Job Description
The Office of the Senior Vice President & General Counsel of Johns Hopkins University seeks applications to fill a position of Associate General Counsel & Privacy Officer (“Associate General Counsel”), to serve as a trusted advisor to the University, with a primary focus on privacy, information and cyber security, and data governance. The Associate General Counsel will also advise on digital accessibility, records management, and a wide range of data related issues. As such, the individual should have deep understanding of the laws, regulations, and industry best practices in these areas in order to interface effectively with institutional officials and other stakeholders.
The Office of the Senior Vice President & General Counsel provides legal counsel and representation to Johns Hopkins University and all its schools, divisions, affiliates, and related entities. The office serves the legal needs of university trustees, officers, deans, directors, faculty, and staff in their official capacities. The office is also responsible for hiring and managing all outside counsel to represent the university and its units.
The Associate General Counsel will report directly to the Senior Associate General Counsel and Chief Compliance Officer, who in turn reports to the Senior Vice President and General Counsel of the University. The Associate General Counsel will provide legal advice on a full range of applicable laws and regulations related to data and records management, privacy (including consumer and educational privacy laws and regulations), cybersecurity, and digital accessibility. The Associate General Counsel will also help operationalize the university’s non-clinical privacy compliance obligations, working closely with the Chief Information Officer, Chief Information Security Officer, Chief Risk Officer, and other officials to mitigate risk to the university through executing the daily operations of the privacy program, development, implementation and maintenance of policies and procedures, training and education, monitoring program compliance, and investigation and tracking of incidents. The Associate General Counsel will collaborate with Johns Hopkins Health System (JHHS) counsel and privacy officials on privacy, data security, cybersecurity, and data governance matters affecting both JHU and JHHS.
Primary Duties and Responsibilities
Privacy
- Advise the university on legal issues related to applicable privacy obligations, including FERPA, HIPAA, GDPR, MODPA, CCPA, GLBA, consumer protection laws, and other applicable state, federal, and international privacy regulations.
- Oversee the daily operations of the University’s privacy program.
- Serve as the primary point of contact for non-clinical data privacy compliance for the university.
- Assist in the development, implementation, and maintenance of privacy policies, procedures, and standards.
- Serve as a resource for university departments on privacy compliance questions and program implementation.
- Help ensure privacy requirements are embedded into university operations and decision-making.
- Monitor and assess program compliance with applicable laws, regulations, and internal policies.
- Coordinate with university IT, the University Registrar, and other offices, and serve as the point of contact for the supervisory authority, as needed.
- Manage the data subject access request process.
- Develop contractual addendums, terms and conditions, and standard clauses to support compliance with evolving domestic and global privacy regulations.
Cybersecurity
- Partner with the Chief Information Officer, Chief Information Security Officer, Chief Risk Officer, and other university officials to identify and mitigate legal and operational risk.
- Interface with institutional officials and other stakeholders responsible for clinical records, human subject records, and related data to ensure compliant cybersecurity and data processing procedures and guidance.
- Revise and/or develop policies and procedures to implement safeguards that protect non-clinical records and data.
- Advise clients in responding to cybersecurity incidents and data breaches.
- Draft cybersecurity policies and participate in tabletop exercises.
- Partner with the Chief Risk Officer and Deputy Chief Risk Officer on the university’s Incident Response Team to support process development and coordination of incident and breach response, including coordination with the Chief Information Security Officer, other data security experts, outside counsel, and in-house counsel when required.
Data Governance
- Engage with data governance programs on data handling best practices.
- Manage and provide advice on the data governance and protection impact assessment process, data use agreements, and data management plans.
- Advise clients on best practices related to data governance, including AI.
- Advise on agreements and other documents related to technology, AI, data privacy, data sharing, and information security.
- Interface with university stakeholders to support compliant data processing procedures and guidance.
Additional Duties
- Perform other related duties as assigned.
Minimum Qualifications
- Juris Doctor.
- Five years of legal experience required.
- Law degree from an accredited law school.
- Bar admission in at least one U.S. state.
Preferred Qualifications
- Privacy certification such as CIPP or CIPT.
- Experience providing legal counsel to an institution of higher education, and one associated with an academic medical center, in particular, is strongly preferred.
- Experience working effectively with various constituencies in an extraordinarily complex, matrixed environment.
- Satisfaction of all applicable requirements for attorneys practicing in the State of Maryland. If not licensed in Maryland, must be eligible for admission within twelve (12) months.
- At least six years of experience as a practicing attorney, with at least five years of experience as an attorney specializing in privacy, cyber security/data protection, or data governance.
- Excellent analytical, interpersonal, and oral and written communication skills.
- Ability to work independently in a highly complex organization.
- Superb professional judgment and high ethical standards.
- Attention to detail and ability to manage a high volume of work and multiple priorities in a fast-paced environment.
- Strong organizational, project management, and problem-solving skills.
- Ability to work with senior university leadership, including executives and faculty leadership.
- Experience in cyber-incident response, security and privacy program implementation, or AI governance.
Personal Attributes
- Demonstrates sound judgment, critical thinking, and a commitment to ethical decision-making.
- Communicates effectively across varied audiences, fostering trust and clarity in complex matters.
- Maintains composure and adaptability in dynamic environments, with a proactive and innovative approach to problem-solving.
- Upholds a strong sense of responsibility for safeguarding legal and privacy standards across the organization.
- Ability to work collaboratively as part of a team.
Classified Title: Associate General Counsel
Job Posting Title (Working Title): Associate General Counsel & Privacy Officer (Vice President & General Counsel)
Role/Level/Range: ATP/04/PI
Starting Salary Range: $135,900 - $238,400 Annually (commensurate w/exp.)
Employee group: Full Time
Schedule: Monday - Friday 8:30am - 5:00pm
FLSA Status: Exempt
Location: Hybird/ Homewood Campus
Department name: VP and General Counsel Office
Personnel area: University Administration