Reporting to the Chief Compliance Officer, the Lead Counsel, Cybersecurity & Privacy will lead and help mature the company’s global privacy and cybersecurity legal and compliance program, partnering closely with Legal, Information Security, IT, HR, Procurement, and business leaders across a diverse, fast-moving environment.

This position is based at Wabtec’s Headquarters in Pittsburgh, PA (in-office, hybrid work schedule).

How will you make a difference?

• As a Legal/Compliance team member, you will be responsible for supporting various company-wide projects and initiatives addressing privacy and regulatory compliance risks.
• Translate global privacy and cybersecurity requirements into practical, scalable controls for the business (including GDPR/UK GDPR, ePrivacy, and U.S. state privacy laws such as CCPA/CPRA).
• Advise on EU/UK cybersecurity and digital operations requirements (e.g., NIS2/UK NIS; emerging product/cybersecurity frameworks). Supply-chain due diligence/disclosure regimes experience is a plus.
• The successful candidate will bring excellent interpersonal skills and executive presence, with the ability to influence decisions across functions , translate complex requirements for non-technical stakeholders, and build trusted partnerships. Must be able to independently prioritize competing demands based on risk, manage deadlines, and drive outcomes in a fast-paced, global, and culturally diverse environment.
• Strategic, risk-based approach with experience scaling privacy/cybersecurity programs, building repeatable governance, and leveraging automation to improve execution.

What do we want to know about you?

• Juris Doctor (JD) degree from an accredited law school.
• Member of a state bar (in good standing).
• 7+ years of legal experience, with a focus on data privacy and cybersecurity compliance.
• Privacy and cybersecurity law experience in a global manufacturing company  (preferred).
• People leadership experience (preferred).
• Experience with privacy compliance operations and tooling (e.g., DPIAs/RoPA, DSAR intake/fulfillment, and vendor assessments; OneTrust/TrustArc a plus).
• Experience scaling and advising on third-party risk management from privacy and cybersecurity perspectives, and navigating global cybersecurity regulatory frameworks.
• Familiarity with AI governance and emerging technology legal risk (e.g., AI tool adoption, data use/security considerations) and related cross-functional governance.
• CIPP or similar certification (preferred).

What will your typical day look like?

• Develop and implement a global data privacy strategy that aligns with the company’s objectives, relevant laws and regulations, and industry best practices, including by drafting data privacy policies and procedures and internal and external facing privacy notices.
• Supervise a Data Privacy Specialist and provide strategic direction, escalation support, and governance for regional privacy resources, including managing relationships with contracted Data Protection Officers (DPOs) where used, to ensure consistent global execution while accounting for local requirements.
• Partner with HR, IT, Information Security, Procurement, and Legal to assess privacy/security risk and implement consistent, practical controls.
• Draft, review, and negotiate privacy and cybersecurity terms in commercial contracts, data processing agreements, cross-border transfer arrangements, and other privacy/security-related agreements.
• Lead/oversee DPIAs and privacy/security risk assessments; track remediation to reduce risk.
• Monitor global privacy and cybersecurity laws/regulatory developments; advise on impact and required program changes.
• Advise on AI governance and emerging technology matters (risk assessments, standards/guardrails, and vendor/tool adoption).
• Serve as a point of contact for data privacy inquiries and data subject requests from employees and external parties, including global data protection authorities.
• Lead/oversee third-party privacy and security assessments; advise on risk tiering, remediation, and contractual safeguards, and improve the program through process and automation.
• Educate and train employees on data privacy and cybersecurity, in order to foster a culture of security and privacy within Wabtec.
• Partner with Information Security/IT on security governance, policies, and response protocols.
• Support enterprise compliance training and communications to promote a culture of integrity.
• Act as lead legal counsel during cybersecurity and data incidents, providing incident response advice and support including investigation strategy, privilege considerations, engagement and management of outside counsel and forensic providers, notification decisioning, mitigation, and remediation.

This role is also eligible for a performance bonus. More information on offered benefits, which include health, welfare, and retirement, is available at mywabtecbenefits.com.

Relocation assistance may be provided if eligibility requirements are met.

Wabtec will only employ those who are legally authorized to work in the U.S. for this opening. Any offer of employment is conditioned upon the successful completion of a drug screen (as applicable) and fitness for duty test (as applicable).

Our job titles may span more than one career level. The salary rate for this role is currently $164,900 - 235,000. The actual salary offered to a candidate may be influenced by a variety of factors, such as: training, transferable skills, work experience, education, business needs, market demands and work location. The base pay range is subject to change and may be modified in the future. More information on offered benefits, which include health, welfare, and retirement, are available at mywabtecbenefits.com. Other benefit offerings for this role may include annual bonus, if eligible.

What could you accomplish in a place that puts People First?

At Wabtec, it’s not just about a job - it’s about the impact you make. When our people come together, we’re Expanding the Possible by continuously improving what we do and how we do it - for our clients and each other.

If you’re ready to revolutionize how the world moves for future generations, Wabtec is the place for you.
 

Who are we?

Wabtec is a leading global provider of equipment, systems, digital solutions, and value-added services for the freight and transit rail sectors. Drawing on more than 150 years of experience, we are leading the way in safety, efficiency, reliability, innovation, and productivity. Whether it’s freight, transit, ports, logistics, mining, industrial, or marine, our expertise, technologies, and people together – are accelerating the future of transportation. With roots that date back to George Westinghouse, Thomas Edison, and Louis Faiveley, Wabtec has always built technologies and implemented solutions for a variety of sectors that are critical to meeting the needs of customers and governments alike.

Our global team of about 30,000 employees worldwide delivers performance that moves the world forward. We’re lifelong learners, obsessed with better. Learn more at www.WabtecCorp.com.

Culture powers us and the possibilities.

We believe the best ideas come from a mix of experiences and backgrounds. At Wabtec, we strive every day to create a place where everyone belongs. We’re building a culture where leadership, inclusion and your unique perspective fuel progress.

We’re proud to be an Equal Opportunity Employer. We welcome talent of all backgrounds, experiences, and identities, including race, gender, age, disability, veteran status and more.

Need accommodation? Just let us know - we’ve got you.