Director and Sr. Counsel- Security and Privacy

Discover Financial Services

The Position:
Under the direction of a Vice President, the Director and Sr. Counsel- Security and Privacy operates as the subject matter expert for security and privacy (including cybersecurity) law and governance issues within the law department.

This role handles complex legal matters and projects including providing legal advice, direction and training to assigned in-house business partners, supporting a risk-aware culture and ensuring effective risk management practices in accordance with relevant laws, regulations, and company policies. The Director and Sr. Counsel is responsible for identifying, assessing and communicating legal and relevant regulatory requirements and industry best practices relevant to the Company and its businesses, manages assigned resources and budgets, including outside counsel spend. There is emphasis on proactive monitoring, governance, risk identification
and escalation, as well as making sound risk decisions commensurate with the business units risk appetite and
all risk and compliance program requirements

 Works closely with business clients and other coverage attorneys to understand business operations
and objectives, in order to provide comprehensive, proactive and timely advice on legal and regulatory
requirements and business transactions and initiatives applicable to security (including cybersecurity)
and privacy matters.
 Partner with business and compliance professionals to develop strategic solutions that address security
and privacy legal requirements and risks, including with respect to:
 New products and initiatives
 Vendor relationships
 Disclosures and Marketing
 Data governance
 Regulatory exams
 Policies, procedures and training
 Provides strong timely advisory support for security incident matters.
 Exercises prudent discretion and decision-making skills by advising business clients on strategic and
complex issues and requirements applicable to assigned role (e.g., other Legal Counsel, Risk,
Government Relations, Exam Management), such as on new initiatives, business process reviews,
compliance with laws, regulations, policies and procedures, contract review and analysis, training,
corrective actions, risk and issues raised in governance committees.
 Manages and develops teams, outside counsel and other experts as assigned and required by role at
management’s discretion, to achieve Legal’s Mission and Discover’s business objectives.
 Identifies, assesses, communicates, and provides oversight and strategic guidance on new or proposed
legal and regulatory requirements, emerging legal and regulatory risks and trends.
 Support company engagement with government, industry, and consumer groups on privacy issues.
 Juris Doctor from an accredited law school required
 8+ years of experience in consumer financial services (including credit card, mortgage, student
loans and deposit products) and security law or related
 2+ year of people management experience
 4+ years of experience as a data protection lawyer in consumer financial services or technology gained
at a financial institution, regulatory agency or law firm.
 Strong knowledge of GLBA, Reg. P, CCPA, FCRA (Reg. V), GDPR, and applicable data protection
state laws and regulations
 Business-oriented professional with solid analytic skills and a proven ability to handle multiple
complex matters simultaneously.
 Ability to plan and implement changes impacting the business as a result of emerging security/privacy
 Excellent interpersonal skills, and the ability to build and foster relationships
 Ability to communicate effectively both verbally and in writing with all levels of the organization
including senior management and regulators.
 Experience driving, prioritizing, and effectively managing cross-functional initiatives, and an ability
to both work independently and with large multi-stakeholder teams
 CIPP/US certification a plus

To apply for this job please visit