Data, Privacy and Cybersecurity – Mid-Level Associate

Hogan Lovells•Washington DC, DC

About The Position

Hogan Lovells’s Data, Privacy and Cybersecurity practice group seeks a mid-level associate with approximately 2–4 years of experience in cybersecurity, privacy, and technology regulatory matters. Our Privacy and Cybersecurity practice consistently ranks among the nation’s best for expertise, legal ability, client service, and business understanding. We are looking for a candidate who demonstrates strong analytical skills, excellent judgment, and the ability to take ownership of significant workstreams while collaborating closely with attorneys and clients. Our practice supports major industry players across many sectors including technology, life sciences, digital health, enterprise software, professional service, manufacturer, and financial services.

Requirements

2–4 years of experience in cybersecurity, privacy, technology regulatory counseling, incident response, or related areas (law firm, government, or in house experience welcome).
Strong academic credentials and excellent research, writing, and oral communication skills.
Demonstrated ability to deliver clear, concise client ready work product in a fast-paced environment.
Membership in or eligibility for the D.C. Bar.
Ability to manage multiple competing deadlines and work collaboratively across teams.
Candidates for lawyer opportunities in the U.S. must have a law degree from an ABA-accredited law school and be a member of the Bar in the United States.

Nice To Haves

Experience supporting cybersecurity incident response, breach notifications, or regulatory inquiries strongly preferred.
Familiarity with cybersecurity frameworks (e.g., NIST CSF), sector agnostic privacy/security obligations, and consumer protection enforcement trends is a plus.

Responsibilities

Cybersecurity incident response support, including fact gathering, legal analysis, strategic communications, threat actor interactions, law enforcement coordination, and addressing multi-jurisdictional notice obligations.
Regulatory interaction following cyber incidents—such as preparing regulatory responses, supporting investigations, and advising on reporting strategies and timelines.
Incident preparedness, including policy and playbook development, tabletop exercise support, red teaming and adversary simulations, vulnerability disclosure handling, and assessments of incident/breach response readiness.
Assisting clients with cybersecurity compliance program enhancements, such as governance structures, risk assessments, vendor/third party risk practices, and information security documentation.
Analysis of cybersecurity and privacy regulatory frameworks, including cross sector cybersecurity requirements, state and federal privacy and security expectations, and applicable industry standards (e.g., NIST CSF).
Supporting client counseling on cybersecurity and privacy issues arising in product development, commercial transactions, and cross border data flows.
Managing discrete workstreams and participating directly in client calls, presentations, and deliverables appropriate to a mid-level associate.