Chicago IL

Director of Data Protection

CM Legal

Director of Data Protection

Essential Job Functions
Our client positions Data Protection at the intersection of risk management, data and user analytics, data loss prevention, information classification, legal practice, and the business of law. This position is responsible for overseeing the Risk Management Data Protection team responsible for monitoring system activities and alerts; performing searches and internal collections of email, documents and/or files; incident investigation and response; data preservation and mandated destruction, emailbox access and secure file transfer compliance. The individual in this position serves as a sponsor, stakeholder, lead and/or contributor on initiatives to protect firm sensitive and client confidential data and fosters a high degree of collaboration with all firm personnel.

Essential Functions:

  • Serves as a data protection subject matter expert and advisor for Risk Management senior leadership and the Office of the General Counsel.
  • Taking a balanced approach, ensures appropriate treatment of risks, and compliance and quality assurance of work product and services.
  • Delivers executive-level summaries, findings and recommendations that effectively translate data protection threats from a technical perspective to a layperson’s understanding.
  • Develops and maintains plans, strategies, and policies that support, align with, and transform thei posture as it relates to internal collections, data protection, and other risk-related functions and services.
  • Maintains ongoing awareness and assessment of data protection vulnerabilities and threats in general and specifically related to law firms.
  • Leads, evaluates, and supports processes necessary to maintain compliance with data protection policies and controls, and fosters a compliance compliance culture.
  • Liaises with legal teams, Security Governance, Technology Services, Human Resources and Legal Recruiting and Development leads to manage and deliver e-discovery and data protection solutions.
  • Creates new data protection policies and revises existing policies, standards, processes guidelines, and other support documentation relating to data protection.
  • Clearly conveys ownership, personal interest and enthusiasm for all aspects of data protection.
  • Reviews and approves exception requests to data protection controls and data collection charters.
  • Oversees the management of legal and administrative preservation notices, destruction orders, emailbox access, and ensures compliance with secure transfer of data policies.
  • Manages vendor relationship and system specifications for the design and implementation of data protection solutions.
  • Leads team of data protection professionals. Remains continually engaged in helping individual staff and teams meet their productivity and professional development goals.
  • Maintains complete and accurate records of data protection guidance, services, decisions and other work product.

Qualifications & Requirements
Education, Work Experience, Skills

  • Bachelor's degree from an accredited four-year institution required. Information Security/Cybersecurity, Juris Doctorate or other advanced degree preferred.
  • Prior success in leading strategic data protection initiatives at a global law firm, multi-national corporation or professional services firm.
  • Executive presence required for productive partner collaboration. Proven track record of performing with tact and diplomacy in personal interactions, particularly when working under tight deadlines.
  • Demonstrated ability to deliver clear, concise and factually accurate written and oral communications tailored to the intended recipients.
  • Proven experience with gathering and documenting information from users, including attorneys and senior firm management, analyzing large volumes of unstructured data, establishing metrics and management reporting.
  • High level of personal integrity, with the ability to professionally handle confidential matters with sound judgment and maturity.
  • 10+ years of experience serving in a subject matter expert role relating to data loss protection, data breach and other cyber incident investigation, incident response, and/or e-discovery.
  • 10+ years of experience in personnel management and team leadership.
  • 5+ years of Document Management System (DMS) experience in the legal industry preferred.
  • Proficiency in Microsoft applications, (e.g., Word, Excel, PowerPoint, Teams, Visio).
  • Demonstrated ability lead high visibility, high impact change management initiatives.
  • Advanced knowledge of risk management principles and practices.
  • Working knowledge of data encryption technologies.
  • Demonstrated understanding of data protection laws and regulations and practical, balanced application of knowledge in a law firm.




  • Max. file size: 300 MB.

Every connection begins with a conversation. Begin the legal recruitment process now.