Description:

Hogan Lovells's Data, Privacy and Cybersecurity practice group seeks a mid‑level associate with approximately 3–5 years of experience in privacy and technology regulatory and advisory matters with a focus on health and life sciences. Our Data, Privacy and Cybersecurity practice consistently ranks among the nation's best for expertise, legal ability, client service, and business understanding. We are looking for a candidate who demonstrates strong analytical skills, excellent judgment, and the ability to take ownership of significant workstreams while collaborating closely with attorneys and clients.

Our practice supports major industry players across the health and life sciences sector, including pharmaceutical and device manufacturers, technology companies, researchers, academic medical centers, insurers, labs, health care clearinghouses, and health care providers.

Primary Responsibilities:
The associate will work on a wide range of privacy regulatory and advisory matters, including:

Regulatory compliance, including development of privacy compliance programs to meet obligations under HIPAA, state health privacy and sensitive condition laws, GINA, the Part 2 regulations, and state AI and consumer health data privacy laws, such as policies and procedures, compliance documentation, consents, and notices.
Assisting clients with privacy compliance program enhancements, such as governance structures, risk assessments, vendor/third‑party risk practices, and compliance documentation.
Regulatory analysis such as advising clients on the legal implications and requirements associated with intended data uses and data flows.
Agreement negotiation, including HIPAA business associate agreements, data processing and data use agreements, AI agreements, and privacy language in clinical trial and other research agreements.
Supporting client counseling on privacy issues arising in product development, research and clinical trials, use of data to train AI models, use of AI tools and risks and guardrails for such, commercial transactions, and cross‑border data flows.
Managing discrete workstreams and participating directly in client calls, presentations, and deliverables appropriate to a mid‑level associate.

Qualifications

3–5 years of experience in privacy, technology regulatory counseling, or related areas (law firm, government, or in‑house experience welcome).
Strong academic credentials and excellent research, writing, and oral communication skills.
Demonstrated ability to deliver clear, concise client‑ready work product in a fast‑paced environment.
Membership in or eligibility for the D.C. Bar.
Experience supporting privacy compliance and analysis in the health and life sciences space strongly preferred.
Familiarity with health privacy laws, such as HIPAA, GINA, state health privacy and sensitive condition laws, state consumer health data privacy laws, and Part 2 regulations is a plus.
Ability to manage multiple competing deadlines and work collaboratively across teams.
Please include at least one substantive writing sample related to privacy or technology matters.