Description:
Over the last 20 years, Ares' success has been driven by our people and our culture. Today, our team is guided by our core values – Collaborative, Responsible, Entrepreneurial, Self-Aware, Trustworthy – and our purpose to be a catalyst for shared prosperity and a better future. Through our recruitment, career development and employee-focused programming, we are committed to fostering a welcoming and inclusive work environment where high-performance talent of diverse backgrounds, experiences, and perspectives can build careers within this exciting and growing industry.Job Description:
Ares Management Corporation (NYSE: ARES) is seeking an experienced and strategic privacy and data protection attorney to join its Legal team. This role reports to the Managing Director, Associate General Counsel, Enterprise Legal. The position offers the opportunity to lead and continue maturing Ares' global privacy program within a dynamic and fast-growing alternative investment management platform.
The Senior Privacy Counsel will serve as the firm's primary legal advisor and subject matter expert on privacy, data protection and cybersecurity matters across the firm's global operations, including the United States, EMEA and APAC. The role requires a strategic, solutions-oriented lawyer who can translate complex global regulatory requirements into practical guidance for business stakeholders.
The ideal candidate will have significant experience advising financial institutions or other highly regulated organizations that process large volumes of personal data. Experience at a bank or global financial institution is strongly preferred.
Reporting:
Reports to: Associate General Counsel, Enterprise Legal
Key Responsibilities:
- Global Privacy Program Leadership
- Lead the design, implementation, and continuous improvement of the firm's global privacy and data protection program, including enterprise-wide policies, procedures and governance frameworks.
- Provide strategic oversight of privacy compliance across the firm's operations in the U.S., EMEA, APAC and LATAM, ensuring alignment with applicable local laws and regulatory expectations and partnering with local external counsel as needed.
- Coordinate with regional Legal and Compliance teams to address local privacy law requirements and implement consistent firmwide standards.
- Develop and deliver privacy training and awareness programs across the firm.
- Legal Advisory & Regulatory Compliance
- Advise the business on the application of global privacy and data protection laws, including but not limited to:
- GDPR and UK GDPR
- CCPA/CPRA and other U.S. state privacy laws
- GLBA and financial sector privacy requirements
- APAC privacy regimes (ex. Singapore PDPA)
- Monitor developments in global privacy regulations and translate regulatory changes into practical guidance for the business.
- Support expansion into new jurisdictions by advising on privacy regulatory requirements.
- Provide privacy guidance for new business initiatives and ensure that privacy considerations are incorporated using privacy-by-design principles.
- Data Governance & Risk Management
- Oversee Data Protection Impact Assessments (DPIAs) and privacy risk assessments for new systems, vendors, or processing activities.
- Establish and maintain data inventories, record retention schedules, records of processing activities, and related documentation as required by applicable regulations.
- Partner with cybersecurity and information technology teams on data protection strategy and risk mitigation.
- Provide privacy guidance on the firm's artificial guidance (AI) strategy
- Incident Response
- Advise on data breach response, investigation, and regulatory notification requirements across relevant jurisdictions.
- Serve as a key legal advisor for privacy incidents in partnership with cybersecurity, risk and compliance teams.
- Contracting & Vendor Management
- Review and negotiate privacy and data protection provisions in vendor contracts, including data processing agreements.
- Oversee privacy diligence in third-party vendor risk management processes.
Education:
- Juris Doctor (JD) from an accredited law school
- Bachelor's degree required
Required Skills & Experience:
- 8+ years of legal experience in privacy, data protection, or cybersecurity matters
- Experience in financial services, preferably at a bank, asset manager, fintech, or similarly regulated institution
- Demonstrated experience advising organizations processing large volumes of personal data
- Deep knowledge of global privacy frameworks and cross-border data transfer issues
- Experience leading enterprise privacy programs and complex cross‑functional initiatives
- Strong stakeholder management experience including interaction with senior leadership
- CIPP certification(s) preferred but not required
General Requirements:
- Experience providing practical, solutions-based legal advice and strategically collaborating with business partners to navigate legal landscapes and commercial considerations
- Ability to operate autonomously as well as part of a larger team
- Ability to plan, execute and manage projects, getting buy-in from relevant stakeholders
- Excellent interpersonal, written and verbal communication skills
- Excellent time management and organizational skills
- Excellent contract review, drafting and negotiation skills
- Critical thinker and skilled issue spotter with high attention to detail
- Ability to successfully manage/prioritize multiple priorities and competing/shifting demands
- Growth mindset with the desire to learn and take on new challenges
- Drive to further develop data privacy and protection subject matter expertise
Reporting Relationships:
Associate General Counsel, Enterprise Legal
Compensation:
The anticipated base salary range for this position is listed below. Total compensation may also include a discretionary performance-based bonus. Note, the range takes into account a broad spectrum of qualifications, including, but not limited to, years of relevant work experience, education, and other relevant qualifications specific to the role.
