Blackstone is the world’s largest alternative asset manager. We seek to create positive economic impact and long-term value for our investors, the companies we invest in, and the communities in which we work. We do this by using extraordinary people and flexible capital to help companies solve problems. Our $1.1 trillion in assets under management include investment vehicles focused on private equity, real estate, public debt and equity, infrastructure, life sciences, growth equity, opportunistic, non-investment grade credit, real assets and secondary funds, all on a global basis. Further information is available at www.blackstone.com. Follow @blackstone on LinkedIn, Twitter, and Instagram.
The candidate will join the Data Policy and Strategy Office in Blackstone’s Legal & Compliance department to support its cybersecurity, privacy and data protection programs, and to address regulatory and legal issues arising from Blackstone’s processing of personal and confidential data, including data protection, data loss, information access, and incident management. As experienced Privacy, Cybersecurity, & Data Protection Counsel for Blackstone, you will be responsible for providing advice and driving compliance efforts with respect to global privacy, cybersecurity, and data protection laws in all global jurisdictions. You will be part of a team whose task is to verify our businesses are in compliance with privacy, cybersecurity, and data protection regulations. You will be a partner to the business, leading initiatives, providing consultative advice, and acting as a point of escalation for privacy and data protection matters. The role will focus on assisting team members across multiple business groups and supporting compliance programs associated with the use of data in the support of its business operations and within its investment portfolio.
Primary job responsibilities include:
- Provide guidance on and drive compliance efforts relating to global privacy and data security regulations and standards.
- Track and research global regulatory developments relating to new and pending laws that impact Blackstone's privacy, cybersecurity and data protection program; translate that into practical, effective advice; work with business leader to address regulatory changes and lead compliance efforts relating to these laws.
- Implement and update privacy, cybersecurity, and data protection related policies, procedures, best practices, and guidelines.
- Administer and resolve privacy and data protection questions and issues that arise in business operations and commercial relationships.
- Review and negotiate privacy and data protection requirements in contracts and licenses, other submissions and reporting documents, including the review, negotiation and management of Standard Contractual Clauses and Intracompany Data Transfer agreements.
- Counsel on information technology development, acquisition and implementation and data architecture to ensure compliance with global privacy and data protection laws such as data localization requirements.
- Counsel on regulated and complex uses of personal data including for digital marketing, algorithmic decision making and customer acquisition and retention.
- Advise on privacy by design initiatives and privacy governance and strategy decision-making around protecting our investor, employee and other personal and confidential data entrusted to the firm and to Blackstone’s technology partners.
- Oversee legal and compliance aspects of insider risk and Red Flag programs.
- Counsel on privacy and security incident preparedness and management, including participating in tabletop exercises and any data-related incidents or regulatory inquiries.
- Provide legal and compliance support and advice regarding data models, data repositories, transfer and distribution of data products and implementation of automated or algorithmic data processing.
- Assist with and support other day-to-day legal and compliance matters and processes associated with the privacy and data protection programs as needed.
- Prepare, coordinate, and deliver legal and compliance training regarding privacy, data protection, information risk management and associated activities.
- Work collaboratively with intra-team and cross-functional partners, including Blackstone Innovations and Technology and other corporate groups and business units to develop creative solutions to complex challenges related to data privacy, data security and information risk management.
- Closely collaborate and align about privacy, cybersecurity, and data protection compliance or related issues with the members of the Data Policy and Strategy Office, Information Security Office, Technology organization, Human Resources, and other relevant (group) functions.
Qualifications:
Blackstone seeks to hire individuals who are highly motivated, intelligent, collaborative and have demonstrated excellence in prior endeavors. The successful candidate should have:
- Knowledge of global data privacy regimes including but not limited to U.S. State Privacy laws, HIPAA, GLBA, FCRA, GDPR, PIPA, DORA, PIPL, NYDFS Cyber regulations, Regulation SP privacy and cyber regulations, as well as global legal and regulatory data transfer mechanisms, data localization legal requirements and data de-identification and pseudonymization techniques.
- Knowledge of incident and breach management laws, regulations and techniques, data loss prevention, insider risk and fraud detection laws and regulations.
- Understanding of cloud technology, SaaS environments, and legal, regulatory and ethical aspects associated with automated decision-making and machine learning.
- Ability to work in a dynamic environment related to a growing and global business.
- Critical attention to detail and analytical skills.
- Strong drafting and organizational skills.
- Ability to communicate confidently and effectively.
- Ability to manage a team and drive strategic priorities, team collaboration and morale.
- Ability to work independently while remaining a strong team player.
- High initiative, creativity and drive.
- Minimum of eight (8) years of legal experience in a high-quality law firm or in-house environment, and be an experienced legal professional with a full understanding of privacy, cybersecurity, and data protection legal issues.
- Minimum of three (3) years of experience within privacy and/or cybersecurity law.
- J.D and license to practice law in at least one U.S. state.
- Strong technical skills, and ability to understand difficult, complex compliance and business problems.
- The ability to work with colleagues to devise pragmatic and creative solutions.
- The ability to manage multiple projects simultaneously, including the lead role in a wide variety of matters with both legal and non-legal professionals.
- Prioritization, perspective and focus on critical tasks that add value.
- Excellent organizational skills and follow-through.
- Highly effective oral and written communication.
- Strong judgment and the ability to engender trust.
- Excited to work in a dynamic environment where innovating through cutting-edge legal issues is the norm.
The duties and responsibilities described here are not exhaustive and additional assignments, duties, or responsibilities may be required of this position. Assignments, duties, and responsibilities may be changed at any time, with or without notice, by Blackstone in its sole discretion.
Expected annual base salary range: $200,000 - $250,000. Actual base salary within that range will be determined by several components including but not limited to the individual's experience, skills, qualifications and job location. For roles located outside of the US, please disregard the posted salary bands as these roles will follow a separate compensation process based on local market comparables.
Blackstone is committed to providing equal employment opportunities to all employees and applicants for employment without regard to race, color, creed, religion, sex, pregnancy, national origin, ancestry, citizenship status, age, marital or partnership status, sexual orientation, gender identity or expression, disability, genetic predisposition, veteran or military status, status as a victim of domestic violence, a sex offense or stalking, or any other class or status in accordance with applicable federal, state and local laws. This policy applies to all terms and conditions of employment, including but not limited to hiring, placement, promotion, termination, transfer, leave of absence, compensation, and training. All Blackstone employees, including but not limited to recruiting personnel and hiring managers, are required to abide by this policy.
If you need a reasonable accommodation to complete your application, please email Human Resources at HR-Recruiting-Americas@Blackstone.com.
#J-18808-Ljbffr