Jobs · Maryland

Associate General Counsel & Privacy Officer (Vice President & General Counsel)

The Johns Hopkins University · Baltimore, MD · 3 days ago
$136k–$238k/yrFull-time

About the role

The Office of the Senior Vice President & General Counsel of Johns Hopkins University seeks applications to fill a position of Associate General Counsel & Privacy Officer (“Associate General Counsel”). The Associate General Counsel will advise on privacy, information and cyber security, and data governance.

Responsibilities

  • Advise the university on legal issues related to applicable privacy obligations, including FERPA, HIPAA, GDPR, MODPA, CCPA, GLBA, consumer protection laws, and other applicable state, federal, and international privacy regulations.
  • Oversee the daily operations of the University’s privacy program.
  • Serve as the primary point of contact for non-clinical data privacy compliance for the university.
  • Assist in the development, implementation, and maintenance of privacy policies, procedures, and standards.
  • Help ensure privacy requirements are embedded into university operations and decision-making.
  • Monitor and assess program compliance with applicable laws, regulations, and internal policies.
  • Coordinate with university IT, the University Registrar, and other offices, and serve as the point of contact for the supervisory authority, as needed.
  • Manage the data subject access request process.
  • Develop contractual addendums, terms and conditions, and standard clauses to support compliance with evolving domestic and global privacy regulations.
  • Partner with the Chief Information Officer, Chief Information Security Officer, Chief Risk Officer, and other university officials to identify and mitigate legal and operational risk.
  • Interface with institutional officials and other stakeholders responsible for clinical records, human subject records, and related data to ensure compliant cybersecurity and data processing procedures and guidance.
  • Revise and/or develop policies and procedures to implement safeguards that protect non-clinical records and data.
  • Advises clients in responding to cybersecurity incidents and data breaches.
  • Draft cybersecurity policies and participate in tabletop exercises.
  • Partner with the Chief Risk Officer and Deputy Chief Risk Officer on the university’s Incident Response Team to support process development and coordination of incident and breach response, including coordination with the Chief Information Security Officer, other data security experts, outside counsel, and in-house counsel when required.
  • Engage with data governance programs on data handling best practices.
  • Manage and provide advice on the data governance and protection impact assessment process, data use agreements, and data management plans.
  • Advise clients on best practices related to data governance, including AI.
  • Advise on agreements and other documents related to technology, AI, data privacy, data sharing, and information security.
  • Interface with university stakeholders to support compliant data processing procedures and guidance.

Qualifications

  • Juris Doctor.
  • Five years of legal experience required.
  • Law degree from an accredited law school.
  • Bar admission in at least one U.S. state.
  • Privacy certification such as CIPP or CIPT.
  • Experience providing legal counsel to an institution of higher education, and one associated with an academic medical center, in particular, is strongly preferred.
  • Experience working effectively with various constituencies in an extraordinarily complex, matrixed environment.
  • Satisfaction of all applicable requirements for attorneys practicing in the State of Maryland.
  • If not licensed in Maryland, must be eligible for admission within twelve (12) months.
  • At least six years of experience as a practicing attorney, with at least five years of experience as an attorney specializing in privacy, cyber security/data protection, or data governance.
  • Excellent analytical, interpersonal, and oral and written communication skills.
  • Ability to work independently in a highly complex organization.
  • Superb professional judgment and high ethical standards.
  • Attention to detail and ability to manage a high volume of work and multiple priorities in a fast-paced environment.
  • Strong organizational, project management, and problem-solving skills.
  • Ability to work with senior university leadership, including executives and faculty leadership.
  • Experience in cyber-incident response, security and privacy program implementation, or AI governance.

Personal Attributes

  • Sound judgment, critical thinking, and a commitment to ethical decision-making.
  • Communicates effectively across varied audiences, fostering trust and clarity in complex matters.
  • Maintains composure and adaptability in dynamic environments, with a proactive and innovative approach to problem-solving.
  • Upholds a strong sense of responsibility for safeguarding legal and privacy standards across the organization.
  • Ability to work collaboratively as part of a team.

Similar jobs