Data Protection Attorney, MUFG Americas, New York, NY

MUFG Union Bank, N.A. is seeking an enterprise level data privacy and data protection attorney with a strong focus and proven track record on data protection.


  • Analyze and apply, federal, state, and international laws and corporate policies related to data protection, applicable to the bank’s operations.
  • Advise on and help assess information-security risks associated with technology products, systems, networks, and operations in diversified financial services.
  • Identify business requirements resulting from existing, new and evolving laws, regulations, and government and industry standards and guidelines that directly or indirectly apply to information security and data protection, in the U.S. and globally; e.g., GLBA, NIST, FFIEC, PCI DSS.
  • Advise on data breach response and notification; consistent with applicable federal, state and international laws; work closely with the regulatory affairs office in managing communications, coordination, and technical assistance with federal, state, and non-U.S. officials and law enforcement.
  • Advise and work closely with information security, risk and compliance managers (including the bank’s privacy office and the incident response team) and other corporate support functions and attorneys in the above areas, and support them in the identification of risks, development of strategies and practical operational processes towards data protection (including defense, preparedness and response).
  • Assist in connection with responses to government requests for data and follow corporate policies and the bank’s interests for such responses, ensuring compliance with laws and regulations. Manage conflict of laws issues arising from cross border data requests.
  • Minimum of 8-10 years relevant experience at a major law firm or corporate legal department. Will consider candidates with 5 years of experience for those with strong data protection experience.
  • Knowledge of, and practical experience with, federal and state data protection and data breach notification laws and regulations including NYDFS’ cybersecurity regulations.
  • Strong interpersonal, organizational and problem-solving skills.
  • Ability to present complex issues in a clear and concise manner and provide succinct results-oriented legal advice.
  • Ability to work in a fast-paced, demanding and collaborative environment with many stakeholders.
  • Independent, self-starter capable of prioritizing conflicting demands and handling multiple assignments simultaneously.
  • Strong influencing and leadership skills, including decisiveness on both legal and business issues.
  • Must of JD or equivalent Law Degree.
  • Must be admitted to at least one state bar (NY or CA preferred) – active/good standing.
  • Privacy qualification or certification such as, CIPP/US, CIPM, CIPT. 

Desired Skills: 

  • Experience in global financial services and with financial regulators.
  • Familiarity with BigData, APIs; laws related to e-commerce, and mobile commerce; self-regulatory regimes like APEC, Direct Marketing Association and CTIA.
  • Proficiency in other languages.

Application Submission Information: