Assistant General Counsel, Privacy
About the role
The Assistant General Counsel, Privacy at Memorial Sloan Kettering Cancer Center (MSK) will serve as a subject matter expert to business, clinical, and research teams across MSK. They will advise on key legal questions related to privacy by gaining detailed insight into business areas, perform detailed legal research as needed, and provide timely, effective advice. They will manage MSK's operational compliance with GDPR and other global-privacy frameworks, advise other members of the MSK legal team on data privacy laws, collaborate on transactions led by those team members, lead negotiation of HIPAA Business Associate Agreements with MSK's IT and supply chain vendors, draft, update, and regularly review consumer-facing privacy notices for MSK digital properties, advise the Development, Marketing and Communications, and other digital teams on use of cookies, pixels and other trackers on MSK digital properties, provide legal guidance to other members of the Compliance team in their management of privacy-related inquiries from patients and staff, collaborate with departments across the organization, including clinical, research, hospital administration, IT, procurement, and Information Security departments, and MSK’s AI Governance Council to develop and enhance policies governing MSK’s use of personal data (PHI, PII).
Responsibilities
- Serve as subject matter expert to business, clinical, and research teams across MSK.
- Advise on key legal questions related to privacy by gaining detailed insight into business areas.
- Perform detailed legal research as needed and provide timely, effective advice.
- Manage MSK’s operational compliance with GDPR and other global-privacy frameworks.
- Advisory support for enterprise strategic initiatives, clinical and business operations, and research matters.
- Support other members of the MSK legal team on data privacy laws.
- Collaborate with departments across the organization, including clinical, research, hospital administration, IT, procurement, and Information Security departments, and MSK’s AI Governance Council to develop and enhance policies governing MSK’s use of personal data (PHI, PII).
- Stay abreast of new domestic and global privacy and data protection requirements and assess their impact on existing operations and strategic plans.
Requirements
- Expertise in advising clients on GDPR and other global privacy frameworks, and experience with HIPAA and state privacy laws related to health information.
- Demonstrated knowledge of US privacy and data protection laws and a keen understanding of the changing US privacy legal landscape, including emerging comprehensive state privacy laws.
- Experience implementing the practical requirements of data privacy laws, including individual data subject rights and requirements for de-identification and data anonymization.
- Demonstrated understanding of technology, marketing and ad tech, emerging AI technology, and experience advising clients on use of trackers, pixels, digital consumer privacy and protection (including, e.g., TCPA, CAN-SPAM, etc.).
- Familiarity with regulatory requirements for Human Subjects Research preferred.
- An established track record of translating regulatory requirements into practical and impactful elements while supporting business strategy.
- Ability to skillfully maneuver through complex policy, process, and people-related organizational dynamics.
- A Juris Doctorate (JD) and a minimum of 5 years of direct experience advising clients on privacy law either at a law firm or as part of an in-house legal or compliance team.
- Licensed to practice in NYS or eligible for in-house registration.
Qualifications
- Privacy & Regulatory Compliance Expertise - Deep knowledge of HIPAA, GDPR, and global privacy frameworks to ensure organizational compliance and mitigate legal risk.
- Legal Research & Advisory Skills - Ability to conduct thorough legal research and provide timely, practical guidance on complex privacy and data protection matters.
- Contract Negotiation & Vendor Management - Experience leading negotiations of Business Associate Agreements (BAAs) and engaging with vendors on privacy and data security requirements.
- Cross-Functional Collaboration & Stakeholder Engagement – Proven ability to partner with clinical, research, IT, compliance, procurement, and legal teams to develop privacy-focused policies and solutions.
- Data Governance & Digital Privacy Strategy - Expertise in managing PHI/PII governance, privacy notices, cookies/trackers compliance, de-identification methodologies, and assessing the impact of evolving privacy regulations on business operations.
Core Skills
- Privacy & Regulatory Compliance Expertise
- Legal Research & Advisory Skills
- Contract Negotiation & Vendor Management
- Cross-Functional Collaboration & Stakeholder Engagement
- Data Governance & Digital Privacy Strategy
Additional Information
Report directly to the VP, Privacy Officer & Chief Privacy Counsel.
Location: 633 Third Avenue
Hybrid Flexibility to travel to other sites as needed
Helpful Links: Compensation Philosophy, Benefits Pay Range: $137,500.00 - $227,000.00 FSLA Status: Exempt