The Data Strategy, Security & Privacy team is seeking a tech-oriented associate with about 2-4 years of legal experience in cybersecurity counseling and incident response. The associate's practice would focus on proactive and reactive data protection matters, including advising on data security incidents and related regulatory investigations, as well as matters related to complying with contractual and legal obligations related to security. Although not the focus of the position, the associate may also be asked to assist the team with privacy issues from time to time. EOE. M/F/D/V. We are particularly looking for someone with a strong interest in:
  • advising clients on compliance with cybersecurity laws;
  • state, federal, and international data security incident notification obligations;
  • defending regulatory investigations related to security;
  • preparing public-facing consumer disclosures and internal company policies and procedures;
  • drafting, revising and negotiating data and technology contracts with service providers and commercial customers;
  • advising M&A deal teams and other firm colleagues on cybersecurity matters.

This candidate must reside and be barred in a jurisdiction where we currently have a U.S. office location. We are open to candidates in Atlanta, Boston, Chicago, New York City, Philadelphia, San Francisco, Tampa, or Washington DC.

This position may be filled in New York, Colorado and California. In accordance with the New York State Pay Transparency Law, New York City Human Rights Law, the Colorado Equal Pay Act, and the California Pay Transparency Law, the pay range for this position in New York State, New York City, Colorado, and California is $330,000 - $415,000/yr. This range is specific to these locations and may not be applicable to other locations. An individual's actual compensation will depend on the individual's qualifications and experience.

Job Requirements:
  • 2-4 years legal experience
  • Foundational knowledge in federal, state and foreign cybersecurity laws, including the state data breach notification laws, CCPA and similar state laws, and federal regulations such as HIPAA and the GLBA
  • Motivation to learn and understand technology and forensic investigations, to be able to both effectively interact with technically-skilled individuals and distill key issues and findings for non-technical business team members
  • Prefer experience liaising with claims counsel, outside forensic experts, credit monitoring/notice providers, and other approved vendors
  • Attention to detail and strong organizational and project management experience
  • Strong verbal and written communication skills, including the ability to draft materials in business-friendly language
  • Commitment to continue developing proficiency in cybersecurity and data privacy laws and skills
  • Admission to bar in state of practice