Data Privacy Attorney in McLean, VA

Profile

Associate General Counsel and Chief Privacy Official
The candidate will shape and drive the company’s overall privacy and data protection posture. This role will increase company’s expertise in privacy and security, by inaugurating and growing the Center for Data Privacy and Protection, organizing current privacy and data protection efforts into a world class program, and reducing company’s overall enterprise risk. Will collaborate across the organization to ensure the successful development and maintenance of privacy policies and procedures, motivate program compliance across the corporation, investigate and track privacy-related incidents, and will monitor and respond to the evolving privacy landscape. This position is a key leader and legal adviser within the company and will serve as the central resource for managing company’s data privacy and protection efforts, including GDPR compliance and alignment to state, federal, and international frameworks, regulations, and laws. Help the organization manage data use while maintaining compliance with privacy and data security laws, regulations, and contractual agreements. Manage the organization’s overall data privacy program, develop an approach to ensure transparent awareness for internal leaders and executives about company’s risk posture related to privacy and security. Collaborate with stakeholders across all business sectors (national security, civilian, corporate) in the review of projects and related data to ensure data protection and privacy compliance and oversight of periodic information privacy risk assessment/analysis, mitigation and remediation efforts. Design and execute a plan to help pursue and attain GDPR compliance. Design and execute a plan to attain data and privacy compliance in areas where the organization plans to do work. Provide expertise on privacy and data security topics, including: a.) the evolving landscape of applicable federal and state privacy laws, and accepted and best practices, b.) the use of Personally Identifiable Information (PII) and Protected Health Information (PHI), c.) managing the related risks of 3rd party outsourcing, and d.) technology topics related to employee privacy and ethics in the workplace. Help instill and maintain a cultural focus on continuous improvement regarding privacy and data protection, including: a.) oversight of ongoing privacy training for the workforce, b.) refining and communicating policies and guidance on the privacy implications of company activities, programs, and initiatives, c.) managing privacy-related inquiries in the organization, and d.) administering a process for investigating privacy complaints. Collaborate with the information technology and infosec organization to ensure privacy-related technology and controls are defined and addressed, and to implement an ongoing process to track, investigate and report inappropriate access and/or disclosure of personal information. Monitor, track, and report on overall privacy and data protection program progress; streamline and improve processes as needed. Prepare and negotiate commercial, partnership and teaming agreements on a range of corporate topics. Identify, track, mitigate, and resolve risk issues. Exercise independent judgment and discretion in solving complex legal- and business-related issues. Leads a division or a mission-centric function that has significant impact for sponsors, partners, and/or company enterprise. Has multiple direct reports, including multiple department managers or leads a mission-centric function.

Qualification and Experience

A Juris Doctor degree required and licensed to practice law in at least one jurisdiction. Bachelor’s or Master’s degree in related field (or equivalent in combined education and experience), and/or privacy certifications preferred. should be Practicing attorney with 15+ years of related experience, including significant experience with data security and privacy. Must have significant experience drafting and negotiating commercial transactions and other legal agreements. Should have strong knowledge of GDPR, CCPA, Privacy Act, FOIA and the e-Government Act and other major privacy frameworks, security laws, rules, and regulations worldwide, plus awareness of the related policy landscape. Should have experience with incorporating state and federal information privacy laws, including HIPAA, into corporate programs. Must have experience with privacy-related technologies and emerging technologies which may impact privacy. Should have strong risk management orientation, ability to effectively steer the organization toward compliance while driving mission and business impact. Strong organization, planning, and prioritization skills are required. Knowledge of or experience with FFRDCs, research nonprofits, or government contractors preferred. Experience in InfoSec/cybersecurity and corporate privacy programs preferred. Management experience preferred.

Company info

Apply Now