Director – Cyber Legal Counsel

Barclays have an excellent opportunity for a Cyber Legal Counsel to join the Cyber Legal team, based in Whippany.

­­­­­­­­­­­­­­­­­­Purpose of role

Director, Cyber Legal Counsel’s role will specifically involve, among other things:

Legal and regulatory risk management support to CISO, CSO, Resilience, and Technology stakeholders and senior committees; Compliance with cybersecurity related laws, rules, and regulations; Regulatory reporting re cybersecurity and technology incidents; Third and fourth party security issues; Optimizing external legal spend; and Engaging in industry thought leadership.

Essential Skills/Basic Qualifications:

• Qualified cyber lawyer with at least extensive applicable in-house, law firm, or government experience;
• Exceptional communication and writing skills;
• Willingness to work at least 3 days per week from Barclays’ offices in Whippany, New Jersey.

Desirable skills/Preferred Qualifications:

• Experience interpreting and advising on global cybersecurity regulations as applied to a control environment;
• Experience advising during cyber-attack or data breach; and
• Experience working for or with government security, intelligence, and/or law enforcement agencies.

About Cyber Legal

Barclays’ Cyber Legal Team (“Cyber Legal”) is part of the Barclays Execution (“BX”) Legal function.  Cyber Legal provides a shared service across the entire organization advising on all legal and regulatory issues and risks relating to cybersecurity, with a focus on supporting the Chief Information Security Office (“CISO”), the Chief Security Office (“CSO”) and its Joint Operations Centres (“JOC”), and the Operational Resilience (“Resilience”) function.  Cyber Legal partners extensively with other Barclays Legal teams that include Data Privacy Legal; AI & Emerging Tech Legal; Financial Crime Legal; Litigation, Investigations & Enforcement; Commercial, Innovation & Technology Legal and other specialist Legal colleagues and business coverage Legal teams.

Cyber Legal’s work primarily involves:

• Incident Preparedness and Response: 
  • Establishing incident response plans, tri-partite agreements with law firms and cyberforensic vendors;
  • Socializing and training on practices for limiting regulatory and litigation exposure from cyberattack; and
  • Supporting day-to-day on internal and third party cybersecurity and technology incidents, including w/r/t business impact, data issues, regulatory notifications and public disclosures.
• Governance, Risk, & Compliance: 
  • Advising Barclays Chief Information Security Officers and Resilience leads on governance practices, and emerging legal and regulatory risks; and
  • Serving as Legal Coverage Leads for Cyber on bank-wide program for compliance with all applicable cybersecurity laws, rules, and regulations.  
• Intelligence:  
  • Establishing agreements and maintaining relationships with law enforcement & industry groups; and
  • Advising on threat intelligence collection from surface and dark web sources, and sharing to public and private partners.
• Public Disclosures: Preparing and socializing annual and ad hoc cybersecurity and resilience disclosures.
• Internal Investigations: 
  • Supporting CSO internal investigations into insider threats, data leakage, physical security threats, and criminal activity by staff; and
  • Facilitating law enforcement engagement.
• Physical Security: 
  • Coordinating agreements with law enforcement;
  • Advising on physical security incidents and bespoke issues. 
• Third Party Security Risk Management:  Advising on security terms; supporting CISO’s Third Party Security Management team.
• Red Team and Penetration Testing:  Reviewing and advising on internal Red Team operations.
• Crisis Management:  Drafting communications, regulatory notifications; creating and exercising runbooks.
• Transactions:  Supporting Legal colleagues with interpretation and negotiation of cybersecurity clauses and related due diligence. 
• Resilience: 
  • Supporting stakeholders efforts toward workforce and technology recovery planning, Resilience scenario testing, Resilience by design, and contingent processes;
  • Assessing requirements for Important Business Services, Resilience Scenario Testing, Resilience by Design, and Contingent Processes.
• Education and Training:  Delivering substantive training for security stakeholders and Legal colleagues.
• Industry Leadership:  Participating actively in the broader network of in-house cyber legal counsel.

