Join our talent network

Associate Director of Information Governance (Privacy)

Job ID: 6816

Updated: Sep 6, 2022

Location: Chicago, IL, United States

Category: Risk Management


About Kirkland & Ellis

At Kirkland & Ellis, we are united in our ambition and drive to move forward. We share core values that help us achieve excellence: collaboration, talent empowerment, service, inclusion, respect and gratitude. Our people are our greatest asset, and we invest in the brightest talent and encourage a diversity of perspectives and strengths to create dynamic teams that operate at the pinnacle of their field. Our talented professionals show up every day knowing they will engage in meaningful work, continuous learning and professional development.

As one of the world’s leading law firms, we serve a broad range of clients with market-leading practices in private equity, M&A and other complex corporate transactions; investment fund formation and management; restructurings; high-stakes litigation and trials; and government, regulatory and internal investigations. We handle the most complicated and sophisticated legal matters because we don’t just meet industry standards, we create them. We bring innovation and entrepreneurialism to every engagement and, as a result, have long-standing client relationships with leading global corporations and financial sponsors. With 6,500 employees (including 3,000+ lawyers) operating from 18 offices across the United States, Europe and Asia, we are one of the largest law firms in the world and a top financial performer.

Essential Job Functions

The Associate Director, Information Governance (IG) position is responsible for leading, planning, executing, and supporting the overall goals and objectives associated with information governance processes and services offered across the Firm, with primary responsibility for processes, services, and projects involving data privacy compliance. This is a an IG leadership role that will lead IG management teams, individual IG staff members, and cross-functional teams comprised of Risk Management and/or other legal and administrative representatives. The individual delivers results that mitigate risks and reduce costs associated with data privacy processes, services, technologies, and projects. Under the leadership of the Director of IG (Privacy) this individual effectively manages their responsibilities, including complex legal research and analysis, in a fast-paced environment with minimal oversight while consistently meeting or exceeding work product quality standards and client service standards.

At the direction of the Director of IG (Privacy), the Associate Director of IG (Privacy) develops individual and team performance and project goals in order to achieve strategic and near-term information governance goals. This individual develops and executes project plans for the introduction of new processes and/or technologies that support privacy compliance. Performs legal, technology, and law firm industry research in the area of privacy compliance to ensure compliance with client requirements, firm policies, and legal/regulatory/business requirements.

This individual develops and maintains a highly productive and collaborative working rapport with all members of the Risk Management leadership team to ensure that IG work product and services meets or exceeds internal and external customer expectations. Serves as a back-up to other members of the IG leadership team when they are away from the office.

Essential Functions:

  • Provides advice and proposes solutions for complex and/or technical data privacy and/or information governance issues.
  • Communicates privacy vision and privacy guiding principles throughout the firm in a variety of forums (1:1, administrative meetings, practice group meetings, partner meetings, etc.).
  • Ensures written documentation of all processes associated with managing data privacy compliance is up-to-date, factually accurate, and organized in an audit-ready state.
  • Drafts, reviews and/or presents proposals, project plans, status reports, and other information in a variety of formats and styles appropriate to the audience.
  • Coaches and mentors IG and other firm personnel on the continual improvement of their knowledge relating to data privacy compliance.
  • Works directly with administrative staff and legal practitioners to document business requirements and automate privacy processes.
  • Ensures risk management personnel perform work relating to data privacy compliance in a consistent and repeatable manner.
  • Develops and executes project plans for the introduction of new processes, services and/or technologies that support data privacy compliance.
  • Performs legal, technology, and law firm research on data privacy laws, information governance, data protection, records retention requirements and other data privacy-related topics, and reports findings and recommendations to the Office of the General Counsel and other partners.
  • Periodically audits the administrative, technical, and controls in place for safeguarding personally identifiable information (PII), including protected health information (PHI).
  • Maintains up-to-date and accurate records of timelines, activities, decisions, and work product relating to data privacy compliance.
  • Reviews client and vendor business associate agreements, client standard contractual clauses and/or data processing agreements, and vendor data processing agreements.
  • Coordinates the amendment of executed client and vendor agreements to reflect new data privacy legal and contractual requirements as required by CCPA, CPRA, GDPR, HIPAA, etc.
  • Serves as a backup for the Director of Information Governance (Privacy).
  • Represents Risk Management during client assessments and incident response exercises relating to data privacy.
  • Assists with the reporting and analysis of suspected data incidents involving personally identifiable data.
  • Advises senior management and partners on the implications of new data privacy laws and their impact on the firm and its clients and vendors.
  • Advises attorneys, legal staff, and administrative personnel on how to mitigate data privacy and information governance risks.
  • Manages multi-office and/or cross-functional projects involving personal information.
  • Develops and delivers data privacy training in a variety of formats.
  • Conducts data privacy impact assessments.
  • Creates and maintains data maps relating to personal data processing and transfer.
  • Utilizes Privacy by Design principles when working with Information Technology, Security Governance and/or Risk Management teams to design new and/or enhance existing firm systems used to manage personally identifiable data.
  • Creates, manages and maintains documentation on processes relating to the intake, management, and execution of tasks to ensure timely resolution of, and compliance with, data subject requests.


Qualifications & Requirements

  • An advanced degree in information management or law is required, and a J.D. required is preferred.
  • Aptitude and interest in personnel and team management, information technologies, critical thinking, change management, customer service, and project management required.
  • In-depth knowledge of data privacy laws.
  • Experience implementing data privacy compliance programs in a business environment, preferably a law firm is preferred.
  • Ability to strategically assess data privacy risk and recommend feasible solutions that comply with legal and business requirements of the firm and its clients.
  • Ability to plan, manage and execute multiple cross-office and cross-functional projects relating to data privacy and information governance.
  • Commitment to continual performance improvement and ongoing professional development needed to develop new expertise in data privacy and information governance as legal, regulatory and business demands change.
  • Proven ability to deliver written and oral presentations to senior firm management, partners and clients on data privacy compliance and risk management. Aptitude and interest in information technologies, critical thinking, change management, customer service, and project management required.
  • Demonstrated ability and commitment to work independently and develop productive working rapport with attorneys, senior firm management, legal staff, and administrative personnel around the world.
  • CIPP/US, CIPM, CIPT, and/or CIPP/EU certification preferred.
  • Proficiency in MS Office applications is required and working knowledge of MS Project and Visio is preferred.
  • Prior experience with iManage DMS, IntApp WallBuilder, IntApp Terms of Business, and LegalKEY preferred.

How to Apply

Thank you for your interest in Kirkland & Ellis LLP.  To complete an application and submit your resume, please click "Apply Now."

Equal Employment Opportunity

All employment decisions, including the recruiting, hiring, placement, training availability, promotion, compensation, evaluation, disciplinary actions, and termination of employment (if necessary) are made without regard to the employee’s race, color, creed, religion, sex, pregnancy or childbirth, personal appearance, family responsibilities, sexual orientation or preference, gender identity, political affiliation, source of income, place of residence, national or ethnic origin, ancestry, age, marital status, military veteran status, unfavorable discharge from military service, physical or mental disability, or on any other basis prohibited by applicable law.

Closing Statement

The job postings and recruiting mailbox are for candidates only. If you are a recruiter, search firm or employment agency, and do not have a signed contract with Kirkland & Ellis LLP ("K&E") and have not been asked specifically to submit candidates, you will not be compensated in any way for your referral of a candidate even if K&E hires the candidate. Direct contact with K&E employees in an attempt to present candidates is inappropriate and will be a factor in determining any future professional relationship with the Firm. #LI-Hybrid