Job Details

Senior Data Protection Specialist (LAW FIRM)

San Fracisco, CA, United States
  • Employment Type: Direct Hire
Our client, a leading Am Law firm, is building out its internal data privacy and protection team and adding a Senior Data Protection Specialist to its team. This role is for a data protection subject matter expert, who can aid the firm in building out a world class privacy program to protect both firm and client data by identifying risks and gaps in current procedures and developing solutions and best practices. Send resumes to [email protected].

Job Description
The Senior Data Protection Specialist plays a critical role in implementing and managing processes and solutions that protect our firm and client data. This role will plan, execute, and/or support one or more projects and services relating to data protection. Leads or serves as a subject matter expert on project teams, performs data analysis and fact-finding assignments, documents results, makes recommendations regarding legacy data, and makes oral presentations and written recommendations relating to data protection to partners and Senior Risk Management leadership.

This role has primary responsibility for implementing information technologies and working practices relating to the protection of client and firm administrative data and records. Work performed by this individual results in the measurable reduction of costs and/or minimizes risks relating to data protection and data access controls. The individual in this senior position advises attorneys, paralegals and other legal staff and administrative personnel on data protection related controls and processes and delivers white glove service to all personnel, clients, and/or vendors.

In addition to serving in an advisory capacity, the Sr. Data Protection Specialist assists senior management and attorneys by identifying and containing risks relating to data and information management, and fostering a compliance culture throughout the firm. The individual maintains awareness of major changes affecting legal and business data protection, and develops material to educate senior management and partners so they may better adhere to Firm policies, provide legal services and meet their ethical obligations to their clients.

Data Protection Responsibilities
  • Assists with the development of data protection, data privacy, and compliance policies and procedures
  • Defines and builds metrics and reporting to enhance understanding of data protection program development and maturity
  • Coordinates management responses to partner requests and other internal and external requests for information relating to data monitoring, data access controls and data protection
  • Documents workflows for processes relating to data protection controls
  • Coordinates and executes periodic user data protection monitoring and reviews across multiple data repositories and departments
  • Analyzes and makes recommendations relating to all aspects of client-requested or data protection and access controls needed to protect the intellectual capital of the firm
  • Works with Risk Management leadership in the development and enhancement of processes to ensure compliance with all applicable data protection requirements
  • Assists senior management and attorneys in identifying and containing risks relating to data protection, and fostering a compliance culture
  • Assists in the coordination of management responses to partner requests and other internal and external requests for data monitoring and data access controls
  • Ensures proper data protection controls are in place for client and firm data
  • Reviews and responds to alerts involving email, web, and other channels to review policy compliance
  • Leads investigations relating to compliance with data handling policies
  • Ensures all investigations comply with Firm policies, client requirements, and applicable regulatory frameworks
  • Determines data classification of sensitive documents flagged by data protection tools and alerts
  • Identifies risks and exposures, determines the causes of data handling issues and implement changes to prevent future incidents and improve security
  • Performs data analysis, internal threat intelligence, data usage investigations, and/or threat hunting
  • Provides training, informational, and educational materials on data protection to Firm personnel


Qualifications & Requirements
  • Qualified candidates must have a four-year degree relating to information technology, law, compliance, business administration, and/or information management, and some years of professional experience
  • Candidates who have achieved Certified Data Privacy Solutions Engineer (CDPSE), GIAC Certified Incident Handler (GCIH), Certified Information Governance Professional (IGP), or Certified Information Privacy Professional (CIPP) are preferred
  • This position requires a self-motivated, creative, and detail-oriented individual with a strong knowledge of data protection processes and technologies
  • Must be capable of independently authoring and presenting technical and business information in a variety of formats and explaining complex and/or technical topics relating to data protection to those who have no prior knowledge of Firm systems, policies, and procedures
  • Strong strategic, interpersonal, communication, and critical thinking skills are required
  • Advanced aptitude and interest in information technologies, change management and project management is required, and intermediate proficiency in Microsoft’s software suite is required
  • Prior experience using and/or administering iManage WorkSite is a plus
  • Must have experience with Data Loss Prevention tools and incident handling, user activity investigation, and/or threat hunting

#LI-JB1

Interested in this job? Get in touch.

(Accepted file formats are PDF, DOC, DOCX, TXT, RTF, ODT. File size maximum is 2 MB.)