Cooley is seeking an Information Governance Regulatory and Privacy Managerto join the IS Information Governance team.

Position summary: Cooley Information Services (IS) embraces a culture of customer service excellence and all members of the department are expected to move this agenda forward. To that end, the Information Governance Regulatory and Privacy Manager is expected to recognize that the Cooley IS department is a service organization first and foremost and will be evaluated on this requirement equal in importance to the technical or operational responsibilities outlined in this document.

The Information Governance Regulatory and Privacy Manager is responsible for managing information risk and ensuring compliance with security and privacy regulation requirements through the firm's governance risk and compliance program. This includes responsibility for vendor security assessment, analysis of client security obligations, cyber security audits, data mapping, privacy regulation compliance etc. The IG Regulatory and Privacy Manager is responsible for managing the IG Regulatory and Privacy business professionals and promoting compliance and awareness of firm policies and procedures specific to governance, risk and compliance and to records and information management. Specific duties and responsibilities include, but are not limited to, the following:

Position responsibilities:

• Develop goals and objectives for IG Regulatory and Privacy team in conjunction with IG strategic planning
• Develop preliminary annual operating budgets and monitor monthly expenditures
• Apply industry principles and theories of data protection, privacy and business confidentiality to the records and information management process in coordination with IS Security
• Evaluate headcount resource requirements and provide recommendations to maximize capacity and staffing ratio efficiencies
• Manage direct report workflow, as required
• Audit and track the firm's responsibilities against Outside Counsel Guideline agreements
• Manage vendor security assessment process
• Develop and implement IG Regulatory and Privacy training programs for end users
• Develop and maintain documentation of IG Regulatory and Privacy operations procedures
• Understand all aspects of the firm's IG Policy and be able to articulate relative obligations to Firm stakeholders
• Negotiate and recommend vendor contracts for IG Regulatory and Privacy functions. Manage vendor relationships and analyze vendor relations specific to performance, contract compliance, and quality/accuracy controls to ensure business partner compliance with contract terms
• Identify projects and coordinate resources to ensure successful completion of projects and achieve organizational goals and objectives
• Conduct both internal and external audits to ensure compliance with all industry-mandate regulations
• Identify, develop, and maintain relationships to maximize support and accomplish organizational goals
• Manage operational information governance and privacy activities and the security team to enhance the firm's information governance programs in line with ISO 27001, ISO 27701, GDPR, CCPA and all applicable privacy regulations
• Maintain the firm's ISO certifications
• Assess and track the firm's compliance to existing and future global regulations in privacy and security
• Oversee a network of operational teams and vendors to maintain the information life cycle of the company's assets and be actively informed and engaged in daily information governance and privacy operations
• Implement and maintain controls and monitoring that ensure the confidentiality, integrity and availability of firm and client information
• Under guidance of the Associate Director of Information Governance and Data Privacy, assist in the procurement and implementation of technology to support information governance and privacy
• Remain current in emerging technologies and trends to manage information assets; recommend appropriate changes to improve records functions
• Manage compliance labels and polices in Microsoft O365/M365
• Oversee the installation, configuration and maintenance of IG systems and tools in accordance with firm needs, standards, and regulations
• Serve as direct supervisor and mentor to direct reports
• Provide day-to-day supervision of direct reports, ensure compliance with assigned work hours and monitor for compliance with all firm and department policies. Manage staffing coverage, review and process time logs/time off requests
• Support business professional development and continued educational opportunities
• In collaboration with immediate supervisor and CN HR, participate in hiring, performance appraisals, counseling, termination and other employee lifecycle events
• Provide mentorship as well as day-to-day supervision of direct reports, ensure compliance with assigned work hours and monitor for compliance with all firm and department policies
• All other duties as assigned or required

Skills and experience:

Required:

• Ability to work extended and/or weekend hours, as required
• Ability to travel, as required
• 5+ years directly applicable experience in the field (e.g., experience working in Records & Information Management as well as experience with one or more RIM enterprise technology solutions used for the management of both physical and electronic information, e.g., iManage Govern, HP WRM, ARM, FileSurf, LegalKey) to include 3+ years' experience in governance, risk and compliance (GRC) processes, solutions, information security and auditing
• Experience with WorkSite
• Strong technical skills relevant to IG management and document management systems (RMS/DMS), including data mapping; data conversion; document properties and metadata management (classification, coding and security); data protection, privacy and business confidentiality; and bar code technology and hardware
• Senior level candidates must have 7+ years applicable experience in the field with 2+ years of exempt/management experience in relevant roles

Preferred:

• Bachelor's degree preferably in IS, Library Science, Records or associated discipline
• Strong project management skills
• Practical experience in information security and well-rounded knowledge of information technology
• Experience evaluating the security posture of vendors and system architecture
• Experience coordinating the implementation of new technologies
• Experience working in a law firm or professional services organization
• Strong understanding of GARP (Generally Accepted Recordkeeping Principles)
• Certified Records Manager (CRM) credentials and/or Information Governance Professional (IGP) credentials
• Experience leading teams and processes surrounding data life cycle management. More specifically:
• Varonis
• O365/M365
• GSuite
• NTFS permissions
• Govern
• DLP systems (Forcepoint, CyberHaven)
• Box
• File copy/migration tools
• MS Teams configuration
• Supervisory experience

Competencies:

• Excellent verbal and written communication skills
• Exceptional customer services and interpersonal skills
• Strong organizational skills
• Ability to work effectively with all personnel
• Ability to analyze and solve problems
• Demonstrated team player
• Attention to detail
• Professional demeanor and ability to work with others
• Reliable and cooperative manner and ability to work well under pressure
• Ability to keep current with new developments, master new technologies, and adapt to change
• Comfortable working in a fast-paced environment where priorities change frequently
• Ability to exercise initiative and independent judgment
• Able to manage multiple offices in multiple locations

Cooley offers a competitive compensation and excellent benefits package and is committed to fair and equitable employment practices.

EOE.

The expected annual pay range for this position with a full-time schedule is $115,000 - $170,000. Please note that final offer amount will be dependent on geographic location, applicable experience and skillset of the candidate. Senior level candidates may be considered for this position and would be eligible for a higher salary range based on experience.

We offer a full range of elective benefits including medical, health savings account (with applicable medical plan), dental, vision, health and/or dependent care flexible spending accounts, pre-tax commuter benefits, life insurance, AD&D, long-term care coverage, backup care for children and/or adults and other parental support benefits. In addition to elective benefit options, benefited employees receive firm-paid life insurance, AD&D, LTD, short term medical benefits as well as 21 days of Paid Time Off ("PTO") and 10 paid holidays each year. We provide generous parental leave and fertility benefits. New employees will attend a detailed benefit orientation to learn more about our many benefits and resources.