Associate Counsel - Information Technology & Data Privacy

Primary Work Location :

Westborough or Boston, Massachusetts; hybrid schedule as directed by the General Counsel.

Job Summary :

As a subject matter expert within the University of Massachusetts' Office of the General Counsel, the Associate Counsel - Information Technology and Data Privacy is responsible for all University legal issues concerning Information Technology and Data Privacy. Provides legal advice to facilitate the University's compliance with applicable laws, regulations, and best practices. Critical role in collaborating with cross-functional teams to implement information technology and data privacy best practices in the University System. Responsible for providing legal advice and assistance, including concerning compliance and risk mitigation issues, to the campuses and the University System office concerning data privacy and information technology matters including, but not limited to, cyber incident matters.

Essential Functions :

• Ensure that all University information technology functions comply with relevant laws, regulations, and industry standards, such as FERPA, FIPA, HIPAA, GDPR, CCPA, and other regional and subject matter focused data protection laws.
• Stay current with evolving laws and regulations and ensure the company's policies, practices, and systems are compliant.
• Take lead internal legal role concerning all University cyber incidents. Maintain an incident response plan to effectively respond to and manage any cyber incidents.
• Conduct and collaborate with others concerning regular audits and risk assessments to identify any potential risks and develop strategies to mitigate them.
• Maintain clear and effective policies and procedures that address data collection, processing, storage, retention, and disposal.
• Manage inquiries and issues relating to data privacy practices.
• Communicate effectively with relevant stakeholders.
• Conduct and oversee data protection impact assessments (DPIAs) to identify and address any potential risks associated with new projects, products, or initiatives.
• Conduct and / or support internal investigations of unauthorized access to or misuse of data.
• Provide recommendations and guidance on risk mitigation strategies.
• Develop and deliver privacy training programs to educate stakeholders on data protection policies, procedures, and best practices.
• Foster a culture of awareness and accountability concerning information technology and data privacy throughout the University system.
• Coordinate with relevant stakeholders, legal teams, and regulatory authorities as necessary.
• Evaluate and manage the information technology practices of third-party vendors and contractors concerning compliance with relevant laws and regulations.
• Review and negotiate information technology and data privacy terms in contracts with vendors and partners.
• Serve as the primary point of contact for information technology related legal and regulatory inquiries from external parties.

Other Functions :

Minimum Qualifications (Knowledge, Skills, Abilities, Education, Experience) :

Preferred Qualifications (Knowledge, Skills, Abilities, Education, Experience) :

Working Conditions :

Standard office workplace, located in Westborough or Boston, with hybrid schedule as directed by the General Counsel; travel by car as necessary to University campuses in Amherst, Boston, Dartmouth, Lowell and Worcester as well as other in-state locations.

Additional Details :

Salary commensurate with experience up to $190,000.

Application Instructions :

Please upload resume and cover letter in PDF

Salary : $190,000