Senior Manager: Information Governance Compliance

About The Position

Requirements

• Bachelor’s degree in a related field required.
• 8+ years of experience required in IG, Risk, Compliance, or a related field.
• Relevant certifications preferred, such as IGP (Information Governance Professional), CIP (Certified Information Professional), CIPP (Certified Information Privacy Professional), or CRISC (Certified in Risk and Information Systems Controls).
• Experience within a law firm, legal department, or professional services environment strongly preferred.
• Demonstrated experience implementing and monitoring compliance programs.
• Strong understanding of data privacy, regulatory requirements, and client confidentiality obligations.
• Experience supporting audits, regulatory inquiries, or client compliance reviews.
• Ability to translate policy into practical, operational workflows.
• Experience managing or supporting legal hold programs, including governance frameworks and defensibility requirements.
• Experience developing or supporting AI governance frameworks, policies, or controls preferred.
• Demonstrated ability to lead cross-functional initiatives and influence stakeholders without direct reporting authority.
• Experience interpreting and operationalizing client requirements or OCGs preferred.
• Experience developing compliance metrics, dashboards, or executive-level reporting.
• Proficiency in Microsoft Office and M365 applications including Teams, Copilot, SharePoint, and OneDrive.
• Familiarity with IG related technologies (e.g., Microsoft Purview, iManage, Intapp, LegalKEY, iCompli) and other enterprise data platforms.
• Familiarity with data analytics or reporting tools (e.g., Power BI or similar platforms) preferred.
• Ability to influence stakeholders across functions without direct authority, building consensus and driving accountability through collaboration.
• Sound judgment and the ability to navigate ambiguity, particularly in emerging areas such as AI governance.
• Strong strategic thinking, analytical, and problem-solving skills, with the ability to connect operational details to broader risk and compliance objectives.
• Executive-level communication and reporting capability, including the ability to distill complex compliance topics into clear, actionable insights for senior leadership.
• Takes initiative and operates independently, proactively identifying risks, gaps, and opportunities for improvement.
• Anticipates stakeholder needs and exercises independent judgment to deliver solutions aligned with firm and client expectations.
• Strong written and verbal communication skills, with the ability to communicate effectively and professionally across all levels of the Firm.
• Maintains strict confidentiality and exercises discretion in handling sensitive firm and client information.
• Strong attention to detail, organizational skills, and the ability to manage multiple priorities and workstreams simultaneously.
• Ability to work under pressure and meet deadlines in an environment with shifting priorities.
• Demonstrated leadership and supervisory experience.
• Operational budget analysis and recommendations.
• Process and service-oriented with strong leadership and project management skills.

Nice To Haves

• Relevant certifications preferred, such as IGP (Information Governance Professional), CIP (Certified Information Professional), CIPP (Certified Information Privacy Professional), or CRISC (Certified in Risk and Information Systems Controls).
• Experience developing or supporting AI governance frameworks, policies, or controls preferred.
• Experience interpreting and operationalizing client requirements or OCGs preferred.
• Familiarity with data analytics or reporting tools (e.g., Power BI or similar platforms) preferred.

Responsibilities

• Translate IG policies (e.g., retention, data classification, legal holds, AI governance) into clear, actionable procedures and workflows.
• Define and document compliance standards, controls, and decision frameworks.
• Partner with IT to align policy requirements with system capabilities (e.g., Microsoft Purview, iManage).
• Identify and remediate gaps between policy requirements and current-state practices.
• Design and implement ongoing monitoring processes to assess adherence to IG policies.
• Develop and maintain dashboards and reporting to provide visibility into compliance across systems and user groups.
• Conduct periodic control testing and compliance reviews.
• Identify trends, risks, and areas of non-compliance and drive remediation efforts.
• Establish and maintain the governance framework for legal holds, including roles, responsibilities, and workflows.
• Partner with LRM to ensure legal holds are consistently implemented and managed across systems.
• Monitor compliance with legal hold requirements, including timely application and release.
• Support audit readiness and defensibility related to legal hold processes.
• Develop and manage a structured approach to reviewing and operationalizing client OCGs.
• Translate client-specific requirements (e.g., retention, notification, destruction, AI usage, data handling) into enforceable policies and workflows.
• Define and oversee processes for client notification requirements related to data destruction, where applicable.
• Maintain visibility into client-driven restrictions and ensure alignment across IG processes.
• Support the development and operationalization of the Firm’s AI governance framework, including policies, controls, and oversight mechanisms.
• Define and implement guidance for appropriate data use within AI tools, aligned with client requirements and firm policy.
• Partner with stakeholders to align data classification, labeling, and access controls with AI governance requirements.
• Establish monitoring and reporting to assess adherence to AI-related policies and identify emerging risks.
• Establish frameworks for periodic access and entitlement reviews across key systems and repositories.
• Ensure alignment between access controls, data classification, and client restrictions.
• Oversee execution of access reviews in partnership with IT and Information Security.
• Monitor and report on access-related risks and compliance gaps.
• Develop and implement a targeted, compliance-focused training program aligned to key risk areas.
• Create role-based guidance for lawyers and business services professionals.
• Support training initiatives related to retention, data handling, AI usage, and client requirements.
• Measure effectiveness of training and adjust approach based on observed behaviors and risk.
• Define and track key performance indicators (KPIs) for IG compliance.
• Deliver concise, risk-based reporting to senior leadership.
• Support governance forums and stakeholder discussions with structured insights and recommendations.
• Establish and manage processes for policy exceptions, including documentation and risk assessment.
• Perform other duties as assigned or required to meet firm goals and objectives.
• Manages processes for direct reports in regards to performance appraisals, annual compensation, goal setting and performance counselling.
• Conducts analysis of staffing levels and participation in the recruitment process.
• Able to determine and implement change processes to improve workflow efficiencies.
• Able to set priorities and delegate in an efficient manner.

Benefits

• medical/dental/vision/life/and AD&D insurance
• 401(k) savings plan
• back-up childcare and eldercare
• generous paid time off (PTO)
• opportunities for professional development and growth