Dir, Global Data Protection and Technology Counsel

Job Summary

The Director, Global Data Protection and Technology Counsel serves as the primary legal support resource for Information & Digital Solutions (IDS) and International Technology teams, including contract negotiation and approval, and secondary support to the Marketing team.  This position will advise on technology compliance strategies, including data privacy, data governance, data security, data breach, artificial intelligence, and digital advertising and marketing, interfacing with senior leadership and executive team members to advise and educate. This position will report to the Senior Director, Global Marketing Counsel and Director of Intellectual Property and will be a member of Papa John’s legal department.

Duties and Responsibilities (other duties as assigned)

• •    Serve as primary legal support resource for Information & Digital Solutions (IDS) and International Technology (Int’l Tech) groups, providing day-to-day legal guidance on a wide range of operational matters, such as technology and digital development, regional and enterprise-scale projects, legal and regulatory compliance, vendor management, and transactional matters. 
  •    Manage negotiation of all IDS and Int’l Tech commercial agreements using both internal and external resources.
  •    Serve as subject-matter-expert and point of escalation for contract negotiations related to data privacy and information security, helping to ensure commercial agreements across the organization are in-line with new and emerging data privacy requirements.
  •    Maintain relationships with and provide legal guidance across the organization to senior leadership, executive team members, and the board of directors on emerging risks, requirements, trends, market impacts, and compliance innovations related to data protection, AI/ML technologies, and other technology and digital related legal and regulatory matters.
  •    Provide privacy and data protection advice on technology and digital driven solutions across the organization based on a solid Privacy-by-Design approach, and support functions in their implementation.
  •    Identify business requirements stemming from new and evolving privacy laws and other technology and digital related regulations, such as AI/ML, and lead the engagement with key policy makers and other internal stakeholders, providing thought leadership on key aspects impacting Papa John’s global business.
  •    Provide day-to-day and strategic oversight regarding the continued operation of and improvement to Papa John’s global data protection and technology compliance strategies, including updating the existing legal privacy frameworks (e.g., CPRA/CCPA, UK GDPR) and the development and implementation of additional legal frameworks establishing data driven legal, compliance, organizational and technical requirements that enable global franchise development and deeper data insights.
  •    Develop, update, and maintain policies and procedures, customer-facing resources, contract addenda, templates and contract negotiation playbooks relating to data protection and technology compliance.
  •    Work closely with IDS and Int’l Tech teams on ongoing privacy and security projects, including serving as the primary incident response attorney, shaping privacy and security awareness campaigns, identifying key risks and opportunities, participating in security ISO and SOC audits, overseeing completion of data inventory management, annual privacy audits, sub-processor disclosure updates, etc.
  •    Perform risk assessment and mitigation strategies related to data protection and technology compliance, including advising on data breach response plans and privacy impact assessments.
  •    Oversee the performance of privacy impact assessments / records of processing that align with Papa John’s internal processes and procedures.
  •    Increase awareness across all business functions regarding privacy and data protection requirements relating to Papa John’s global business through company-wide training and other initiatives.
  •    Provide litigation support for any data privacy-related litigation matters.
  •    Provide backup support to the Marketing team in relation to digital advertising matters.