Director of Data Privacy
Director of Data Privacy
Essential Job Functions
The Director of Data Privacy is responsible for shaping the vision, strategy, and sustainable growth of the Firm’s data privacy program, and oversees the operational execution of privacy compliance initiatives. In collaboration with Information Governance (IG) and other Risk Management Leadership, Information Security (SecGov) and Technology (IT) teams, and under the direction of the Office of General Counsel, this position is responsible for a function that will continuously evolve to comply with a global regulatory landscape in which Firm lawyers practice and its clients do business. This individual leads a trusted team of Privacy professionals charged with protecting client and Firm data through compliance program and policy refinement, client requirement compliance reviews, training and awareness programming, vendor and third-party assessment and compliance, and fostering a culture of data privacy and security across the firm.
Essential Job Functions:
- Serves as a data privacy advisor for Risk Management senior leadership and the Office of the General Counsel.
- Articulates strategic vision for comprehensive data privacy program that will proactively support growth of the Firm and its practices aligned with an evolving global legal and regulatory landscape.
- Advocates for data privacy within the Firm, communicating the importance of data protection to all personnel through a variety of forums (1:1, administrative meetings, practice group meetings, partner meetings, etc.).
- Ensures the Firm complies with relevant data protection laws and regulations, such as HIPAA, GDPR, PIPL, CPRA and the CCPA.
- Accountable for ensuring written documentation of all processes associated with managing data privacy compliance up-to-date, factually accurate, and organized in an audit-ready state.
- In collaboration with SecGov, IT, and IG, designs mechanisms and methodologies for securing personally identifiable information (PII) including, but not limited to, protected health information (PHI), to ensure adequate controls are in place.
- Oversees the privacy impact assessments program for new projects, initiatives, and technologies, to identify and mitigate potential privacy risks effectively.
- Responsible for privacy evaluation and compliance review program for client and vendor/third-party agreements.
- Works directly with administrative staff and legal practitioners to document business requirements and automate privacy processes.
- Coaches and mentors IG and other Firm personnel on the continual improvement of their knowledge relating to data privacy compliance.
Qualifications & Requirements
- An advanced degree in information management or law is required, and a J. D. is preferred.
- 15+ years of experience in privacy compliance is required, with preference given to candidates with CIPP/US, CIPP/E, and/or CIPM certification.
- Prior success leading the strategic direction and operational initiatives of a data privacy compliance program at a global law firm, multi-national corporation, or professional services firm.
- Demonstrated understanding of evolving global data privacy laws and regulations and practical, balanced application of knowledge in a law firm.
- Ability to plan, manage and execute multiple cross-office and cross-functional projects relating to data privacy and information governance.
- 10+ years of experience in personnel management and team leadership with an aptitude and interest in personnel development.
- Exemplary communication skills; executive presence and proven track record of performing with tact and diplomacy in personal interactions; this individual confers with the Office of General Counsel and other partners, as well as client contacts and third-party vendors.
- Tech savvy with a capacity for deep understanding of data-related operational practices and technologies across the organization.
- Demonstrated ability lead high visibility, high impact change management initiatives.
- Strong commitment to collaborative work in a matrixed environment is key.
- Advanced knowledge of risk management principles and practices.
- Proficiency in Microsoft applications, (e.g., Word, Excel, PowerPoint, Teams, Visio).