Counsel Cyber Security and US Privacy Manager

Be a part of a revolutionary change!

At Philip Morris International (PMI), we’ve chosen to do something incredible. We’re totally transforming our business and building our future on one clear purpose – to deliver a smoke-free future.

With huge change, comes huge opportunity. So, if you join us, you’ll enjoy the freedom to dream up and deliver better, brighter solutions and the space to move your career forward in endlessly different directions. Our success depends on people who are committed to our purpose and have an appetite for progress.

Our beautiful HQ in Stamford, CT is just steps away from the Stamford Metro-North Train Station and easily accessible from NYC.

The Counsel, Cyber Security and U.S. Privacy Manager serves as a key legal advisor within PMI’s Global Data Privacy & Cyber Legal function, acting as both a cybersecurity legal specialist and a U.S. privacy subject‑matter expert. In this capacity, the role provides day‑to‑day global and U.S.‑focused legal guidance on cybersecurity, digital regulatory requirements—including artificial intelligence—security incident response, IT/OT security, and broader data protection matters.

The position also contributes to global cyber and digital regulatory strategy in close partnership with the Global Senior Counsel – Data Privacy &.

In addition, this role leads U.S. privacy counseling and compliance support across PMI’s operations, offering legal interpretation and application of federal and state privacy laws (such as CCPA/CPRA, CPA, VCDPA, CTDPA, HIPAA), and navigating their intersections with GDPR and other global regulations. The Counsel manages core U.S. privacy activities including consumer transparency requirements, DPIAs, vendor contract reviews for privacy, AI, and information‑security clauses, and data subject rights support.

By strengthening PMI’s “follow‑the‑sun” global legal model, this role enhances the company’s ability to manage evolving U.S. privacy and cybersecurity regulatory complexity while ensuring alignment with PMI’s enterprise‑wide digital, data protection, and cybersecurity objectives.

• Provide legal guidance on cybersecurity, digital regulatory matters, IT/OT security, and incident response across PMI’s global operations, with emphasis on U.S. requirements.
• Support the SOC, Cyber Defense, and Incident Response teams during potential security events, including triage, investigation, remediation, notifications, and documentation.
• Contribute to PMI’s cybersecurity governance frameworks, including policies, playbooks, standards, processes, tabletop exercises, and cross‑market alignment.
• Draft and negotiate cybersecurity, data protection, and technology‑related contractual provisions such as DPAs, security addenda, AI clauses, and vendor due‑diligence terms.
• Monitor U.S. and global developments in cybersecurity, AI, digital regulation, and emerging technologies, translating legal requirements into actionable guidance for business and technical teams.
• Develop and maintain cyber and privacy policies, standards, controls, notices, training materials, and program improvements.
• Identify and advise on legal and compliance risks arising from audits, assessments, testing, and new digital or data initiatives.
• Serve as a key U.S. privacy legal contact, advising on federal and state privacy laws (including CCPA/CPRA, CTDPA, CPA, VCDPA, HIPAA) and their operational impact.
• Support U.S. privacy compliance activities including DPIAs/PIAs, consumer transparency, data subject requests, retention, notices, and governance for new technologies (AI, ML, IoT, biometrics, geolocation).
• Align U.S. privacy and cybersecurity practices with PMI’s global frameworks by partnering closely with global legal, digital, commercial, IT, and market teams.
• Build strong relationships with cross‑functional stakeholders, serving as a trusted advisor who provides practical, risk‑based guidance.
• Communicate complex technical and legal concepts clearly to executives, business leaders, engineers, and security teams.
• Manage competing priorities with sound judgment, independence, and urgency, particularly during fast‑moving cybersecurity incidents.
• D…