Share this Job

Senior Legal Advisor

Date: Sep 3, 2021

Location: London, United Kingdom

Company: KPMG UK

Roles and Responsibilities

We expect that the successful candidate will primarily focus on:

- Being a key privacy legal resource for KPMGI on data protection matters, including cross-border data transfers, information security incidents, data breaches and cybercrimes.

- Performing the following: (i) collaborating with other Member Firm OGCs and privacy professionals in the KPMG global organisation, (ii) performing privacy analysis
on third party and KPMG
technology solutions and (iii) advising on privacy and information security issues in procurement contracts and alliance agreements.

- Drafting, reviewing, amending and updating of a range of privacy and data protection documents, including organisation-wide agreements, global policies, privacy statements and templates.

- Providing support to Global Procurement and Global Alliance colleagues in relation to drafting and negotiation of complex commercial provisions relating to data privacy and protection laws and regulations.

- Staying updated on the latest legal and regulatory developments in the data privacy and information protection landscape, and advising on the impact of these laws and regulations.

- Implementing required data privacy and information protection changes in creative and business-centric ways that address risk and allow our business flexibility.

- Working with other teams in KPMGI and member firms to ensure KPMG’s ongoing compliance with data protection laws, including GDPR, the Data Protection Act (UK) 2018, the US CLOUD Act, the California Consumer Privacy Act, the New York Privacy Act, the Hong Kong Personal Data (Privacy) Ordinance, the Singapore Personal Data Protection Act and other relevant national laws and regulations.

- Training and educating KPMG professionals on legal risks related to non-compliance with data privacy and information protection laws and regulations, including with respect to technology solutions.

Qualifications and Skills

A candidate should have the following technical skills:

- Substantial, demonstrable, and excellent technical legal skills in the areas of data privacy and information protection, with a focus on providing legal advice on a range of global privacy laws, regulatory guidance and enforcement actions.

- Good technical understanding of how technology solutions process data, and the ability to translate such technical information into privacy statements.

- Strong negotiating and drafting skills, focused on data privacy and information security, across a wide variety of inter-firm governance, commercial technology, and alliance agreements.

- Must be able to translate complex legal and regulatory issues, within the context of complex technical and business issues, into easily understandable, pragmatic and commercial advice.

A candidate must be a qualified lawyer with approximately 6+ years PQE (or equivalent, if not qualified in the UK), although all candidates with demonstrable ability to fulfil the role will be considered.

One or more certifications from the International Association of Privacy Professionals (IAPP) and/or International Information Systems Security Certifications Consortium.

Experience and Background

A candidate should have the following experience and knowledge:

- 8 + years of experience in the areas of data privacy and information protection law, with significant experience advising on laws and regulations across multiple jurisdictions (e.g., GDPR, the Data Protection Act (UK) 2018), the US Cloud Act) which has been gained primarily by advising on business transactions. Familiarity with the California Consumer Privacy Act, the New York Privacy Act, the Hong Kong Personal Data (Privacy) Ordinance, the Singapore Personal Data Protection Act and other relevant national laws and regulations preferred.

- Solid understanding of the types of data privacy and protection issues and challenges faced by a large global organisation, along with an understanding as to how to balance the needs, demands and requirements of a global business with legal risks and protections

- Knowledge of the core concepts of information security and the ability to quickly understand how these relate to the data privacy aspects of KPMG’s services and business.

- Experience working as part of a legal team (either at a top tier law firm or at an equivalent position in-house) on complex cross-border commercial matters.

- Ability to advise on, and drive forward the implementation of, solutions to complex issues and matters with an international/cross-border dimension.

- Ability to work flexibly and collaboratively as part of a supportive legal team while taking responsibility for their own work.

- Must be self-motivated and able to thrive in a fast-paced, high-volume legal department with many different stakeholders worldwide.

- Understands how to foster a collaborative and inclusive environment amongst other KPMG professionals.

- Ability to build and maintain relationships with key business leads and senior stakeholders.

- Cultural sensitivity required to engage with people at all levels and with diverse backgrounds.

- Experience in instructing and managing external counsel on matters, as appropriate (other than the most significant matters, on which the individual in this role will work alongside a Partner or Director level lawyer within IOGC).

- An affinity for technology and privacy issues related thereto, with a natural interest in cloud-based technology solutions and enthusiasm for technical innovation.

- Awareness of own strengths and areas for development.

Additional Notes
This role offers a comprehensive compensation and benefits package.

Some domestic and international travel may be required (once countries open up their borders and it is safer to do so).

Job Segment: Law, Information Systems, Compliance, Procurement, Information Security, Legal, Technology, Operations