Associate Counsel – Information Technology & Data Privacy

Apply now Job no: 523448
Position type: Staff Full Time
Campus: UMass President's Office
Campus Location: Beacon Street-Boston
Department: PO-General Counsel
Categories: Legal Affairs
Advertised: Eastern Daylight Time
Applications close:

Primary Work Location:

Westborough or Boston, Massachusetts; hybrid schedule as directed by the General Counsel.

Job Summary:

As a subject matter expert within the University of Massachusetts’ Office of the General Counsel, the Associate Counsel - Information Technology and Data Privacy is responsible for all University legal issues concerning Information Technology and Data Privacy.  Provides legal advice to facilitate the University’s compliance with applicable laws, regulations, and best practices.  Critical role in collaborating with cross-functional teams to implement information technology and data privacy best practices in the University System.  Responsible for providing legal advice and assistance, including concerning compliance and risk mitigation issues, to the campuses and the University System office concerning data privacy and information technology matters including, but not limited to, cyber incident matters.

Essential Functions:

  • Ensure that all University information technology functions comply with relevant laws, regulations, and industry standards, such as FERPA, FIPA, HIPAA, GDPR, CCPA, and other regional and subject matter focused data protection laws.
  • Stay current with evolving laws and regulations and ensure the company's policies, practices, and systems are compliant.
  • Take lead internal legal role concerning all University cyber incidents.  Maintain an incident response plan to effectively respond to and manage any cyber incidents.
  • Conduct and collaborate with others concerning regular audits and risk assessments to identify any potential risks and develop strategies to mitigate them.
  • Maintain clear and effective policies and procedures that address data collection, processing, storage, retention, and disposal.
  • Manage inquiries and issues relating to data privacy practices.
  • Communicate effectively with relevant stakeholders.
  • Conduct and oversee data protection impact assessments (DPIAs) to identify and address any potential risks associated with new projects, products, or initiatives.
  • Conduct and/or support internal investigations of unauthorized access to or misuse of data.
  • Provide recommendations and guidance on risk mitigation strategies.
  • Develop and deliver privacy training programs to educate stakeholders on data protection policies, procedures, and best practices.
  • Foster a culture of awareness and accountability concerning information technology and data privacy throughout the University system.
  • Coordinate with relevant stakeholders, legal teams, and regulatory authorities as necessary.
  • Evaluate and manage the information technology practices of third-party vendors and contractors concerning compliance with relevant laws and regulations.
  • Review and negotiate information technology and data privacy terms in contracts with vendors and partners.
  • Serve as the primary point of contact for information technology related legal and regulatory inquiries from external parties.

Other Functions:

  • Work collegially and collaboratively with colleagues and utilize legal office systems for tracking and managing all work matters.
  • Timely advise General Counsel and Chief Deputy General Counsel on significant issues and projects.
  • Work with and supervise external counsel on information technology matters.

Minimum Qualifications (Knowledge, Skills, Abilities, Education, Experience):

  • J.D. degree, admission to the Massachusetts bar.
  • At least 8 years of practice as an attorney, preferably in-house or at a law firm, with at least 5 years of experience in information technology and data privacy legal issues.
  • Professional certifications related to information technology, data privacy and protection, such as CIPP/E, CIPP/US, CIPM, or CIPT, are preferred.
  • Extensive knowledge of data protection laws and regulations, including GDPR, CCPA, and other regional privacy laws.
  • Proven experience in developing and implementing data privacy programs in a complex organization, preferably within the higher education, finance, technology, or software industry.
  • Strong understanding of data protection principles, information security best practices, and relevant risk management frameworks.
  • Experience conducting and overseeing internal investigations and communicating with regulatory bodies.
  • Excellent communication and interpersonal skills, with the ability to effectively collaborate with cross-functional teams and communicate privacy-related concepts to non-technical stakeholders.
  • Excellent written and oral communication and interpersonal skills and the ability to work with senior administration, faculty, and employees throughout the University.
  • Self-directed and able to work with little supervision.

Preferred Qualifications (Knowledge, Skills, Abilities, Education, Experience):

  • Higher education experience and/or in-house legal experience a plus.
  • Interest in engaging in continued professional development through internal and external means.

Working Conditions:

Standard office workplace, located in Westborough or Boston, with hybrid schedule as directed by the General Counsel; travel by car as necessary to University campuses in Amherst, Boston, Dartmouth, Lowell and Worcester as well as other in-state locations.

Additional Details:

Salary commensurate with experience up to $170,000.

Application Instructions: 

Please upload resume and cover letter in PDF

Back to search results Apply now Refer a friend

The University of Massachusetts is an Equal Opportunity/Affirmative Action, Title IX employer. All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, national origin, ancestry, age over 40, protected veteran status, disability, sexual orientation, gender identity/expression, marital status, or other protected class.