Data Privacy Analyst

Job Description

THE TEAM

The US Office of Audit and Privacy is an internal corporate team supporting the firm’s core immigration business.  The team provides guidance and support on the myriad of privacy laws, creates firm policies regarding privacy and data, works closely with the firm’s IT security group to develop effective strategies and protections, investigates data privacy incidents, conducts data privacy impact assessments, fulfills data subject access requests, provides training to all firm employees and negotiates data privacy contracts.

As part of the Office General Counsel (OGC), The Office of Audit and Privacy works closely with other corporate team members on a wide range of transactional, company secretarial and advisory legal work.

ABOUT THE ROLE

The role will join the in-house legal department with a focus on US, Canadian and South American privacy and data protection related matters supporting the Data Privacy Office.

You will assist the Data Privacy Office in the administration, management, and development of the Firm’s Privacy Program and data privacy legal compliance.

Other key responsibilities will include:

• Assist Data Protection Officer, OGC, and HR in the handling and coordination of daily firmwide data privacy incidents, including but not limited to, response, investigation, logging, reporting and coordination;
• Assist in the management and coordination of other on-going compliance, projects, and business reviews;
• Continuously assess the Firm’s operations to develop policies, processes, and procedures related to Fragomen’s privacy practices and programs;
• Keep abreast of current developments of privacy regulations related to immigration (specifically the Americas);
• Consult with legal counsel regarding privacy topics related to the organizations processes, including IT applications and systems;
• Remain well-informed and support team members with questions related to ISP (Information Security and Privacy) concepts;
• Work closely with internal stakeholders, such as legal practice teams and other corporate functions to analyse and respond to privacy related issues and support DPIA reviews and processes;
• Assist with responding to client related surveys and questionnaires regarding the Firm's compliance initiatives.

ABOUT YOU

• Bachelor’s degree required
• Professional Certifications preferred (E.g. CIPP/US, CIPP/E, CIPT, CIPM, CIPP/C, CISSP)
• To be successful in this role you will have at least 2 years experience in privacy and compliance reporting. Other applicable legal work will also be considered.
• Experience working within an international legal environment preferred
• Ability to deliver clear, practical and pragmatic written and oral communications
• Excellent interpersonal and organisational skills
• Strong critical thinking skills necessary
• Fluency in English required; additional languages preferred

Compensation:

The salary range for this role reflects a variety of factors considered in compensation decisions, including but not limited to an individual’s skills, experience, qualifications, work location, work arrangement, licensure and certifications, and applicable laws. Placement within the range will vary based on these factors, and compensation decisions are made to ensure internal equity and alignment with market data.

A reasonable and good-faith estimate of the current salary range for individuals able to work a hybrid schedule in the office locally is:

You may also be eligible to take advantage of our benefits offering, 401K, and paid time off plans.

All offers and/or employment contracts are contingent upon the successful completion of the Firm’s pre-employment screening process. This process may include verifying the candidate’s identity, confirming legal authorization to work in the offered position’s location, and conducting a comprehensive background check, where permitted by local regulations. We use limited AI‑assisted tools for administrative screening purposes only - never for decision‑making. All hiring decisions are made by people. Applicants may have rights to information and explanations regarding the use of such tools, or request human review, as required by applicable regional laws.