The Legal Division's mission is to advance and protect the interests of the firm by providing the highest quality legal advice. Central to our mission is the identification and provision of advice with respect to the resolution of legal, regulatory and reputational risks. As part of the firm’s second line of defense, Legal helps ensure that the firm’s activities are conducted within the boundaries of the law and consistent with preserving and enhancing the firm’s reputation.
Data Protection and Privacy Group
Provides legal, regulatory and reputational advice on data protection, cybersecurity and privacy matters across all divisions globally.
The role sits within the Privacy Legal team and will be one of two U.S.- based lawyers responsible for Data Protection and Privacy matters globally (in conjunction with two other team members in London).
- Provide pragmatic and actionable privacy legal advice to business leaders, engineers, and legal counterparts to enable firm business, including the firm’s consumer / retail financial services businesses, marketing, and online advertising activities
- Advise on matters pertaining to employee privacy (including monitoring programs, data analytics issues, notice and consent requirements, etc.)
- Analyze data security incidents and make determinations as to whether any notifications are required. Draft / review such notifications
- Review and negotiate data protection and information security terms in vendor agreements, confidentiality agreements, etc.
- Monitor and respond to developments in privacy and information security (i.e., new laws, regulations, important case decisions, regulatory guidance, etc.)
- Support deal teams on privacy diligence in investments and acquisitions, and integration activities upon acquisition
- Review and revise existing policies and procedures regarding privacy
- Assist in responding to requests to exercise data subject rights (e.g. access, deletion, etc.)
- Collaborate with colleagues in Legal and Compliance globally, including in EMEA and Asia, to promote consistent data protection / privacy practices globally and uplift existing programs to address new privacy laws, regulations, and interpretations
- Prepare training materials for use online, via videoconference and in live sessions
- Legal degree
- Minimum 5 years’ solid experience counseling on compliance with a full range of S. federal and state privacy laws, specifically including GLBA and state financial privacy laws; evaluating and responding to data security incidents; drafting privacy policies and notices; and drafting and/or negotiating privacy-related contractual provisions.
- Good leadership skills, demonstrated project management experience.
- Effective communicator; team player.
- Experience as an associate at a law firm with a respected privacy counseling practice, at a large company in the financial industry, or a combination of both, strongly preferred
- Experience with web/mobile privacy matters (e.g., on-line behavioral advertising) a plus
- Experience with information security / cybersecurity a plus
- Experience with GDPR counseling / familiarity with ex-U.S. privacy laws a plus
- Experience managing privacy & cybersecurity due diligence in M&A transactions a plus
Application Submission Information: