Privacy Counsel

About The Position

Requirements

• Juris Doctor (JD) degree and active bar membership in good standing
• At least 5–6 years of dedicated privacy experience, ideally including both U.S. privacy laws (CCPA/HIPAA) and international frameworks such as GDPR
• Experience implementing or managing privacy compliance programs in a corporate or professional services environment
• Demonstrated experience drafting and negotiating privacy provisions across a wide variety of agreements
• Experience handling privacy impact assessments, audits, or regulatory inquiries
• Strong Outlook, Excel and Word skills required
• Effective and succinct oral communication and clear and concise written communication
• Effective analytical, logical reasoning, and problem-solving abilities
• Experience with legal ethics and privilege issues
• Strong organizational skills and attention to detail
• Ability to manage multiple priorities in a fast-paced environment
• Demonstrated professionalism, sound judgment, and discretion
• Commitment to exceptional internal and external client service
• Demonstrated reliability and the ability to work both independently and collaboratively within a hybrid (remote and in-office) team environment.
• The Firm operates on a hybrid work schedule requiring in-office presence Tuesday through Thursday, with optional remote work permitted on Mondays and Fridays. All employees must remain available for onsite work up to five days per week as business needs dictate. This schedule is subject to change; flexibility is required

Nice To Haves

• Professional memberships or certifications in privacy (e.g., CIPP/US, CIPP/E, CIPM, CIPT) preferred

Responsibilities

• Serve as the Firm’s primary point of contact and resource for all privacy‑related issues, including HIPAA, CCPA, GDPR, and other applicable privacy frameworks.
• Review, negotiate, and draft privacy and information‑security provisions in client agreements, Outside Counsel Guidelines, vendor contracts, Business Associate Agreements, and Data Processing Addendums.
• Manage and respond to client‑driven Information Security and Data Privacy assessments, questionnaires, and audits.
• Partner with internal teams to identify privacy risks and compliance gaps; develop and implement corrective action plans to resolve issues.
• Oversee the Firm’s privacy program, including maintaining and updating the Firm’s privacy policy and ensuring firmwide compliance with data retention standards.
• Support HR with privacy considerations related to employee and candidate personal data, medical information, and access records.
• Work with Firm stakeholders to understand data flows and ensure appropriate privacy and data‑handling controls across Firm systems and processes.
• Assist in assessing and advising on privacy risks associated with new tools, technologies, and EPMO‑supported initiatives.
• Conduct privacy impact assessments and support audits, regulatory inquiries, and data incident responses as needed.
• Act as an issue spotter—identifying risks in complex factual scenarios and advising on mitigation strategies.
• All other duties as assigned or required.

Benefits

• A full range of medical, financial and/or other benefits dependent on the position will also be offered.