Counsel - Vendor Risk and Data Security

Job Description

The Department: Bloombergs Legal & Compliance Department plays a critical role in supporting our businesses and operations around the world. We move quickly and thoughtfully to help address a variety of complex legal issues that come with being the worldsleading financial news and information company. Our team is made up of talented and hardworking professionals who think creatively and work collaboratively in an open environment to deliver results, drive innovation, and solve difficult problems. Diversityand inclusion are essential to our success, and we strive to maintain an environment where all our employees are empowered to make an impact. We also believe that helping those in need is a fundamental obligation of legal professionals, as evidenced by ouraward-winning pro bono program! The Team: The Data Security team within Bloombergs Legal Department advises the Company on cybersecurity, data use and governance, information security, data localization and sovereignty, telecommunications/transmission, electroniccommunications, voice services, and broadcast regulatory requirements on a global basis. Our team is involved in every stage of product development and data management processes, including vendor data and risk management, vendor and customer agreements, datacenter and networks management, product design, incident management, technical security, access controls, broadcast radio regulatory compliance, and employee matters. We work closely with Bloombergs Chief Technology, Chief Risk & Compliance, Vendor Risk Management,Cloud Governance, Information and Product Security, and TV and Radio teams to ensure awareness of and compliance with industry trends and regulations, implement global training programs, and manage cybersecurity and data risk across the business. Your Role:The Vendor Risk and Data Security counsel will focus on digital and technology transactions, supporting commercial counsel utilizing your subject matter expertise on data security, data use, cross-border data transfer, data localization, and related issues.Be the responsible Legal subject matter expert on vendor cybersecurity and data use risk, which includes: Support the Commercial Contracts Legal team to negotiate information security, data governance, data location, cross-border data transfer, data transmission,and privacy language in vendor agreements, including SaaS agreements, software and technology licenses, MSAs, content licenses, e-commerce agreements, and GDPR SCCs. Support the Networks and Data Center teams to negotiate technology agreements, including connectivity,voice and telecommunications services and co-locations. You will advise the Vendor Incident Response team, advising on vendor incident events, remediation activities, and breach and incident notifications. You will: Ensure Bloombergs information securitypolicy and regulatory compliance across vendor engagements Assist the Vendor Risk Team to maintain and update its vendor risk assessment process. Identify trends and developments in regulatory requirements and industry practices to improve vendor informationsecurity risk management and incident response processes Participate with the Vendor Risk team in tabletop and related exercises to test the vendor risk management program. Be a proactive and knowledgeable member of the team and assist to: Provide day-to-daycybersecurity, data risk management, and vendor agreement negotiations advice. Assisting to develop and deliver recorded and in-person trainings in connection with your practice areas Youll need to have: Membership in the New York State Bar or the necessaryqualifications to register as in-house counsel, and willingness to work in New York, NY 4-8 years of legal experience in technology contracting involving information security (e.g. software, hardware, SaaS, IaaS, fintech, sponsorship, licensing, telecommunications)Subject matter expertise in transactional, cybersecurity, information security, data governance, data location, data transmission, privacy (eg, GDPR SCCs, data transfers), and incident response laws, rules, regulations, and industry standards Ability to respondquickly and pragmatically to urgent situations. Ability to prioritize and resolve issues promptly and effectively Ability to explain complex concepts, build consensus, think creatively, and collaborate to address company needs, including with security andrisk professionals, engineers, data scientists, software developers, product developers, Human Resources, and other teams Curiosity, interest, engagement, and the ability to investigate and surface business needs, gaps, and risks in connection with vendoruse Ability to adapt to a changing environment and willingness to develop new skills and expertise Desire to become a key contributor to the success of our team and company Wed love to see: Experience advising on telecommunications and security issues relatedto managing data centers, network, and data transmission infrastructure Experience with telecommunications, broadcast, voice, ISP, and/or cloud usage regulatory requirements, licensing, and compliance. Experience working with regulated financial institutions,software, or other technology companies Experience negotiating data, privacy, and cybersecurity related terms in mergers & acquisitions, third party partnerships Law firm and In-house experience If this sounds like you: Apply if you think were a good match.Well get in touch to let you know what the next steps are, but in the meantime feel free to have a look at this: http://professional We are an equal opportunity employer. We do not discriminate on the basis of race, religion, color, national origin, gender,sexual orientation, age, marital status, veteran status, or disability status.