Description:

Job Description:
Overview:
We are seeking a highly qualified career associate with 4–6 years of experience to join our established Cyber, Privacy & Data Innovation group. This position is open in our New York, San Francisco, Seattle, Boston, or Washington, D.C. offices.

Our Career Associate program offers top legal talent an alternative to the partner track while still providing opportunities to do cutting-edge and deeply substantive legal work. Lawyers join us as Career Associates at many stages in their careers, from recent graduates to more senior lawyers who join after practicing in other settings. These are rewarding roles if you share our passion for practicing law and delivering excellent service but seek a lower annual time commitment. The expected hours for this role are between 1,400 and 1,600.

About the Practice:
Our Cyber, Privacy & Data Innovation group sits at the intersection of regulatory compliance, transactional support, product counseling, and incident response. The team advises global companies on designing and implementing world-class privacy, cybersecurity, and AI compliance programs. Our work covers a broad spectrum of U.S. federal and state laws, international frameworks, and self-regulatory regimes -including the CCPA/CPRA, GDPR, EU AI Act, HIPAA, GLBA, FCRA, COPPA, ECPA, CAN-SPAM, TCPA, BIPA and other state biometric privacy laws, consumer health data laws, state data broker laws, and U.S. state breach notification and cybersecurity laws. The team also counsels clients on self-regulatory programs and frameworks, including NIST, ISO, and OECD frameworks for AI risk management and cybersecurity, the Payment Card Industry Data Security Standard, the EU-U.S. Data Privacy Framework, Binding Corporate Rules, APEC Cross-Border Privacy Rules, and online behavioral advertising programs such as the DAA IAB, and NAI.

The group is also at the forefront of artificial intelligence governance and emerging technology. We help clients develop flexible AI governance frameworks, design tailored AI use policies, negotiate AI-related contracts, counsel on responsible AI innovation and algorithm development, and navigate the rapidly evolving AI regulatory landscape. The team has developed innovative client-facing tools, including the Orrick AI Law Center, EU AI Act reference guide, U.S. AI Law Tracker, Gen AI Policy Builder, and Privacy in a Box.

Responsibilities:
As a career associate in this group, you will work alongside our experienced practitioners to:

Advise clients on compliance with U.S. and international privacy, cybersecurity, and AI laws and regulations, including the CCPA/CPRA, GDPR, EU AI Act, HIPAA, GLBA, FCRA, COPPA, BIPA, TCPA, CAN-SPAM, and a growing patchwork of U.S. state privacy, biometric, consumer health data, and AI laws.
Support the development and implementation of comprehensive global privacy, AI, and cybersecurity compliance programs, taking a risk-based approach to policies governing the full lifecycle of personal information.
Counsel clients on privacy, security, and AI due diligence in corporate and technology transactions, including M&A deals, IPOs, and data licensing transactions.
Draft, review, and negotiate data processing agreements, data licenses, privacy and security schedules in commercial contracts, privacy policies, terms of service, and related documentation.
Provide guidance on incident preparedness, data breach response, regulatory investigations, and government inquiries at both the state and federal levels, including matters involving the FTC.
Advise on cross-border data transfer mechanisms and strategies, including the EU-U.S. Data Privacy Framework, Binding Corporate Rules, and standard contractual clauses.
Counsel clients on AI governance matters, including the responsible development and deployment of AI-powered products, AI training data sourcing, employee AI use policies, and AI risk assessments.
Provide practical product counseling across technology industries—including PropTech, HealthTech, EdTech, adtech, automated and connected vehicles, and blockchain—integrating privacy and AI considerations into product development and change-management processes.
Manage multiple projects and deadlines simultaneously and proactively drive matters forward with minimal supervision.

Qualifications:

4-6 years of relevant experience in privacy, cybersecurity, AI, and data protection matters at a law firm or in-house legal department.
Experience advising on compliance with major privacy and data protection frameworks (e.g., CCPA/CPRA, GDPR, HIPAA, GLBA, COPPA, BIPA, CAN-SPAM, TCPA).
Experience negotiating privacy, security, and data-related terms in commercial contracts and handling all privacy and security components of corporate transactions.
Familiarity with AI regulatory developments and emerging AI governance frameworks is strongly preferred.
Excellent drafting, negotiation, analytical, and writing skills.
Proactive communication and excellent project management skills.
Superior verbal and interpersonal communication skills; ability to engage directly with clients and lead significant projects.
Strong academic credentials from a nationally recognized law school.
Ability to work effectively as part of a collaborative global team spanning multiple offices and jurisdictions.
Demonstrated aptitude for technology and understanding of online technologies, digital advertising, and emerging technologies such as artificial intelligence and machine learning.
CIPP/US, CIPT, CIPM, AIGP, or other IAPP certifications are a plus.
JD is required.
Admission to the state bar of the office in which the candidate would be located.

How to Apply:
Please apply online at https://www.orrick.com/Careers and include a resume, J.D. transcript, and cover letter.

Search firm recruiters must submit using our Search Firm Portal. Please contact recruiting@orrick.com for agreements and login credentials.

If you have any questions, please reach out to Liz Forrest, Director of US Recruiting at eforrest@orrick.com.