SAGE - Cyber/Data/Privacy Associate

Description:

Job Description:
Responsibilities:
We are seeking a highly qualified associate with 3–5 years of experience to join our established Cyber, Privacy & Data Innovation group. This position is open in our New York, San Francisco, Seattle, Boston, or Washington, D.C. offices.

About the Practice:
Our Cyber, Privacy & Data Innovation group – co-led by Shannon Yavorsky and Joe Santiesteban – sits at the intersection of regulatory compliance, transactional support, product counseling, and incident response. The team advises global companies on designing and implementing world-class privacy, cybersecurity, and AI compliance programs. Our work covers a broad spectrum of U.S. federal and state laws, international frameworks, and self-regulatory regimes -including the CCPA/CPRA, GDPR, EU AI Act, HIPAA, GLBA, FCRA, COPPA, ECPA, CAN-SPAM, TCPA, BIPA and other state biometric privacy laws, consumer health data laws, state data broker laws, and U.S. state breach notification and cybersecurity laws. The team also counsels clients on self-regulatory programs and frameworks, including NIST, ISO, and OECD frameworks for AI risk management and cybersecurity, the Payment Card Industry Data Security Standard, the EU-U.S. Data Privacy Framework, Binding Corporate Rules, APEC Cross-Border Privacy Rules, and online behavioral advertising programs such as the DAA IAB, and NAI.

The group is also at the forefront of artificial intelligence governance and emerging technology. We help clients develop flexible AI governance frameworks, design tailored AI use policies, negotiate AI-related contracts, counsel on responsible AI innovation and algorithm development, and navigate the rapidly evolving AI regulatory landscape. The team has developed innovative client-facing tools, including the Orrick AI Law Center, EU AI Act reference guide, U.S. AI Law Tracker, Gen AI Policy Builder, and Privacy in a Box.

Qualifications:

• 3–5 years of relevant experience in privacy, cybersecurity, AI, and data protection matters at a law firm or in-house legal department.
• Experience advising on compliance with major privacy and data protection frameworks (e.g., CCPA/CPRA, GDPR, HIPAA, GLBA, COPPA, BIPA, CAN-SPAM, TCPA).
• Substantial experience negotiating privacy, security, and data-related terms in commercial contracts and handling all privacy and security components of corporate transactions.
• Familiarity with AI regulatory developments and emerging AI governance frameworks is strongly preferred.
• Excellent drafting, negotiation, analytical, and writing skills.
• Proactive communication and excellent project management skills.
• Superior verbal and interpersonal communication skills; ability to engage directly with clients and lead significant projects.
• Strong academic credentials from a nationally recognized law school.
• Ability to work effectively as part of a collaborative global team spanning multiple offices and jurisdictions.
• Demonstrated aptitude for technology and understanding of online technologies, digital advertising, and emerging technologies such as artificial intelligence and machine learning.
• CIPP/US, CIPT, CIPM, AIGP, or other IAPP certifications are a plus.
• JD is required.
• Admission to the state bar of the office in which the candidate would be located.

How to Apply:
Please apply online at https://www.orrick.com/Careers and include a resume, J.D. transcript, and cover letter.

Search firm recruiters must submit using our Search Firm Portal. Please contact recruiting@orrick.com for agreements and login credentials.

If you have any questions, please reach out to Liz Forrest, Director of US Recruiting at eforrest@orrick.com.

---