Description/Job Summary

　　The Director of Data Privacy is responsible for shaping the vision and short and long-term strategy of the Firm's data privacy program, in addition to overseeing the operational execution of privacy compliance and data security initiatives. The Director will focus on protecting Firm and client data through policy development, compliance programs, client compliance reviews, and vendor/third-party assessments. Through the creation of training and awareness programming, the Director will help foster and spread a culture of data privacy and security across the Firm. Under the direction of the Office of the General Counsel (OGC) and in collaboration with various leadership teams, including but not limited to Information Governance, Information Security and Information Technology, this position is responsible for building out a global function that will continuously evolve to comply with a global legal and regulatory landscape in which the Firm operates.

　　Responsibilities/Duties

　　Serve as a data privacy advisor and as a subject matter expert for the OGC and Risk Management senior leadership

　　Develop, implement, and maintain a comprehensive data privacy program that will proactively support the operations of the Firm and ensure its practices are aligned with an evolving global legal and regulatory landscape

　　Advocate for data privacy within the Firm, communicating the importance of data protection to all personnel through a variety of forums

　　Monitor and ensure the Firm's compliance with relevant data protection laws and regulations, including HIPAA, GDPR, UK GDPR, PIPL, CPRA and the CCPA

　　Oversight of and key involvement in any privacy complaints and privacy rights requests received in relevant jurisdictions

　　Manage and maintain up-to-date written documentation of all processes and policies associated with data privacy compliance; ensure all documentation is accurate and organized in an audit-ready state

　　Coordinating and conducting data privacy audits, as appropriate

　　Liaise with local subject matter experts, including instructing external counsel as required

　　Collaborate with Information Technology and Information Governance, in order to secure personally identifiable information, including but not limited to protected health information and sensitive personal information, to ensure adequate controls are in place

　　Oversee the privacy impact assessments program for new projects, initiatives, and technologies, to identify and mitigate potential privacy risks effectively

　　Responsible for privacy evaluation and compliance review program for client and vendor/third-party agreements

　　Work directly with professional staff and legal practitioners to document business requirements and automate privacy processes

　　Train and educate Firm personnel globally on the continual improvement of their knowledge relating to data privacy compliance

　　Work with Information Technology, Information Governance and Risk Management leadership on matters related to data practices, cybersecurity and data breach management

　　Act as immediate point of contact for privacy regulators in relevant jurisdictions

　　Required Skills

　　Demonstrated understanding of evolving global data privacy laws and regulations

　　Advanced knowledge of risk management principles and practices

　　Expertise in data-related operational practices and technologies

　　Prior success leading the strategic direction and operational initiatives of a data privacy compliance program at a global law firm, multi-national corporation, or professional services firm

　　Prior experience dealing with cybersecurity and data breach issues and developing policy and compliance training initiatives

　　Demonstrated ability to lead high visibility, high impact change management initiatives

　　Ability to plan, manage and execute multiple cross-office and cross-functional initiatives relating to data privacy and information governance

　　Collaborative team player work experience working in a highly matrixed organization

　　10+ years of experience in people management and team leadership

　　Strong written and verbal communication skills; detail-oriented approach; strong time management skills; executive presence; proven track record of effective stakeholder engagement

　　Ability to exercise judgement and discretion when making decisions and influencing change

　　Preferred Skills

　　CIPP/US, CIPP/E, and/or CIPM certificationRequired Experience

　　15+ years of experience in privacy compliance, ideally in a global law firm, multi-national corporation, or professional services firmRequired Education

　　Bachelor's degree required Preferred Education

　　J.D. preferredDetails

　　Salary Information

　　The estimated base salary range for this position is $300k to $350k at the time of posting. The actual salary offered will depend on a variety of factors, including without limitation, the qualifications of the individual applicant for the position, years of relevant experience, level of education attained, certifications or other professional licenses held, and if applicable, the location in which the applicant lives and/or from which they will be performing the job. This role is exempt meaning it is not overtime pay eligible.

　　Privacy Notice

　　For information about how Simpson Thacher & Bartlett LLP collects and processes your personal information, please refer to our Privacy Notice available at https://www.stblaw.com/other/privacy-notice.

　　#LI-hybrid