Staff Attorney

Why Privacy at GM Financial?

With this role, GM Financial offers a unique opportunity to practice at the intersection of privacy, cybersecurity, and highly regulated financial services and insurance. This role supports GM Financial and General Motors Insurance by helping maintain and improve the company’s privacy program,  including incident response support, policy and procedure governance, and counseling on privacy requirements in connection with business processes, vendors, and projects.  You’ll work closely with cross‑functional partners (Cybersecurity, Compliance, IT, Procurement, and business teams) to identify and manage privacy risk in a practical, business‑forward way. It’s a great opportunity for someone who wants practical privacy work, strong cross‑functional exposure, and real ownership with senior counsel support.

At GM Financial, our team members define and shape our culture — an environment that welcomes new ideas, fosters integrity, and creates a sense of community and belonging. Here we do more than work — we thrive.

Our Purpose: We pioneer the innovations that move and connect people to what matters.

About the role

The Staff Attorney assists in providing legal work in support of the Privacy function and guidance regarding legal matters of the corporation to ensure maximum protection of its legal rights and to maintain its operations within state and federal limits. 

In this role you will:

• Support corporate compliance with all relevant federal, state and local laws, regulations and ordinances
• Assist senior attorneys in the management of outside counsel hired to obtain legal opinions
• Assist in research, review, analysis, drafting and approval of various documents, policies, procedures and obligations to which the company is or may become a party.
• Maintain up-to-date knowledge of privacy and cybersecurity law and events relevant to the company
• Support the development, implementation, and maintenance of the company’s privacy program, including practices designed to protect personal information and other applicable company data
• Maintain up-to-date knowledge of the law in areas of special interest to the company
• Support regulatory change management for privacy and cybersecurity requirements
• Collaborate with cross-functional teams at all levels of the organization (Cybersecurity, Compliance, IT, Procurement, and business stakeholders) on privacy matters, including to embed privacy requirements into new and existing processes, projects, and systems
• Assist in managing customer privacy notice revisions and processes
• Provide support for implementation of new privacy laws and requirements