Privacy and Data Protection Compliance Specialist

At AlixPartners, we solve the most complex and critical challenges by moving quickly from analysis to action when it really matters; creating value that has a lasting impact on companies, their people, and the communities they serve.By understanding, respecting, and honoring the needs of our employees, clients, and communities, AlixPartners actively promotes an inclusive environment. We strongly believe in the value that diversity brings to our experiences and are committed to the perpetual enhancements of initiatives, policies, and practices. We hold ourselves accountable by providing the space for authenticity, growth, and equity for everyone.
AlixPartners has embraced a hybrid work model to provide flexibility and support our employees work-life integration. Our hybrid model combines a mix of in-person at an AlixPartners office on Tuesday, Wednesday, and Thursday, with remote working options for Monday and Friday.
What youll do
In this position on AlixPartners Corporate Services Legal Team, you will work with other Legal, Compliance, and Risk professionals providing support in the areas of privacy and data protection. The ideal candidate will have excellent writing, organization, and communication skills, along with high attention to detail and accuracy.
Known internally as Legal Compliance Professional – Privacy and Data Protection, this role has a preferred location of Southfield, Michigan, USA or London, England. This position will report to the Associate General Counsel overseeing Privacy & Data Protection. Paid relocation is not available.
Provide support in areas related to compliance with state, federal, and global data privacy statutes and regulations, including GDPR, CCPA, PIPL, HIPAA, HITECH, and ePrivacy Directive.
Provide support in the maintenance and enforcement of AlixPartners data governance policies and programs and AlixPartners privacy policies and programs.
Under the supervision of the senior professionals on the Privacy and Data Protection team:
Respond to client questionnaires and due diligence requests
Review data protection agreement, data sharing agreement, standard contractual clauses, and Business Associate Agreements for consistency of preferred terms related to data governance, privacy, and security
Conduct, execute, and document Privacy Impact Assessmentsand Risk Assessments for programs, processes, and projects across the organization
Intake, document, and respond to Data Subject Requests
Partner with cross functional teams firmwide to identify and document privacy risks within new and existing projects, and develop mitigation plans
Conduct privacy assessments of third-party vendors and tools in conjunction with the procurement team and other stakeholders
Monitor changes in the privacy landscape and translate to actionable measures.
Draft privacy, data governance, and data protection communications for internal use.
Complete other administrative tasks related to the execution of a Privacy Program (e.g. schedule stakeholder meetings, take meeting minutes, breach response participation, etc.).
Build positive relationships with stakeholders across the broader organization.
Additional responsibilities as identified. This description is not designed to encompass a comprehensive listing of required activities, duties, or responsibilities.
What youll need
Minimum two (2) years data governance, privacy, compliance, or paralegal experience.
Familiarity with at least one of the following data privacy regulations and one associated security frameworks GDPR, CCPA, HIPAA, NIST frameworks, ISO frameworks, etc.
Track record of effectively working with data from multiple sources – willingness to dig-in and understand the data, leveraging creative thinking and problem-solving.
Experience with Privacy Impact Assessments and Data Subject Access Requests is a plus.
Contract review experi