Director, Legal Counsel, Data Privacy and Cybersecurity

Your Opportunity

At Schwab, you’re empowered to make an impact on your career. Here, innovative thought meets creative problem solving, helping us “challenge the status quo” and transform the finance industry together.

As Director, Legal Counsel, Data Privacy and Cybersecurity, you will be a key member of Schwab’s Technology, Intellectual Property, and Contracts legal team and will provide strategic, business-focused legal counsel on privacy, cybersecurity, and data-related risk. This role requires a seasoned subject-matter expert with strong judgment, executive presence, and the ability to influence outcomes across a complex, regulated organization. The successful candidate will combine technical depth with business acumen to scale practical legal solutions, manage risk in fast-moving environments, and build trusted partnerships across the enterprise.

What you have

To ensure we fulfill our promise of “challenging the status quo,” this role has specific qualifications that successful candidates should have:

Required Qualifications

• Juris Doctor (JD), LLB, or equivalent from an accredited U.S. law school and active membership in good standing with at least one U.S. state bar.
• Eight or more years of experience advising on data privacy, cybersecurity, or complex data-related matters in-house and/or at a law firm.
• Familiarity with legal and regulatory issues applicable to financial services.
• Entrepreneurial mindset with the ability to build and sustain trusted relationships across a large organization.
• Exceptional written and verbal communication skills, including the ability to explain complex legal issues to non-legal audiences.
• Executive presence and comfort advising senior leaders.

Preferred Qualifications

• Experience advising on global and U.S. privacy regimes and developing scalable privacy and cybersecurity policies and practices.
• Experience managing and preparing for data security incidents in coordination with cross-functional teams and third-party advisors.
• Experience drafting and negotiating data protection and cybersecurity provisions in complex commercial agreements.
• Experience with or strong interest in using AI tools to streamline workstreams and scale legal advice and counsel across a large enterprise.
• Strong judgment, emotional intelligence, and client relationship management skills.
• Ability to make sound decisions under pressure and operate effectively in fast-paced, highly regulated environments.

Your responsibilities will include:

• Regulatory Compliance and Risk Advisor: Provide legal guidance on U.S. and global privacy and cybersecurity laws, regulations, and enforcement trends. Interpret evolving regulatory guidance and translate supervisory expectations into actionable legal advice. Monitor emerging issues including AI governance, data ethics, digital identity, and advanced cyber threats. Advise on privacy-by-design and security-by-design, data minimization and retention, cross-border data transfers, access controls, and other data-related issues.
• Incident Response and Cyber Events: Lead the legal response to privacy and cybersecurity incidents, including investigation, legal risk assessment, and regulatory and contractual analysis. Coordinate closely with internal stakeholders and external forensic firms, outside counsel, and crisis management advisors. Advise on notification obligations, litigation risk, and regulatory engagement arising from cyber events.
• Commercial Transactions and Technology Enablement: Advise on privacy and cybersecurity issues across commercial transactions, including vendor engagements, cloud services, SaaS platforms, fintech partnerships, strategic investments, and M&A. Draft, negotiate, and approve data protection and information security provisions in customer, vendor, and partner agreements.
• Emerging Technology and Innovation: Advise on privacy, data protection, and cybersecurity considerations related to the design, development, and deployment of artificial intelligence, advanced analytics, and other data-driven products and business models.
• Litigation and Investigations: Support the company’s management of privacy- and cybersecurity-related litigation, regulatory enforcement matters, inquiries, and internal investigations.
• Education and Enablement: Educate legal, technology, and business teams on privacy and cybersecurity requirements in a pragmatic, business-focused manner. Identify and support efforts to scale consistent, risk-based legal guidance across the enterprise.

In addition to the salary range, this role is also eligible for bonus or incentive opportunities.