Nelnet is a diversified and innovative company committed to enriching lives through the power of service as a student loan servicer, professional services company, consumer loan originator and servicer, payments processor, and K-12 and higher education expert. For over 40 years, Nelnet has been serving its customers, associates, and communities.
The perks of working at Nelnet go beyond our benefits package. When you join the Nelnet team, you’re part of a community invested in the success of each individual. That support comes through in our work, as we are united by our mission of creating opportunities for people where they live, learn, and work.
The Senior Privacy Counsel is responsible for the development, implementation, and execution of the organization’s privacy program, including privacy risk and impact assessments designed to identify, assess, prioritize, and mitigate privacy risks and increase adherence to privacy regulatory requirements. This position closely collaborates with business stakeholders to control risk from potential procedural or technology changes that affect privacy.
Job Responsibilities
- Subject matter expert providing legal advice on privacy, security, and data protection regulations, including, but not limited to U.S. federal privacy regulations (GLBA, COPPA, FERPA, FCRA, CANSPAM, FPA), U.S. state privacy laws (CCPA/CPRA), and international privacy laws ((GDPR, PIPEDA, PIPL)
- Support, conduct, and oversee the implementation of privacy impact assessments
- Develop comprehensive enterprise privacy frameworks and security safeguards including privacy by design requirements
- Analyze applicability of privacy regulations and lead implementation of the same;
- Monitor and track privacy and data protection laws and regulations and work with the government relations team in assessing proposed legislation and submitting proposed comment to the same
- Build and operationalize data subject rights requests frameworks pursuant to domestic and international laws
- Support and conduct contractual guidance and negotiation on privacy issues relating to SAAS agreements and third-party vendor products, software, new products, and features
- Experience with application support for new mobile applications and website UX design and development
- Draft and standardize policies, protocols, and training programs, including guidance for enterprise stakeholders, such as business and product development, mergers and acquisitions, investor relations, and procurement
- Draft, negotiate, and revise privacy and data processing addendums
- Provide guidance to product and engineering teams on issues related to new and existing products and features throughout the entire product development lifecycle
- Work with internal audit teams on evaluating and improving internal controls relating to data privacy
- Assist legal teams with contract review and defensive litigation strategies relating to privacy and data protection
- Maintain current knowledge of applicable federal and state privacy laws and accreditation standards, and monitor advancements in information privacy technologies to ensure organizational adaptation and compliance
- Manage the privacy incident response program, including overseeing the investigation of privacy incidents and determining whether a privacy breach has occurred under applicable laws and/or contractual requirements
- Participate in Board of Directors meetings including providing regular updates to the Board on key privacy issues at designated Board Committee meetings
- Lead and supervise privacy activities and manage outside counsel as needed to support privacy projects
- Work closely with the enterprise cybersecurity team and technology service teams to anticipate potential privacy problems embedded in the use of emerging technologies and the impact on data privacy protection and management
- Support implementation and development of artificial intelligence projects and keep apprised of developments in artificial intelligence technologies
- Serve as the Data Protection Officer where applicable
Additional Job Description
- Juris Doctor required
- 8 plus years of relevant work experience with data privacy regulations, including but not limited to, GLBA, FCRA, FACTA, RFPA, COPPA, FERPA, CANSPAM, CCPA/CPRA, GDPR, and PIPEDA.
- Must be eligible to work in the United States without need for work visa or residency sponsorship
- Ability to establish rapport, build relationships, and collaborate effectively across departments and at all levels within the organization
- Demonstrated ability to distill complex concepts or situations into concise and compelling communications
- Excellent communication, negotiation and influencing skills
- Ability to maintain a high level of discretion and confidentiality
- Proven leadership skills which inspire teams to meet business objectives with outstanding results
- Demonstrated project management skills to lead the implementation of complex change initiatives
Preferred Qualifications
- Consumer and Financial Services Data Privacy Experience (e.g., GLBA, FCRA, etc.)
- Recognized certification(s) as a privacy compliance professional (e.g., CIPP/US)
Salary range for this position is $200,000- $230,000 DOE.