The Senior Counsel role will lead a cross functional cybersecurity legal program that integrates security operations, incident response, governance, and regulatory/data privacy compliance, while advancing responsible AI security and risk management. This role serves as the legal bridge among Cybersecurity, IT, OT, Communications, HR, and Finance, ensuring the company can prevent, detect, respond to, and recover from cyber (incident response and product) incidents and AI related risks while meeting global legal and regulatory obligations. The leader will drive tabletop exercises, oversee policy/playbook development, guide product and enterprise security reviews, and act as a primary legal cyber advisor to executives during IT/OT security and AI governance events.

Key Responsibilities

Incident Readiness & Response
• Own the legal aspects of the enterprise incident response (IR) program including preparation, detection, response, recovery, and lessons learned; manage executive ready IR playbooks that clearly define roles functions.
• Contribute by assisting with the planning, deployment, and debriefing tabletop exercises with internal teams and outside firms; track remediation items through to closure and report outcomes to senior leadership and the board.
• Serve as on call executive advisor for material incidents, coordinating with security operations center, corporate event response team, outside counsel, insurers, regulators, and law enforcement as needed.
• Ensure eDiscovery, privilege, and regulatory timeline considerations are embedded in IR workflows (e.g., notification triggers, insurer engagement).
• Coordinate with Engineering and IT on AI incident reporting obligations under emerging regulations.
Security Governance, Risk & Compliance
• Contribute to cross functional Cybersecurity/IT/OT governance forums; align policy and standards with Zero Trust, identity, network, cloud, and OT security programs.
• Oversee policy lifecycle (draft, socialize, approve, measure), including AI security monitoring standards and privacy by design controls in partnership with Data Protection Privacy teams.
• Direct risk assessments for major programs and products; track risk treatment plans and KRIs/KPIs in collaboration with GRC and Internal Audit.
Regulatory & Global Counsel Integration
• Act as the executive point of contact for global cybersecurity and data protection laws (e.g., U.S. sectoral rules, EU NIS2/GDPR, China’s Cybersecurity Law), coordinating with regional counsel and external advisors to interpret obligations and translate them into operational controls.
• Lead regulatory response readiness (notifications, supervisory inquiries, exam prep) and ensure documentation/attestations are accurate and defensible.
• Track and interpret AI-related regulatory developments (EU AI Act, U.S. state AI laws) and translate them into actionable compliance requirements.
Enterprise & Product Security Reviews
• Co lead Cyber Product Review and security architecture gates for enterprise platforms and customer facing products/solutions; drive decision logs, actions, and risk acceptance processes with accountable owners (IT, Engineering, Product, Legal).
• Expand Cyber Product Reviews to include AI risk assessments for products and internal tools; ensure secure model deployment and vendor risk evaluations.
• Ensure integration, vulnerability management, and cloud security roadmaps; report progress, risks, and dependencies through executive dashboards.
Stakeholder Engagement & Communication
• Provide board/C suite briefings on AI risk and cyber posture, material risks, control maturity, and incident updates, including emerging threats and compliance obligations; craft clear, business outcome focused narratives.
• Partner with Corporate Communications to prepare proactive/reactive statements and media strategies as part of IR planning and exercises.
• Coach and enable business/function leaders to own cyber risk within their domains.

Qualifications:

Basic Qualifications:
• Juris Doctorate; licensed and in good standing to practice in at least one state
• Experience working in a global law firm and a global corporation (in-house counsel)
• Minimum of ten (10) years in cybersecurity, cyber risk, incident response, or closely related domains, with significant cross functional leadership.
• Demonstrated experience leading complex incidents/tabletops and working directly with outside counsel/insurers/regulators.
• Up to 10% travel
• Eaton will not consider applicants for employment immigration sponsorship or support for this position. This means that Eaton will not support any CPT, OPT, or STEM OPT plans, F-1 to H-1B, H-1B cap registration, O-1, E-3, TN status, I-485 job portability, etc.

Preferred Qualifications:

• Certifications: CISSP, CISM, CISA, CCSP, or relevant privacy credentials (e.g., CIPP/E, CIPP/US, CIPM).
• Experience with OT security governance and enterprise Zero Trust transformations.
• Experience working within a complex, multinational company.
• Experience within a manufacturer or other highly-engineered, physical product-based organization helpful.

Skills:

• Strong command of global cyber/data protection frameworks
• Proven ability to translate legal/regulatory obligations into executable controls and measurable program outcomes.
• Executive presence; excellent written/oral communication with board level stakeholders.