Director, Information Governance

Simpson Thacher & Bartlett LLP

New York, NY 10176

Posted 1 month ago

Job Description

Description/Job Summary


The Director of Information Governance will oversee the design, implementation, and enhancement of an information governance strategy and program to comply with privacy, confidentiality, and information-security-related laws and regulations, and Firm policies and objectives. Proactively anticipate and direct program changes to support continued compliance with the evolving information management and data protection landscape and furtherance of Firm objectives. Respond to data security incidents and enhance the Firm's data security incident response plan. The scope of information governance encompasses personal information, Firm information, systems, and infrastructure.


The ideal candidate will have an extensive background in the data privacy and data protection compliance issues facing the Firm's clients with a deep understanding of emerging domestic and international data privacy regulations (GDPR, CCPA, SEC Regs S-P & S-ID). In addition, the candidate should have a baseline understanding and/or background in the operational, business, and risk challenges facing the modern law firm and, preferably, knowledge of the systems and technology that support the Firm's practice.


Responsibilities/Duties


+ Report directly to the Firm's General Counsel, with a dotted line to the Firm's CIO and CKIO


+ Direct people and programs aligned with the Firm's risk management and operational efficiency goals


+ Establish an information management and protection framework for an effective firm-wide information governance program and direct day-to-day activities, including program objectives, policies, procedures, training, and communication


+ Develop, implement and enforce policies and supporting protocols to ensure statutory, regulatory, ethical and privacy requirements are met for the management of information assets in all formats, including hard-copy and electronic


+ Develop and implement a communications and outreach strategy to achieve awareness and integration of the program into firm-wide operations


+ Establish eligibility reporting and approval processes needed to support the routine disposition of information and records in accordance to firm policy


+ Participate as needed in the formulation of the Firm's responses to client security assessments, audits, and /or due diligence questionnaires


+ Develop methods for demonstrating success through metrics, key performance indicators, and third-party assessments


+ Identify information management and protection laws and regulations and implement actions to ensure compliance. Effectively represent the Firm's positions and advocate internal and external policy to shape the development of new laws and regulations consistent with Firm objectives


+ Develop and implement a compliance monitoring system. Coordinate a firm-wide risk assessment process to identify potential risks and control solutions. Monitor actions to identify emerging risks and close gaps


+ Create internal partnerships with key stakeholders, such Business Development, Human Resources, Knowledge and IT to influence and align business-area actions that are needed to achieve program objectives. Serve as a consultant to business functions leaders. Direct actions to ensure external stakeholders, such as suppliers, have policies and practices that are aligned with laws, regulations, and Firm programs


+ Provide oversight to an incident response team to investigate and respond to data incidents/breaches in a comprehensive and timely manner that complies fully with applicable federal and state laws and manages the impact on the Firm's brand


+ Perform leadership responsibilities, such as determining budget needs. Create and maintain an effective culture. Prepare formal communications and change management program to improve broader Firm risk awareness, revised policies, and potential impact on current working practices


+ Prepare annual budget for responsible functional areas and monitor variances.


+ Stay current with best industry practices and new developments in the area of information governance and records management


+ Participate in continuing education, research, networking, and professional and industry organizations to advance competencies


+ Perform other duties as assigned


Required Skills


+ Previous management experience in a law firm, professional services or consulting firm in developing and implementing information governance and records management programs is strongly desired


+ Ability to manage and mediate conflict and communicate across all levels of management and staff


+ One or more of the following related professional certifications preferred: Certified Records Manager (ICRM), Information Governance Professional (IGP), Project Management Professional (PMI), Certified Information Privacy Professional (IAPP), Certified Information Governance Officer (CIGO)


+ At least ten years of relevant experience in compliance, legal, privacy, information security, or related areas


+ Demonstrated experience designing, managing, and executing large-scale, firm-wide projects


+ Excellent verbal and written communication skills with the ability to influence the actions of internal stakeholders and manage relationships with external stakeholders


+ Broad knowledge of information management and protection laws, regulations, and best practices


+ Information governance experience, including in the areas of personal information, company information, systems, and infrastructure


Required Education


+ Bachelor's degree in business or related field, or a combination of education and related experience providing equivalent knowledge


Preferred Education


+ JD degree preferred



Related Jobs

    Browse Jobs | Terms & Conditions | Privacy Policy | Unsubscribe
    POWERED BY    

    POWERED BY