to measure and assess risk profile of RSL and Raytheon ELCAN consistent with organisation objectives.
• Conducting reviews or audits to ensure that privacy and cyber procedures are being followed.
• Arranging employee training on privacy and cyber related topics, policies, or procedures.
• Develop and implement local procedures to mitigate privacy and security risk.
• Draft, negotiate and advise on data protection agreements, terms of service, privacy policies and other contracts and communications.
• Evaluate and respond to data subject requests.
• Counsel and advise Raytheon UK and Raytheon ELCAN business teams on product and services related privacy and cybersecurity laws, regulations and standards.
• Identify and advise on any privacy and/ or cyber considerations for international business opportunities and devise mitigation strategies, liaising with internal and external counsel as applicable.
  

Candidate Requirements
Essential

• Current practicing certificate (Law Society of England and Wales) with expert knowledge in EU and UK data privacy and cyber security, or extensive experience of data privacy and data privacy regime management.
• DV clearance or ability to obtain DV clearance
• Ability to demonstrate successful strategy and business plan development.
• Experience in managing data incidents and breaches.
• Knowledge of cybersecurity risks and other information security standards.
• Meticulous attention to detail.
• Effective communicator, capable of dealing with a wide range of stakeholders.
• Audit experience.
• Proven track record of having experience in the field of project management.
• Self-motivated with ability to drive compliance programme.
• Technically strong and able to analyse data in large fields.
• Production and delivery of training and awareness packs.
• Proven ability to establish and maintain a high degree of confidentiality, respect, trust and credibility at all levels.
• Knowledge of current data privacy management tools and systems.
• Experience in leading data privacy training.

Desirable

• Familiarity with defence industry and related security regimes.
• Certification, either through a UK organisation or the International Association of Privacy Professionals.182436
  

Raytheon Technologies is An Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status, age or any other federally protected class.