Privacy, Cybersecurity & Data Governance Counsel - 14814

Description :

Position Summary : Under the direction of the Deputy Counsel Chief Privacy Officer (CPO), the Privacy, Cybersecurity & Data Governance Counsel (Privacy Counsel) will engage in difficult and complex legal and policy work that has significant legal, operational and policy impact for the New York City Department of Education (NYC DOE) and the students it serves.

The Privacy Counsel will serve within the NYC DOE’s Office of the General Counsel (OGC), joining a team of high-performing, collaborative and dedicated legal and compliance professionals who serve as in-house counsel to the nation’s largest school district and New York’s largest employer and government agency.

The Privacy Counsel will help develop and implement a data privacy program for the NYC DOE; will support and advise agency leadership on related privacy cybersecurity, data governance and records management issues;

and will assist the CPO in addressing related matters.

Reports to : Deputy Counsel / CPO, Privacy

Direct Reports : None

• Key Relationships : Chancellor’s Office; Office of the Chief Administrative Officer, including OGC, the Division of Information and Instructional Technology (DIIT), Contracts and Purchasing, and the Division of Human Capital;
• Office of the Chief School Operations Officer; Office of the First Deputy Chancellor; Office of the Chief Academic Officer, including the Research Policy and Support Group (RPSG);
• Division of School Climate and Wellness; Division of School Planning and Development; Division of Early Education and Student Enrollment;

Division of Community Empowerment, Partnership and Communications; NYC Mayor’s Office for Information Privacy; NYC Law Department.

Responsibilities

At the direction and under the supervision of the CPO, the attorney may perform any or all of the following functions and duties :

Privacy Program Development, Implementation and Administration Helps to develop, implement and administer a robust privacy, cybersecurity and data governance program.

Drafts and advises on related regulations, policies, procedures, guidance and internal and external communications.Helps implement and administer the NYC DOE-wide data privacy training programDevelops, conducts and / or reviews internal and external privacy impact assessments, data lifecycle management procedures, and appropriate internal data access controls.

Promotes a culture of high data privacy ethics standards and responsibility.

Legal counsel Provides legal advice concerning privacy laws and regulations that impact the NYC DOE, including the Family Educational Rights and Privacy Act (FERPA) and NY Education Law 2-d.

Provides legal advice to DOE senior leadership and other stakeholders on the DOE’s privacy, cybersecurity security, data management and data governance strategies and practices.

Advises NYC DOE schools, programs and offices on privacy and cybersecurity perspectives in the development or use of new technology, products and applications.

Supports building privacy and data security from the ground up and helps foster a privacy by design way of working.

• Conducts in-depth legal research as assigned; stays current on all applicable laws, regulations and industry best practices.
• Transactional Work and Third Party Privacy Compliance and Data Management Drafts and reviews privacy-related provisions and agreements, including non-disclosure agreements, data use agreements, and memoranda of understanding Participates in negotiations with vendors, community based organizations and other entities regarding data privacy and cybersecurity compliance and contractual provisionsConducts and / or reviews data privacy and cybersecurity impact assessments or similar analyses of third party practicesReviews third party privacy policies, terms of use and other third party materials for compliance with applicable laws, regulations and DOE policies / best practices
• Cybersecurity Works closely with DIIT and other stakeholders in the review and coordination of potential privacy or data security incidents, including incident investigations, identifying impacted data subjects, notification and other resolution effortsDrafts incident notification communicationsAdvises the NYC DOE on risk mitigation initiatives and enhancing incident readiness and response
• Regulator Inquiries, Litigation External Data Requests and Complaints Addresses privacy- and cyber-security related complaints received from third partiesProvides legal support for external and internal investigations into alleged privacy violationsActs as liaison to other government agencies that have launched investigations or are handling complaints, including the US Department of Education, the NY State Education Department and the NYC Special Commissioner of Investigation for the NYC School DistrictAdvises DOE offices on requests for records by data subjects and third parties releases to ensure compliance with applicable privacy laws, including consent and identity verification proceduresRepresents the NYC DOE or acts as liaison in related litigation or administrative hearings
• Data Governance and Data Lifecycle Management Advises the NYC DOE on information governance and data lifecycle management related matters, including data minimization, records management, record retention and data destructionAssists with e-discovery and litigation / responses to regulatory actions relating to cybersecurity and privacy, and supports e-discovery work within OGC as assigned
• Inter-Agency Collaboration Collaborates with key external stakeholders, including other city agencies, in fostering sound citywide privacy and data security practicesRepresents the DOE in meetings on privacy and data security-related matters with other government agencies and other parties, when appropriate.

Coordinates with legal, regulatory and technology risk management colleagues in other agencies and jurisdictions on developments in privacy and cybersecurity and information security law and regulatory guidance

Other May coordinate the related work of support staffSupports the General Counsel and other OGC senior leadership in other legal matters as assignedLeads or participates in special projects as assignedPerforms related work as assigned

Qualification Requirements :

Minimum

Admission to the New York State Bar and three (3) years of progressively responsible United States legal experience subsequent to admission to any state bar.

NOTE : Selected candidates must remain members of the New York State Bar in good standing for the duration of their employment.

Preferred

• Experience with education-related privacy and cybersecurity laws and issues, including with data incident response, compliance, and investigations.
• Certified Information Privacy Professional certification.
• Excellent written / verbal communication, including the ability to write clearly and concisely.
• Comfort with technology-related matters and a strong desire to counsel key NYC DOE stakeholders on complicated privacy and cybersecurity issues.
• Transactional and compliance experience, including excellent negotiation skills.
• Strong project management experience.
• Strong knowledge of Microsoft Office, particularly Word, Excel, and PowerPoint.
• Ability to quickly grasp applicable law and regulations.
• Strong legal research skills and extensive contract drafting experience.

Salary : $106,607 - $111,107

Internal candidates who are selected for this position and who currently hold comparable or less senior positions within the DOE will not earn less than their current salary.)

Please include a resume and cover letter with your application.

NOTE : The filling of all positions is subject to budget availability and / or grant funding.

New York City Residency is NOT Required

We encourage all applicants from the New York City tri-state area to apply.

AN EQUAL OPPORTUNITY EMPLOYER

DOE Non- Discrimination Policy

It is the policy of the Department of Education of the City of New York to provide equal employment opportunities without regard to actual or perceived race, color, religion, creed, ethnicity, national origin, alienage, citizenship status, age, marital status, partnership status, disability, sexual orientation, gender (sex), military status, unemployment status, caregiver status, consumer credit history, prior record of arrest or conviction (except as permitted by law), predisposing genetic characteristics, or status as a victim of domestic violence, sexual offenses and stalking, and to maintain an environment free of harassment on any of the above-noted grounds, including sexual harassment or retaliation.

For more information, please refer to the DOE Non-Discrimination Policy.

Public Service Loan Forgiveness As a prospective employee of the City of New York, you may be eligible for federal loan forgiveness programs and state repayment assistance programs.

For more information, please visit the U.S. Department of Education's website at https : / / studentaid.gov / pslf / .