Data Privacy and Information Governance Officer
: Job Details :

DATA PRIVACY AND INFORMATION GOVERNANCE OFFICER

General Counsel's Office

Debevoise & Plimpton LLP is a premier law firm with market-leading practices, a global perspective and strong New York roots. Our clients look to us to bring a distinctively high degree of quality, intensity and creativity to resolve legal challenges effectively and cost efficiently. We believe in hiring talented and dedicated individuals as members of our administrative community. We draw on the strength of our culture and structure to deliver the best of our Firm to our lawyers and clients through true collaboration.

The Firm is seeking a full time Data Privacy and Information Governance Officer to join the Office of General Counsel. As a member of the Office of General Counsel, the Data Privacy and Information Governance Officer will oversee the firm's data privacy compliance efforts, and the ongoing development and implementation of our information governance program that manages digital and hard copy data in accordance with applicable laws, client contractual requirements and internal guidelines across the firm's U.S. and global offices.

The individual in this role will report to the firm's Office of General Counsel and Chief Information Officer. This position may be located in New York City or London, with travel to the firm's various office locations as required.

Responsibilities include but are not limited to:

Data Privacy

• Advising on applicable national, state and local data privacy laws and regulations, including the EU General Data Protection Regulation (“GDPR”), UK GDPR, HIPAA, California Consumer Privacy Act and other state laws, and monitoring for updates to regulatory guidance and statutory and case law developments in the areas of data privacy and data protection laws.
• Overseeing the firm's compliance with applicable data privacy laws and regulations in its global operations, including development and oversight of necessary processes, procedures and documentation.
• Working with the firm's designated Data Privacy Officers (“DPOs”) in jurisdictions where they are required to be appointed.
• Conducting data privacy impact assessments and transfer impact assessments as needed.
• Reviewing and negotiating data processing agreements and Standard Contractual Clauses in connection with vendor engagements.
• Managing responses to data subject access, rectification and erasure requests.
• Updating relevant policies and notices addressing data privacy issues for the firm.
• Providing input and guidance as requested on related business functions, including but not limited to cyber insurance procurement, vendor management, and information systems design.
• Providing training to firm personnel on data privacy laws and compliance.
• Assisting with incident response and notifications in the event of a data breach.

Information Governance

• Overseeing the ongoing development and implementation of an information governance program that addresses client and administrative data across all repositories, focusing on risk management, retention, destruction programs and compliance.
• Working closely with the Information Services Department in designing information governance protocols in connection with increasing adoption of SaaS and GenAI tools.
• Working closely with the Records Services Manager in ensuring information governance protocols are implemented and maintained.
• Reviewing and updating firm document retention guidelines to ensure consistency with applicable laws and regulations.
• Leading initiatives to drive change in practice groups and administrative teams to encourage the adoption of electronic recordkeeping practices.
• Providing training to firm personnel on information governance protocols and compliance.
• Overseeing file transfers for lateral attorneys.
• Ensuring departing personnel comply with filing expectations prior to departure.

Requirements:

• Seven years of data privacy and information governance experience.
• J.D. from an accredited law school and admission to practice in New York or California, or qualification as a solicitor in England if the position will sit in London, is required.
• Ability to work proactively, independently and reliably under tight timeframes in a fast-paced environment.
• Ability to work effectively and collaboratively as part of a team as well as cross-functionally across the Office of the General Counsel, Information Services, Legal Support Services, Records Services and Technology Risk & Compliance.
• Excellent judgment and ability to weigh risks, develop reasoned recommendations, including risk mitigation strategies, and to provide sound advice.
• Excellent oral and written communication skills, including the ability to communicate independently and confidently with senior lawyers and other professional management.
• Comfort implementing new programs and procedures and challenging current processes.
• Strong analytical capabilities and judgment.
• Strong project management skills.
• Excellent training and presentation skills.

Preferred Qualifications:

• Prior experience working at a law firm is a significant plus.
• CIPP certification.
• Strong familiarity with Microsoft M365 and commercial document management and records systems.
• Experience leading change and managing large scale projects across a global organization.

TO APPLY:

A resume and cover letter/cover email are required to apply for this position. Please tell us where you saw this position posted. Send required materials to:

Human Resources

Taria Yarborough

HR Generalist

...@debevoise.com

Debevoise & Plimpton LLP is an equal opportunity employer. All qualified applicants will receive equal consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran or any other legally protected category in accordance with U.S. law.