Global Legal Counsel - Data Incidents, Associate Director

Our Global Data Protection (Global DP) team is seeking a qualified data protection lawyer to support the maintenance and coordination of the Global Incident Response (IR) Program in collaboration with key global stakeholders and EY Member Firm legal and data protection teams around the world. This lawyer will also play a key role in managing multijurisdictional incident responses and assisting EY Member Firms with local responses as relevant. The role is Associate Director ranked. Global DP sits within our Global General Counsel’s Office (Global GCO) and is responsible for EY’s privacy and related legal and regulatory compliance program in alignment with EY policies, guidance and EY’s Binding Corporate Rules. The team partners heavily with the EY Global Information Security function and works closely with all parts of the network on data protection matters, including the protection of personal data, client confidential data, and other types of EY confidential information.

The opportunity As the Global Legal Counsel – Data Incidents, you will work closely with the Global Lead Counsel – Data Incident Response (a Director in Global DP responsible for the Global IR process) and the Chief Privacy Officer. You will work closely with business and Information Security stakeholders, the other leaders and members of Global DP, and EY Regional/Local Privacy Leaders, Global DP team members in India, Argentina, Philippines and Poland and the Global GCO.

Your Key Responsibilities

• Manage EY´s Global IR program, coordinate response and management of sensitive and significant incidents across Global functions and EY Member Firms according to EY policies and guidance.
• Support the Chief Privacy Officer in the management of select cases of strategic importance.
• Establish regular reporting on incidents across the EY organization to stakeholders and leadership.
• Guide and help to maintain / mature technology to support the overall response and management process.
• Collaborate with key stakeholders to update, implement, and maintain IR methodology as part of the global DP program.
• Communicate the Global IR plan to Member Firms, provide training, and support overall preparedness e.g. through planning and conducting tabletop exercises.
• Manage the overall IR policy improvement and process alignments in the Global IR process.
• Manage a variety of internally and externally triggered global incidents in coordination with Member Firms, Information Security and other key stakeholders.
• Communicate effectively and consistently with key stakeholders.
• Work with a team of data protection resources globally throughout EY.
• Collaborate with Global DP’s overall efforts to raise awareness among EY personnel globally regarding the importance of compliance with data protection regulations and EY’s own privacy compliance program, including the prevention of / response to data incidents.
• Identify / flag legal and regulatory issues surrounding IR and related data protection issues and provide appropriate legal advice / work to implement related solutions.
• Escalate to the Chief Privacy Officer, Global Lead Counsel – Data Incident Response and Global DPO any significant incidents, related issues, and plans for their resolution, including as applicable implications of local data protection regulations as aligned with local counsel.
• Provide general support to the Global DP team.

Knowledge, competency and skill requirements

• Must be legally qualified and hold a current practicing certificate/legal license.
• 8+ years of overall experience either in private or government legal practice or an in-house role with a significant focus on data protection in cross border situations, advising on complex / sensitive matters, and Incident Response and related legal parameters.
• Solid knowledge in EU and international data protection legislation (specifically the GDPR) and ideally familiarity with the legislation of one or more other jurisdictions.
• Ideally, internationally recognized privacy certification, such as CIPP/E and CIPM.
• Experience in conducting internal investigations, litigation, and in particular data breach response investigations or litigation.
• Strong leadership and project management skills.
• Excellent command of the English language.
• Sensitivity to intercultural contacts and communication.

What we offer you

At EY, we’ll develop you with future-focused skills and equip you with world‑class experiences. We’ll empower you in a flexible environment, and fuel you and your extraordinary talents in a diverse and inclusive culture of globally connected teams. Learn more. Are you ready to shape your future with confidence? Apply today.

To help create the best experience during the recruitment process, please describe any disability‑related adjustments or accommodations you may need.

EY | Building a better working world