Privacy and Incident Response Attorney

About The Position

Requirements

• An attorney with minimum of five (5) years' experience, three (3) years of which should be related to advising clients on privacy issues or incident response. Exceptional candidates with the necessary skill set may be eligible to be considered for the role, regardless of their level of experience.
• Proven background in privacy incident response, including investigations, notification determinations, compliance assessments, deploying industry-leading technologies and software solutions, and assisting with remediation and communication matters.
• Experience working with international teams in various time zones in a cross-functional multi-stakeholder environment.
• Self-starter with proven ability to apply sound judgment, engage directly with internal clients, manage multiple significant projects, and work well under tight time pressures.
• The candidate should be willing to work outside of normal business hours during emergency events.
• Excellent interpersonal, organizational, project management, prioritization, decision-making, and relationship management skills, and the ability to build and maintain trusted relationships.
• Strong verbal and written communication skills with the ability to interface with all levels of the organization.
• Excellent research and analytical skills.
• Strong documentation, presentation, and communication skills in a cross-functional and global role.
• Highly responsive and client relationship focused.
• Excellent attention to detail and strong and practical problem-solving abilities to deal with unforeseen events.
• Experience in successfully navigating ambiguity and fluid organizational structures.
• Juris Doctorate or equivalent law degree

Nice To Haves

• The candidate preferably should have experience working in or with global financial institutions.
• CIPP and/or other data privacy certifications is preferred.

Responsibilities

• Reviewing and responding to potential data privacy incidents
• Collaborating with in-country, business and function Legal teams to drive high quality, consistent, compliant and efficient incident response advice globally
• Supporting internal stakeholders on all aspects of incident prevention and response in data privacy events
• Developing, implementing and engaging in ongoing enhancements of Legal playbooks, checklists, decision trees, process flows, toolkits, template documentation (including notification letters) and training for members of the Legal teams engaged on privacy incidents
• Reviewing facts, relevant laws, rules and regulations, and applicable legal analysis to ensure that consideration has been given to all appropriate factors in identifying and assessing the need to make, and the manner of making, individual, regulatory and/or contractual notifications concerning data privacy and/or information security events, and supporting stakeholders' implementation of Legal's recommendations
• Supporting and using technologies and software to assist in the handling, analysis, documentation and resolution of incidents
• Escalating matters, as appropriate, to support legal and compliance risk identification and mitigation and company requirements
• Developing, and engaging in ongoing reviews of, metrics to help validate legal sufficiency, accuracy and consistency of recommendations and timeliness
• Working with and supervising outside counsel, as needed
• Assisting with other projects within the Technology, Operations & Privacy Legal team as requested and when time permits