Data Protection Officer

  • Location: WASHINGTON , District Of Columbia
  • Type: Direct Hire
  • Job #24399

Data Protection Officer – (Hybrid) Anywhere in U.S/Europe/Asia/Middle East

Job description
This role can be done from any country.
Our client, a very prestigious Law Firm located in D.C is looking to add an experienced Data Protection Manager to join their I.T team. They offer a very competitive salary and benefits package.
Job Description:

  • 5-7 years’ experience managing data privacy programs.
  • Minimum 3 years’ experience with US (e.g., HIPAA, CCPA), EU (GDPR), and UK (ICO) data privacy regulations.
  • Experience with other regional privacy regulations such as POPIA, PIPA, PIPL, UAE Data Protection Law, etc. a plus.
  • Experienced in matrix management across multiple functions.
  • JD preferred.
  • 4-year bachelor’s degree required.
  • At least one privacy certification such as CIPP, CIPM, CDPSE required.
  • You must be fully vaccinated against COVID-19 by your hire date to be eligible for starting in the role. Proof of vaccination will be required. Our client will provide reasonable accommodation(s) based on medical or religious grounds for qualified candidates.
  • Duties and Responsibilities:
  • Responsible for management of the Firm’s data privacy program.
  • Responsible for evaluation of the risk associated with potential personal data loss due to unintended disclosure.
  • Oversee the “privacy by design” and data protection activities of the Firm related to internal operations and client engagements.
  • Identify need for and help co-author any necessary privacy policy, process, and standards.
  • Review privacy terms for client and third-party agreements. Align operational compliance.
  • Implement procedures to ensure that third parties engaged by the Firm are compliant with the Firm’s privacy standards.
  • Conduct Data Privacy Impact Assessments (DPIA’s) on high-risk new systems, applications, workflows and third-party engagements, as appropriate.
  • Develop recommended action plans as a result of DPIAs where necessary and appropriate.
  • Respond to Data Subject Access Requests (DSAR’s) on behalf of the Firm and coordinate their resolution.
  • Prepare and maintain a high-level “enterprise personal data map” which includes Firm and third party managed personal information.
  • Define information and privacy data management framework, policy, procedures and work instructions in partnership with lawyers, IT, practice support, and administrative departments.
  • Plan and execute periodic privacy data audits to evaluate the health of prioritized enterprise data and facilitate remediation of personal data issues and defects.
  • Ensure continued compliance with Firm’s ISO27701 privacy certification.
  • Educate Firm employees about the Firm’s data privacy compliance responsibilities and obligations by designing and implementing training plans, to include information on the processing and controlling of data.
  • Track and monitor updates and developments to applicable data privacy law and regulation and make program and training changes and recommendations accordingly.
  • Act as primary point of contact within the Firm for members of staff and lawyers on data privacy matters, and as point of contact for relevant data protection authorities.
  • Work collaboratively with the CCO, CIO, CISO, and Firm management on all data privacy issues.
  • Note: As with all positions, the DPO will be required to perform other duties as deemed necessary and assigned by the Chief Compliance Officer or Firm Management.
  • Status: Exempt

Reports To: Chief Compliance Officer
Position requires access to equipment, software, or technology that is subject to U.S. export controls. To be granted access pursuant to US Export Control laws, candidate must be either (a) a United States citizen or national; (b) a person lawfully admitted for permanent residence of the United States (i.e., “Green Card” holder); or (c) an INS approved refugee or asylum holder who has applied for naturalization within six months of the date the individual first became eligible; and if not yet naturalized, is still actively pursuing naturalization if 2 years have passed since the date of application to be granted access pursuant to US Export Control laws. Candidates will be required to submit appropriate documentation to determine whether access can be granted before proceeding further through the application process.
Our Client is an Equal Opportunity Employer.
Job Type: Full-time
Salary: $156,500.00 per year

  • 401(k)
  • Dental insurance
  • Health insurance
  • Paid time off
  • Vision insurance


  • Monday to Friday

Supplemental pay types:

  • Bonus pay
Attach a resume file. Accepted file types are DOC, DOCX, PDF, HTML, and TXT.

We are uploading your application. It may take a few moments to read your resume. Please wait!