Practice Area: Global Data Governance, Incident Response & Information Security Regulatory Compliance

Location: Washington, D.C., New York, NY, or Boston, MA (flex hybrid schedule - 3/2)

Salary: $310,000 to $420,000 Base Salary (Cravath-scale lockstep)

Schedule: Full-time, Direct-Hire (1,850 hours annual billable target)

Role Overview:

This position offers an exciting opportunity to engage in high-level data privacy and cybersecurity legal practices. The successful candidate will play a pivotal role in shaping data protection strategies and advising on compliance for major corporations and innovative tech companies. This role is ideal for a legal professional who excels at merging law, technology, and business strategy.

Key Responsibilities:

• Develop and implement comprehensive compliance frameworks for innovative data-driven products, ensuring compliance with US and international legal standards.
• Conduct privacy and cybersecurity due diligence for significant transactions such as mergers, acquisitions, and IPOs.
• Lead complex investigations into cybersecurity incidents, managing all stages from breach response to crisis communication and regulatory compliance.
• Represent clients in high-stakes class action lawsuits and regulatory inquiries by bodies such as the FTC, HHS, and international authorities.
• Draft and negotiate sophisticated Data Protection Agreements (DPAs) and establish robust vendor management protocols.
• Advise C-suite executives and boards on data governance, risk assessments, and enterprise-wide mitigation strategies.

Qualifications:

• Juris Doctor (J.D.) from a top-tier, ABA-accredited law school with strong academic credentials.
• Active Bar Membership in good standing in New York, D.C., and/or Massachusetts, or eligible for admission by comity.
• Five to eight years of experience specializing in privacy and cybersecurity law within a large law firm or specialized boutique setting.
• Proven track record in managing large-scale data breaches and handling federal or international regulatory investigations.
• Expertise in GDPR, CCPA/CPRA, and other relevant regulatory frameworks.

Preferred Skills:

• Certified Information Privacy Professional (CIPP/US, CIPP/E) designation is highly preferred.
• Technical proficiency or background in computer science, data analytics, or information security systems.
• Experience in fintech, healthcare (HIPAA/HITECH), or AI sectors is a significant advantage.
• Exceptional communication and drafting skills to translate complex technical risks into actionable legal advice.

Application Process:

Qualified candidates are encouraged to apply by submitting law school transcripts, a writing sample or deal sheets, and a cover letter. Please note that this posting does not constitute an offer of employment. Compensation details may vary based on location and experience and will be discussed during the interview process.