Your key responsibilities
- Reviewing and negotiating privacy and data protection terms with EY clients and vendors, including data processing agreements (DPAs); data transfer, data protection and related agreements under applicable laws; and Business Associate Agreements (BAAs)
- Negotiating Data Protection addendums\contracts with third parties (professional services agreements, technology services agreements, hosting agreements, SaaS agreements)
- Working collaboratively with internal clients to develop strategies to address identified issues
- Advising client engagement teams and the relevant Service Line leaders of the key legal risks of the proposed project or contract, including the legal and regulatory issues that need to be addressed early in the process
- Interpreting and explaining contract terms and conditions for internal clients and stakeholders
- Confirming that contracts are compliant with EY policies and maintaining an understanding of the impact of any changes in EY’s policies, organizational structure and procedures
- Effectively managing workflow, including multiple projects, in a proactive and highly responsive manner
- Providing practical advice and guidance on privacy and related issues to internal clients and stakeholders, and developing solutions to such issues while effectively managing legal and practical business considerations
- Advising on applicable state, federal and international privacy laws and regulations and related matters as they relate to EY, including the EU General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), Health Insurance Portability and Accountability Act (HIPAA), EU-U.S. and DP Framework, and Binding Corporate Rules (BCRs)
- Attending GCO meetings and training sessions
- Work with a team of data protection resources.
Skills and attributes for success
We are looking for someone who has the following attributes and skills:
- Provide advice based on the appropriate balance of risk mitigation and business interests on a real-time basis
- Use of independent judgment and thinking applied to resolution of issues
- Identify the projects that require communication to and consultation within GCO or with other EY member firms or other functions (e.g. independence, finance, risk management) and advise EY internal teams and functions on how these risks can be addressed
- Escalate identified key issues and contractual provisions in accordance with EY policies/protocols
- Work independently on projects, with limited direction, and draw upon extensive knowledge and experience to deliver quality risk management
To qualify you must have
- Excellent organizational skills; demonstrated ability to create, plan and successfully execute projects; and the ability to meet multiple deadlines in a fast-paced environment
- Excellent verbal and written communication skills, and the ability to interface and communicate effectively and diplomatically with all levels of EY personnel
- High degree of cultural and emotional intelligence
- Ability to understand, and accurately articulate and document, complex concepts
- Ability to assess size and scope of contemplated transactions and to tailor approach accordingly
- Understanding of when to consult with and seek the input of others
- Ability to prioritize multiple tasks with competing deadlines
- Ability to foster teamwork and maintain effective working relationships with internal clients/stakeholders
- Responsiveness with ability to manage high workload volumes efficiently and effectively
- Commercial, solution-oriented thinking, with a focus on exceptional client service
Experience and qualification
- Data Privacy lawyer with 5-8 years of substantive experience in data privacy domain and an in-depth knowledge of U.S. and EU privacy laws – including GDPR, CCPA etc
- Experience with privacy laws and regulations (including data protection, cross-border data transfers, data retention, data sharing and incident response), negotiation techniques, transactional analysis, contract law, commercial agreements and workload/project management
- Excellent negotiation and drafting skills
- Previous experience of working in a financial or professional services environment
- Preferably relevant certifications on privacy (CIPP)
What you can look for
- You will be provided with training and coaching on the job.
- A Team of highly qualified individuals with energy and enthusiasm to learn new things in this fast-moving environment
- An opportunity to be a part of a global company and interact with privacy, legal professional and business team across the globe.
EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.