Senior Privacy Counsel

Job details

The people of Memorial Sloan Kettering Cancer Center (MSK) are united by a singular mission: ending cancer for life. Our specialized care teams provide personalized, compassionate, expert care to patients of all ages. Informed by basic research done at our Sloan Kettering Institute, scientists across MSK collaborate to conduct innovative translational and clinical research that is driving a revolution in our understanding of cancer as a disease and improving the ability to prevent, diagnose, and treat it. MSK is dedicated to training the next generation of scientists and clinicians, who go on to pursue our mission at MSK and around the globe.

Senior Privacy Counsel

Exciting Opportunity at MSK: MSK’s Privacy team is committed to safeguarding the privacy of our patients’ information and to promoting the highest standards of ethics and integrity in all we do. We work closely with our colleagues across the enterprise to help MSK achieve its mission of Ending Cancer for Life.

We seek an experienced Privacy attorney to join our team in advising our internal clients on privacy law and policy, supporting enterprise strategic initiatives, clinical and business operations, and research matters, and managing our operational compliance with GDPR and related global-privacy frameworks.

Role Overview:

• Serve as subject matter expert to business, clinical, and research teams across MSK. Advise on key legal questions related to privacy by gaining detailed insight into business areas. Perform detailed legal research as needed and provide timely, effective advice.

• Manage MSK’s operational compliance with GDPR and other global-privacy frameworks.

• Advise other members of the MSK legal team on data privacy laws and collaborate on transactions led by those team members.

• Lead negotiation of HIPAA Business Associate Agreements with MSK’s IT and supply chain vendors.

• Draft, update, and regularly review consumer-facing privacy notices for MSK digital properties; Advise the Development, Marketing and Communications, and other digital teams on use of cookies, pixels and other trackers on MSK digital properties.

• Provide legal guidance to other members of the Compliance team in their management of privacy-related inquiries from patients and staff.

• Collaborate with departments across the organization, including clinical, research, hospital administration, IT, procurement, and Information Security departments, and MSK’s AI Governance Council to develop and enhance policies governing MSK’s use of personal data (PHI, PII).

• Stay abreast of new domestic and global privacy and data protection requirements and assess their impact on existing operations and strategic plans.

Key Qualifications:

• Expertise in advising clients on GDPR and other global privacy frameworks, and experience with HIPAA and state privacy laws related to health information.

• Demonstrated knowledge of US privacy and data protection laws and a keen understanding of the changing US privacy legal landscape, including emerging comprehensive state privacy laws.

• Experience implementing the practical requirements of data privacy laws, including individual data subject rights and requirements for de-identification and data anonymization.

• Demonstrated understanding of technology, marketing and ad tech, emerging AI technology, and experience advising clients on use of trackers, pixels, digital consumer privacy and protection (including, e.g., TCPA, CAN-SPAM, etc.).

• Familiarity with regulatory requirements for Human Subjects Research preferred.

• An established track record of translating regulatory requirements into practical and impactful elements while supporting business strategy.

• Ability to skillfully maneuver through complex policy, process, and people-related organizational dynamics.

• A Juris Doctorate (JD) and a minimum of 5 years of direct experience advising clients on privacy law either at a law firm or as part of an in-house legal or compliance team.

• Licensed to practice in NYS or eligible for in-house registration.

Core Skills:

• Privacy & Regulatory Compliance Expertise - Deep knowledge of HIPAA, GDPR, and global privacy frameworks to ensure organizational compliance and mitigate legal risk.

• Legal Research & Advisory Skills - Ability to conduct thorough legal research and provide timely, practical guidance on complex privacy and data protection matters.

• Contract Negotiation & Vendor Management - Experience leading negotiations of Business Associate Agreements (BAAs) and engaging with vendors on privacy and data security requirements.

• Cross-Functional Collaboration & Stakeholder Engagement – Proven ability to partner with clinical, research, IT, compliance, procurement, and legal teams to develop privacy-focused policies and solutions.

• Data Governance & Digital Privacy Strategy - Expertise in managing PHI/PII governance, privacy notices, cookies/trackers compliance, de-identification methodologies, and assessing the impact of evolving privacy regulations on business operations.

Additional Information:

• Report directly to the VP, Privacy Officer & Chief Privacy Counsel.

• Location: 633 Third Avenue, Hybrid Flexibility to travel to other sites as needed

Helpful Links:

• Compensation Philosophy

• Benefits

Closing:

At MSK, we believe in fair, competitive pay that reflects your job, experience, and skills.

MSK is an equal opportunity and affirmative action employer committed to diversity and inclusion in all aspects of recruiting and employment. All qualified individuals are encouraged to apply and will receive consideration without regard to race, color, gender, gender identity or expression, sexual orientation, national origin, age, religion, creed, disability, veteran status or any other factor which cannot lawfully be used as a basis for an employment decision.  

Federal law requires employers to provide reasonable accommodation to qualified individuals with disabilities. Please tell us if you require a reasonable accommodation to apply for a job or to perform your job. Examples of reasonable accommodation include making a change to the application process or work procedures, providing documents in an alternate format, using a sign language interpreter, or using specialized equipment.