Global Legal Counsel, Assistant Director - Ropa IR

Our global data protection team is seeking a qualified data protection lawyer to advise on and coordinate data protection matters in particular to oversee and run the Global Record of Processing Activities (RoPA) Inventory as well as coordinate the Global Incident Response (IR) Process. This involves overseeing a team who are responsible for completing and maintaining EYs Global RoPA and integration of Privacy Impact Assessment (PIA) records and Third Party Vendor Due Diligence (VDD) data as well as coordinating the work of other resources and EYs Global Delivery Service (GDS) involved in the Global Incident Response Process.

The global data protection team is responsible for the implementation and transformation of EYs privacy compliance program which include Binding Corporate Rules. The team works closely with all parts of the business on data protection matters including both personal data privacy and the protection of client and EY confidential information.

The opportunity

As the Global Legal Counsel Data Protection RoPA and Incident Response you will be responsible for overseeing the Records of Processing Activity (RoPA) process and inventory as well as the management of the Global Incident Response (IR) process. You will be working closely with business stakeholders the other members of the global data protection team and EY Regional/Local Privacy Leaders as well as data protection resources in EYs GDS locations in India Argentina Philippines and Poland.

Your key responsibilities

• Oversee EYs global Data Protection program for Records of Processing Activities (ROPA) process and the management of Global Incident Response process.
• Manage the ROPA program which includes an intake process to meet the requirements of Article 30 GDPR to record all processing activities in a centrally managed inventory.
• Support the optimization of the ROPA process to work efficiently within the global EY organization as part of an overall data protection management platform and adapt to new regulatory frameworks such as for AI technologies.
• Work and collaborate with Regional and Country DP Leaders to adapt and integrate local RoPA activities into the Global RoPA.
• Collaborate with key stakeholders to update implement and maintain IR methodology as part of the global DP program.
• Communicate the Global IR plan to Member Firms provide training and support overall preparedness e.g. through planning and conducting of table top exercises.
• Lead the overall IR policy improvement and process alignments in the Global IR process.
• Manage a variety of internally and externally triggered global incidents in coordination with Member Firms Information Security. and our business Service Lines.
• Communicate effectively and consistently with key stakeholders.
• Work with a team of data protection resources globally throughout EY;
• Collaborate with team efforts to raise awareness among EY personnel globally regarding the importance of compliance with data protection regulations and EYs own privacy compliance program;
• Identify / flag legal and regulatory issues surrounding IR and related dataprotection issues and provide appropriate legal advice / work to implement related solutions.;
• Escalate to the Chief Privacy Officer and Global DPO any significant incidents related issues and plans for their resolution including as applicable implications of local data protection regulations as aligned with local counsel.y;
• Provide general support to the global data protection team.

Skills and attributes for success

• Must be legally qualified and holding a current practicing certificate;
• Between 6-8 years of relevant experience either in private legal practice or an in-house role (including proven experience in the field of data protection in cross border situations (including advising on complex matters such as incident response DPIAs etc.);
• Solid knowledge in EU data protection legislation (specifically the GDPR) and ideally familiarity with the legislation of one or more other jurisdictions;
• Ideally internationally recognized privacy certification such as CIPP/E and CIPM;
• Experience in conducting internal investigations and in particular data breach response investigations preferred but not required.
• Strong project management skills;
• Excellent command of the English language;
• Sensitivity to intercultural contacts and communication.