Attorney, Data Privacy & Data Protection Counsel, Vice President

Vice President, Enterprise Level Data Attorney

Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), the 5th largest financial group in the world (as ranked by S&P Global, April 2018) with total assets of over $2.9 trillion (106.2 (JPY) as of March 30, 2018) and 150,000 colleagues in more than 50 countries. In the U.S., we're 13,000 strong, working together to positively impact every customer, organization, and community we serve. We achieve this by delivering on our values, putting people first, fostering long-term relationships built on honesty and mutual understanding, and inspiring the best in each other. This is all part of our inclusive, high-performing culture supported by Total Rewards that include our cash balance pension plan. Join a team that's working to fulfill its vision to be the world's most trusted financial group.


MUFG Americas Legal Department is seeking an Enterprise Level Data Privacy and Data Protection Attorney with financial industry expertise.

Key Responsibilities:

  • Analyze, apply and identify business requirements resulting from existing, new and evolving, federal, state, and local laws (as well as government and industry standards and guidelines) related to data processing activities (including data privacy and data protection), applicable to the enterprise's operations (including, CCPA, GLB, NIST, FFIEC, PCI DSS, FCRA, FCC and FTC consumer privacy rules, TCPA, TSR, UDAAP and HIPAA)
  • Advise and help assess data privacy and data protection risks associated with products and services, technology products, systems, networks, and operations in diversified financial services
  • Advise on data breach response and notification; consistent with applicable federal, state and international laws; work closely with the regulatory affairs office in managing related communications, coordination, and technical assistance with federal, state, and non-U.S. officials and law enforcement
  • Work closely with information security, risk, crisis management and compliance managers (including the enterprise's privacy office and the incident management team) and other corporate support functions and practice group attorneys and support them in the identification of risks, development of strategies and practical operational processes towards data privacy and data protection (including defense, preparedness and response)
  • Review, draft and negotiate (when applicable): (i) third party contractual provisions; (ii) BAAs and (iii) corporate policies and standards, related to data privacy and data protection requirements applicable to financial institutions
  • Assist business lines and other support functions with addressing data subject and government requests for information while effectively managing conflict of laws issues arising from cross border data transfers

We require:
  • A Juris Doctor degreeor equivalent Law Degree
  • A minimum of 8-10 years relevant experience at a major law firm or corporate legal department. Will consider candidates with 5 years of experience for those with strong relevant experience
  • Must be admitted to at least one state bar (NY or CA preferred) active/good standing
  • Knowledge of, and practical experience with, federal and state data protection and data breach notification laws, regulations and financial sector associations, including NYDFS' cybersecurity regulations and FSSCC' cybersecurity profile
  • Strong knowledge of data privacy and data protection laws and regulations in the United States, including consumer and employee data processing requirements and limitations (including cross border data transfers)
  • Familiarity with the EU's General Data Protection Regulation, Japan's Act on the Protection of Personal Information (APPI), PIPEDA, bank secrecy laws and other relevant international data privacy and data protection laws and regulations
  • Strong interpersonal, organizational and problem-solving skills
  • Ability to present complex issues in a clear and concise manner and provide succinct results-oriented legal advice
  • Ability to work in a fast-paced, demanding and collaborative environment with many stakeholders
  • Independent, self-starter capable of prioritizing conflicting demands and handling multiple assignments simultaneously
  • Strong influencing and leadership skills, including decisiveness on both legal and business issues exercising appropriate risk management judgment
  • Privacy qualification or certification such as, CIPP/US, CIPM, CIP

Desired Skills :
  • Experience in global financial services and with financial regulators
  • Experience working cross-functionally with stakeholder teams, including Legal, Information Security, Business Lines, Internal Audit, Risk Management and Compliance
  • Familiarity with AI, Machine Learning, BigData, APIs; laws related to e-commerce, and mobile commerce; self-regulatory regimes like APEC, Direct Marketing Association and CTIA
  • Proficiency in other languages

The above statements are intended to describe the general nature and level of work being performed. They are not intended to be construed as an exhaustive list of all responsibilities, duties and skills required of personnel so classified.

We are proud to be an Equal Opportunity/Affirmative Action Employer and committed to leveraging the diverse backgrounds, perspectives and experience of our workforce to create opportunities for our colleagues and our business. We do not discriminate in employment decisions on the basis of any protected category.

A conviction is not an absolute bar to employment. Factors such as the age of the offense, evidence of rehabilitation, seriousness of violation, and job relatedness are considered in all employment decisions. Additionally, it's the bank's policy to only inquire into a candidate's criminal history after an offer has been made. Federal law prohibits banks from employing individuals who have been convicted of, or received a pretrial diversion for, certain offenses

Back to top