Counsel, Privacy, Security & Data Governance

Overview

The Counsel, Privacy, Security & Data Governance will play a critical role in ensuring privacy compliance is seamlessly integrated into Alliant’s data-driven products, services, and offerings across digital and direct mail marketing.

This role requires deep expertise in data governance, privacy, cybersecurity, and emerging technologies, including artificial intelligence (AI). The selected candidate will report to and collaborate closely with the SVP, General Counsel & Chief Compliance Officer, ensuring compliance with data privacy regulations, cybersecurity best practices, and legal assessments.

Working cross-functionally with engineering, data science, finance, sales, marketing, and legal teams, the Counsel will provide strategic legal guidance on data governance and security matters. This position demands strong communication, collaboration, and organizational skills to navigate complex regulatory landscapes while supporting business objectives. The ideal candidate will have a solid foundation in IT systems to facilitate data governance compliance and security in a marketing and technology focused environment and bring a solutions-oriented approach to all matters encountered.

Key Responsibilities:

• Monitor for current and emerging regulatory developments (CCPA/CPRA; other State privacy and data broker laws; FCRA, FTC marketing guidance and more) and translate legal terms into data governance and privacy business requirements, providing regular updates to leadership and stakeholders.
• Establish and manage data governance rules to work cross team to operationalize to enable principles such as privacy by design; data minimization; data suppressions, consent, DPIAs etc. as required.
• Oversee data lifecycle management and ensure compliance, including data ingestion, classification, retention, and disposal processes.
• Define and implement processes, workflows, and training material to equip support teams with the tools needed to maintain compliance.
• Assist the team to record data protection impact assessments where required, and to identify and implement privacy controls and safeguards to mitigate risks.
• Draft privacy notices and review consumer-facing material, including marketing and communications campaigns, for compliance with applicable privacy and data governance and protection requirements.
• Maintain and update records of processing activities and data maps for all personal data processing activities, ensuring adherence to data protection laws, regulations, and standards.
• Provide counsel and oversight to ensure preparedness for managing potential data security incidents and other events in compliance with regulatory and disclosure requirements including leading incident investigations, conducting data breach analysis and response efforts, investigations and managing third-party and insider risk assessments.
• Proactively monitor and mitigate risk across the business by leading the annual risk assessment process, partnering with key stakeholders to analyze company-wide risks related to personal data processing, collection, and storage, and overseeing the documentation of data flows, processes, and procedures to ensure compliance and accountability.
• Develop and implement organization-wide training programs to educate employees on privacy, data protection, and data governance requirements and serve as a trusted advisor to handle privacy-related inquiries and drive awareness across all levels of the organization.
• Collaborate closely with information security, data, and cross-functional teams to strengthen privacy safeguards and protect consumer and customer data rights.
• Proactively manage cross-functional initiatives, ensuring seamless coordination and execution of privacy, security, and compliance strategies.
• Design and execute comprehensive data governance policies, procedures, and standards that ensure data quality, integrity, and security.
• Lead cross-functional teams to define, develop, and maintain data governance frameworks, ensuring alignment with organizational goals and regulatory requirements.
• Collaborate with data stewards, data owners, and IT teams to establish and maintain data definitions, data standards, metadata management, and data quality.
• Monitor and report on data governance metrics, identifying areas for improvement and implementing corrective actions as necessary.
• Conduct regular audits and assessments to ensure compliance with data governance policies and industry regulations.

Required Qualifications & Skills:

• JD degree and active membership in a State Bar or registered in-house counsel, in good standing.
• Minimum 3 years of experience in data privacy, data governance, cybersecurity and AI, preferably in an in-house setting.
• Expertise in SOC certifications, risk management, and enterprise-wide privacy compliance programs.
• Strong analytical, written, and verbal communication skills, with the ability to simplify complex legal and technical concepts for diverse audiences, including senior leadership, engineering, product, legal, and business teams.
• Ability to quickly identify issues, analyze, and clearly communicate advice on complex legal issues.
• Extensive experience drafting and negotiating data protection contracts & addenda and advising technology and product stakeholders providing tailored advice to ensure compliance and mitigation strategies, if necessary.
• A proven track record of responding quickly in the face of security or other incidents to provide guidance and operationalizing privacy guidance to implement and maintain an efficient and effective privacy program that enables business priorities while mitigating risk.
• Demonstrated track record conducting ongoing compliance monitoring & reporting activities in coordination with other compliance and operational assessment functions.
• Strong understanding and interest in risk management and establishing and enhancing enterprise-wide privacy compliance programs.
• Demonstrated ability to deliver comprehensive, proactive and business-forward product legal counseling to the Engineering and Product teams.
• Experience in applying privacy and data protection analysis on emerging technologies, including various, artificial intelligence & machine learning, and privacy enhancing technologies (PETs) and global privacy control (GPC) highly valued.
• Thorough understanding of interactive marketing technologies, including cookies and other passive data collection technologies.
• Motivated self-starter, comfortable managing projects independently and multi-tasking in a fast-paced environment while balancing competing priorities.
• Exceptional interpersonal skills with proven experience in relationship building and partnering. Must work well in both team and individual settings.
• Superior time management, planning, and organizational skills.

This is a full-time, on-site role in Brewster, NY. We offer a competitive salary range of $90,000 - $120,000, complemented by an annual discretionary bonus. Final compensation will reflect the candidate's unique skills, experience, and qualifications. While relocation assistance is not provided, Alliant offers a comprehensive benefits package, including medical, dental, vision, 401(k), paid holidays, vacation, and more benefit perks.

About Alliant

Alliant is a leading independent data company trusted by thousands of brands and agencies to bring a human element to modern data solutions. The Alliant DataHub — built on billions of consumer transactions, an expansive identity map, advanced data science and high-performance technology — enables marketers to execute omnichannel campaigns with responsive consumers at the center. Data security and privacy have been core values since day one, and Alliant’s continually validate our people, processes, and data through meaningful certifications such as SOC2, IAB Tech Lab Data Transparency, NQI certification from Neutronian, and quarterly quality scoring with Truthset. For more information, visit: alliantdata.com.

Alliant is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability and protected veterans’ status, or any other characteristic protected by law.