Key Accountabilities

The role of Director, Cyber Legal Counsel will require:

Capacity to advise heads of business and infrastructure teams on sensitive, complex, and strategic legal and regulatory issues; Expertise regarding the proper treatment of cybersecurity incidents and issues—whether internal, external, cross-border, or otherwise—from identification to resolution; Engagement with regulators and law enforcement; A nuanced understanding of global cybersecurity legal and regulatory framework; Ability to anticipate and advise on industry developments; and A professional manner that is above reproach and exemplifies Barclays Values.

You may be assessed on the key critical skills relevant for success in the role, such as those relating to risk and controls, change and transformation, business acumen, strategic thinking, as well as job-specific technical skills.

This role is located in New York.

Minimum Salary: $270,000

Maximum Salary: $330,000

The minimum and maximum salary/rate information above include only base salary or base hourly rate. It does not include any other type of compensation or benefits that may be available.

Purpose of the role

To help ensure that the Cyber, Data, IP & Emerging Tech Legal activities are conducted in compliance with applicable laws and regulations, and to help the bank manage legal and reputational risks associated with these activities. 

Accountabilities

• Development and implementation of best practice legal strategies for risk management and compliance.
• Legal advice and support to the business on cybersecurity, data privacy, intellectual property (IP) and emerging tech matters, including  cybersecurity and data privacy incidents, IP protection and technology deployment.
• Representation of the bank in legal proceedings related to cybersecurity, data privacy, IP protection and emerging tech, such as litigation, arbitration, and regulatory investigations.
• Creation and review of legal documents such as data protection policies, cybersecurity protocols, IP licenses and emerging tech policies to ensure compliance with applicable laws and regulations.
• Legal research and analysis to stay up to date on changes in laws and regulations that may impact the bank's cybersecurity, data privacy, IP protection and emerging tech practices.
• Developing and delivering training programmes to educate employees on legal and regulatory requirements related to cybersecurity, data privacy, IP protection and emerging tech.
• Pro-active identification, communication, and provision of legal advice on applicable laws, rules and regulations (LRRs). Keeping up to date with regards to changes to LRRs in the relevant coverage area. Ensuring that LRRs are effectively allocated to, and adequately reflected within, the relevant policies, standards and controls.

Director Expectations

• To manage a business function, providing significant input to function wide strategic initiatives. Contribute to and influence policy and procedures for the function and plan, manage and consult on multiple complex and critical strategic projects, which may be business wide..
• They manage the direction of a large team or sub-function, leading other people managers and embedding a performance culture aligned to the values of the business. Or for an individual contributor, they lead organisation wide projects and act as deep technical expert and thought leader, identifying new ways of working and collaborating cross functionally. They will train, guide and coach less experienced specialists and provide information affecting long term profits, organisational risks and strategic decisions..
• Provide expert advice to senior functional management and committees to influence decisions made outside of own function, offering significant input to function wide strategic initiatives.
• Manage, coordinate and enable resourcing, budgeting and policy creation for a significant sub-function.
• Escalates breaches of policies / procedure appropriately.
• Foster and guide compliance, ensure regulations are observed that relevant processes in place to facilitate adherence.
• Focus on the external environment, regulators, or advocacy groups to both monitor and influence on behalf of Barclays, when appropriate.
• Demonstrate extensive knowledge of how the function integrates with the business division / Group to achieve the overall business objectives.
• Maintain broad and comprehensive knowledge of industry theories and practices within own discipline alongside up-to-date relevant sector / functional knowledge, and insight into external market developments / initiatives.
• Use interpretative thinking and advanced analytical skills to solve problems and design solutions in often complex/ sensitive situations.
• Exercise management authority to make significant decisions and certain strategic decisions or recommendations within own area.
• Negotiate with and influence stakeholders at a senior level both internally and externally.
• Act as principal contact point for key clients and counterparts in other functions/ businesses divisions.
• Mandated as a spokesperson for the function and business division.

All Senior Leaders are expected to demonstrate a clear set of leadership behaviours to create an environment for colleagues to thrive and deliver to a consistently excellent standard. The four LEAD behaviours are: L – Listen and be authentic, E – Energise and inspire, A – Align across the enterprise, D – Develop others.

All colleagues will be expected to demonstrate the Barclays Values of Respect, Integrity, Service, Excellence and Stewardship – our moral compass, helping us do what we believe is right. They will also be expected to demonstrate the Barclays Mindset – to Empower, Challenge and Drive – the operating manual for how we behave.