Our client, a top Am Law firm with a global footprint, is seeking an Associate Director of Information Governance and Privacy. This is an internal role within the firm and will be responsible for leading, planning, executing, and supporting the overall goals and objectives associated with privacy and info gov processes and services offered across the Firm, with primary responsibility for processes, services, and projects involving data privacy compliance. This role will work with the team and take ownership of operationalizing and standardizing privacy and data protection best practices firmwide. The Associate Director of Information Governance and Privacy delivers results that mitigate risks and reduce costs associated with data privacy processes, services, technologies, and projects. Under the leadership of the Director of IG (Privacy), this individual effectively manages their responsibilities, including complex legal research and analysis. Preference will be given to those with a J.D., or IAPP certification.

Essential Functions:

• Provides advice and proposes solutions for complex and/or technical data privacy and/or information governance issues
• Communicates privacy vision and privacy guiding principles throughout the firm in a variety of forums (1:1, administrative meetings, practice group meetings, partner meetings, etc.)
• Ensures written documentation of all processes associated with managing data privacy compliance is up-to-date, factually accurate, and organized in an audit-ready state
• Drafts, reviews and/or presents proposals, project plans, status reports, and other information in a variety of formats and styles appropriate to the audience
• Coaches and mentors IG and other firm personnel on the continual improvement of their knowledge relating to data privacy compliance
• Works directly with administrative staff and legal practitioners to document business requirements and automate privacy processes
• Ensures risk management personnel perform work relating to data privacy compliance in a consistent and repeatable manner
• Develops and executes project plans for the introduction of new processes, services and/or technologies that support data privacy compliance
• Performs legal, technology, and law firm research on data privacy laws, information governance, data protection, records retention requirements and other data privacy-related topics, and reports findings and recommendations to the Office of the General Counsel and other partners
• Periodically audits the administrative, technical, and controls in place for safeguarding personally identifiable information (PII), including protected health information (PHI)
• Maintains up-to-date and accurate records of timelines, activities, decisions, and work product relating to data privacy compliance
• Reviews client and vendor business associate agreements, client standard contractual clauses and/or data processing agreements, and vendor data processing agreements
• Coordinates the amendment of executed client and vendor agreements to reflect new data privacy legal and contractual requirements as required by CCPA, CPRA, GDPR, HIPAA, etc.
• Serves as a backup for the Director of Information Governance (Privacy)
• Represents Risk Management during client assessments and incident response exercises relating to data privacy
• Assists with the reporting and analysis of suspected data incidents involving personally identifiable data
• Advises senior management and partners on the implications of new data privacy laws and their impact on the firm and its clients and vendors
• Advises attorneys, legal staff, and administrative personnel on how to mitigate data privacy and information governance risks
• Manages multi-office and/or cross-functional projects involving personal information
• Develops and delivers data privacy training in a variety of formats
• Conducts data privacy impact assessments
• Creates and maintains data maps relating to personal data processing and transfer
• Utilizes Privacy by Design principles when working with Information Technology, Security Governance and/or Risk Management teams to design new and/or enhance existing firm systems used to manage personally identifiable data
• Creates, manages and maintains documentation on processes relating to the intake, management, and execution of tasks to ensure timely resolution of, and compliance with, data subject requests

Qualifications & Requirements:

• An advanced degree in information management or law is required, and a J.D. required is preferred
• Aptitude and interest in personnel and team management, information technologies, critical thinking, change management, customer service, and project management required
• In-depth knowledge of data privacy laws
• Experience implementing data privacy compliance programs in a business environment, preferably a law firm is preferred
• Ability to strategically assess data privacy risk and recommend feasible solutions that comply with legal and business requirements of the firm and its clients
• Ability to plan, manage and execute multiple cross-office and cross-functional projects relating to data privacy and information governance
• Commitment to continual performance improvement and ongoing professional development needed to develop new expertise in data privacy and information governance as legal, regulatory and business demands change
• Proven ability to deliver written and oral presentations to senior firm management, partners and clients on data privacy compliance and risk management. Aptitude and interest in information technologies, critical thinking, change management, customer service, and project management required
• Demonstrated ability and commitment to work independently and develop productive working rapport with attorneys, senior firm management, legal staff, and administrative personnel around the world
• CIPP/US, CIPM, CIPT, and/or CIPP/EU certification preferred
• Proficiency in MS Office applications is required and working knowledge of MS Project and Visio is preferred
• Prior experience with iManage DMS, IntApp WallBuilder, IntApp Terms of Business, and LegalKEY preferred

#LI-LS1
#LI-Remote