Associate General Counsel & Privacy Officer (Office of Sr. Vice President & General Counsel)

Johns Hopkins University•Baltimore, MD

43d•Hybrid

About The Position

The Office of the Senior Vice President & General Counsel of Johns Hopkins University seeks applications to fill a position of Associate General Counsel & Privacy Officer (“Associate General Counsel”), which will focus primarily on advising the university on a wide range of data governance matters, including privacy, cyber and information security, digital accessibility, records management, etc., including interfacing with lead institutional officials and attorneys responsible for clinical records and data, as well as human subject records and data to ensure compliant cybersecurity and data processing procedures and guidance. As such, the individual should have deep understanding of the laws, regulations, and industry best practices in these areas in order to interface effectively with institutional officials and lawyers. . The Office of the Senior Vice President & General Counsel provides legal counsel and representation to Johns Hopkins University and all its schools, divisions, affiliates, and related entities. The office serves the legal needs of university trustees, officers, deans, directors, faculty, and staff in their official capacities. The office is also responsible for hiring and managing all outside counsel to represent the university and its units. The Associate General Counsel will report ultimately to the Senior Vice President and General Counsel, with direct reporting to the Senior Associate General Counsel and Chief Compliance Officer. In addition, the Associate General Counsel will have a dotted-line reporting obligation to the Vice Provost and Chief Risk Officer. The Associate General Counsel will provide legal advice on a full range of applicable laws and regulations related to data and records management, privacy (including consumer and educational privacy laws and regulations), cybersecurity, and digital accessibility. The Associate General Counsel will also lead the university’s non-clinical privacy compliance obligations, working closely with the Chief Information Officer, Chief Information Security Officer, Chief Risk Officer, and other officials to mitigate risk to the university through executing the daily operations of the privacy program, development, implementation and maintenance of policies and procedures, training and education, monitoring program compliance, and investigation and tracking of incidents.

Requirements

Juris Doctor Degree.
Five years of legal experience.
Bar admission in at least one U.S. state.
Satisfaction of all applicable requirements for attorneys practicing in the State of Maryland. If not licensed in Maryland, must be eligible for admission within 12 months.
Additional education may substitute for required experience and additional related experience may substitute for required education beyond a high school diploma/graduation equivalent, to the extent permitted by the JHU equivalency formula.

Nice To Haves

Experience as a practicing attorney, including specializing in privacy and data protection.
Experience working effectively with various constituencies in an extraordinarily complex, matrixed environment.
Experience providing legal counsel to an institution of higher education, and one associated with an academic medical center, in particular.
Privacy certification such as CIPP or CIPT.
Demonstrates sound judgment, critical thinking, and a commitment to ethical decision-making.
Communicates effectively across varied audiences, fostering trust and clarity in complex matters.
Maintains composure and adaptability in dynamic environments, with a proactive and innovative approach to problem-solving.
Upholds a strong sense of responsibility for safeguarding legal and privacy standards across the organization.
Ability to work with senior university leadership, including executives and faculty leadership.
Strong organizational, project management, and problem-solving skills.
Attention to detail and ability to manage a high volume of work and multiple priorities in a fast-paced environment.
Superb professional judgment and high ethical standards.
Ability to work independently in a highly complex organization.
Excellent analytical, interpersonal, and oral and written communication skills.

Responsibilities

Advise the university on legal issues related to applicable consumer and education-related privacy obligations, including but not limited to FERPA, HIPAA, GDPR, MODPA, CCPA, and other privacy and data regulations.
Collaborate with Johns Hopkins University Health System (“JHHS”) counsel and privacy officials on privacy matters that affect both JHU and JHHS.
Serve as the primary point of contact for non-clinical data privacy compliance for the university.
Revise and/or develop appropriate policies to implement safeguards to protect non-clinical records and data.
Develop contractual addendums, terms and conditions, and standard clauses for compliance with evolving domestic and global privacy regulations.
Engage with data governance programs on data handling best practices.
Manage and provide advice for practices around the data governance and protection impact assessment process, data use agreements, and data management plans.
Manage the data subject access request process.
Coordinate with university IT, the University Registrar, and other offices, and serve as the point of contact for the supervisory authority, if issues arise.
Partner with the Chief Risk Officer and Deputy Chief Risk Officer to lead the university’s Incident Response Team through process development and coordination of incident and breach response, including interfacing with data security experts, outside counsel, and in-house counsel when required.
Perform other duties as assigned.