This individual coordinates responses to client requests and assessments relating to the administrative, technical, and physical controls in place to safeguard confidential client information and firm proprietary information. Also reviews client outside counsel guidelines and engagement letters as they relate to client-required information access controls, the protection of personally identifiable information (PII), records retention, and secure destruction. Coordinates input from legal case teams, security governance, and technology services personnel to address working practices and technologies used to ensure compliance with client requirements. Coordinates internal reviews, consolidates comments, summarizes issues, and proposes revisions for review by senior directors, partners, and the Office of the General Counsel. Reviews all new client matters and ensures adequate controls are in place to secure PII, including but not limited to protected health information (PHI). Liaises with client contacts and third-party vendors engaged by clients to perform information security due diligence assessments.
This individual also ensures that all risk management processes relating to the firm’s risk compliance programs relating to HIPAA and GDPR are performed in a consistent and repeatable manner. Manages all compliance documentation in an audit-ready state within the firm’s document management system. Reviews client and vendor business associate agreements and vendor data processing addendums. Designs, produces, and delivers training material used to educate lawyers and firm personnel at all levels on their risk compliance responsibilities, and other information governance topics.
Initiatives led by this individual result in the measurable reduction of costs and/or minimization of risks relating to privacy, access controls, and records disposition. This individual creates strategic plans relating to privacy compliance, and project plans for the introduction of new processes and/or technologies that support privacy compliance and client request management. Responsible for initiatives and projects that frequently span multiple offices, legal practice areas, and/or administrative departments. Identifies and proposes solutions to address new areas of risk based on the firm’s business needs, and the individual’s subject matter expertise and legal and/or law firm experience. Drafts policies, procedures, standards, and practical guidance on records and information governance processes.
Qualifications & Requirements
Qualified candidates from a variety of educational backgrounds and professional experience will be considered for this position. Candidates must have a four-year degree relating to information technology, law, compliance, business administration, and/or information management, and a minimum of five years of professional services consulting, practice support, risk management, legal, paralegal or information governance experience in a law firm. Candidates who are Certified Information Privacy Professionals are preferred.
Requires demonstrated ability to deliver measurable results on multiple initiatives, and to get things done within agreed timeframes. Must demonstrate exceptional organizational skills, communication skills, knowledge sharing, and attention to detail. This position requires a self-motivated, creative individual with a strong knowledge of legal information management and/or information governance processes and technologies. Must be capable of independently authoring and presenting professional documents, presentations, procedures, and/or educational material on information governance topics. Ability to explain complex and/or technical topics relating to information governance to those who have no prior knowledge of the firm’s systems and policies is a must.
Intermediate proficiency in MS Word, MS Excel, and MS Visio is required, and prior experience using MS SharePoint, MS Project, and RSA Archer GRC is preferred. Aptitude and interest in information technologies, critical thinking, knowledge management, change management, and project management is a must, and prior experience using and/or administering Autonomy WorkSite and LegalKEY is a plus.
Internal Number: 5094
About Kirkland & Ellis LLP
Kirkland & Ellis LLP is a preeminent, full-service law firm with offices around the world and a staff as diverse as the practice areas we support. Our clients range from Fortune 100 companies to medium and small corporations, financial institutions, and private equity firms. Known for our commitment to excellence, Kirkland strives to provide superior service to our clients as well as our fellow employees. From Information Technology to Human Resources, Paralegal Services to Business Development, Kirkland offers non-attorney professionals challenging careers in a variety of functional areas. Whether starting or growing your career, Kirkland can offer a performance-driven culture filled with bright and innovative teams of co-workers.