Manager, Security & Privacy Compliance

The Texas state flag flies in front of the skyline of Austin.
Location:
900 South Capital of Texas Highway
Las Cimas IV, Fifth Floor
Austin
TX
78746-5546
US
Apply Now

Wilson Sonsini is the premier legal advisor to technology, life sciences, and other growth enterprises worldwide. We represent companies at every stage of development, from entrepreneurial start-ups to multibillion-dollar global corporations, as well as the venture firms, private equity firms, and investment banks that finance and advise them. The firm has approximately 1,200 attorneys in 19 offices: 14 in the U.S., three in China, and two in Europe. Our broad spectrum of practices and entrepreneurial spirit allow our staff exceptional opportunities for professional achievement and career growth.

Under the direction of the Director, Information Security Governance, Risk & Compliance, the Manager, Security & Privacy Compliance is responsible for the firm’s day-to-day implementation of compliance related policies, plans and procedures at both the department and firm level. The position also focuses on third-party vendor compliance, data compliance for CPRA and GDPR, third-party Business Impact Analysis (BIA) processes, as well as tracking the implementation and compliance with client requirements.

Essential Duties and Responsibilities:

  • Serve as the liaison to the Office of the General Council for security and privacy related matters associated with vendor contracts and associated data security and privacy agreements.
  • Establish and maintain a comprehensive third-party vendor compliance framework to ensure all external partners adhere to the organization’s security and privacy standards.
  • Conduct regular audits and assessments of third-party vendors to evaluate compliance with the organization’s policies and regulatory requirements.
  • Monitor the organization’s data handling and processing activities to ensure compliance with CPRA, GDPR, and other relevant data protection regulations.
  • Implement and manage data inventories to track the flow of sensitive information and ensure adherence to privacy laws, including the rights of data subjects under these regulations.
  • Lead the development and execution of third-party Business Impact Analysis (BIA) to identify critical systems and data, assess potential risks, and ensure effective mitigation strategies are in place.
  • Coordinate with IT and business units to ensure that BIA processes are integrated into the overall risk management framework of the organization.
  • Develop processes to identify, track, monitor and report on compliance  with client-specific security and privacy requirements.
  • Participate in developing and maintaining documentation in support of the WSGR IT Security & Risk Management Strategy.
  • Track and monitor risk related remediation plans through the WSGR risk registry, including development of plan of action milestones (POAM’s) and holding regular status reviews of remediation plans with stakeholders.
  • Assist in implementing and enforcing governance and risk policies, and audit processes, across WSGR.
  • Work closely with IT teams to ensure that all client requirements are understood, implemented, and maintained across systems.

Education and/or Work Experience Requirements:

  • M.S. Degree in Computer Science, Engineering, Information Technology, or related field of study desired. J.D. desirable but not required.
  • 7+ year’s relevant experience in risk and compliance, information security and/or privacy
  • One or more security certifications such as CIPP, CIPM CISA, CDPSD, or other relevant security or privacy certification(s) required.
  • Ability to communicate and coordinate risk related information to IT Department leaders and firm employees.
  • Must be able to communicate clearly and effectively
  • Knowledge and experience with implementing compliance related IT policies, plans and procedures within a law firm environment.
  • Knowledge of Governance Risk & Compliance (GRC) tools is highly desired.
  • Knowledge of the NIST Cybersecurity Framework (CSF)
  • Strong analytical, problem- solving, multitasking and time management skills.
  • Excellent technical writing and verbal communication skills

The compensation for this position may include a discretionary year-end merit bonus based on performance. We offer a highly competitive salary and benefits package.

Benefits information can be found here. Equal Opportunity Employer (EOE).

Apply Now