SAGE - Cyber/Data/Privacy Career Associate

Overview We are seeking a highly qualified career associate with 4-6 years of experience to join our established Cyber, Privacy & Data Innovation group. This position is open in our New York, San Francisco, Seattle, Boston, or Washington, D.C. offices. Our Career Associate program offers top legal talent an alternative to the partner track while still providing opportunities to do cutting‑edge and deeply substantive legal work. Lawyers join us as Career Associates at many stages in their careers, from recent graduates to more senior lawyers who join after practicing in other settings. These are rewarding roles if you share our passion for practicing law and delivering excellent service but seek a lower annual time commitment. The expected hours for this role are between 1,400 and 1,600. Our Cyber, Privacy & Data Innovation group sits at the intersection of regulatory compliance, transactional support, product counseling, and incident response. The team advises global companies on designing and implementing world‑class privacy, cybersecurity, and AI compliance programs. Our work covers a broad spectrum of U.S. federal and state laws, international frameworks, and self‑regulatory regimes, including the CCPA/CPRA, GDPR, EU AI Act, HIPAA, GLBA, FCRA, COPPA, ECPA, CAN‑SPAM, TCPA, BIPA and other state biometric privacy laws, consumer health data laws, state data broker laws, and U.S. state breach notification and cybersecurity laws. The team also counsels clients on self‑regulatory programs and frameworks, including NIST, ISO, and OECD frameworks for AI risk management and cybersecurity, the Payment Card Industry Data Security Standard, the EU‑U.S. Data Privacy Framework, Binding Corporate Rules, APEC Cross‑Border Privacy Rules, and online behavioral advertising programs such as the DAA IAB, and NAI. The group is also at the forefront of artificial intelligence governance and emerging technology. We help clients develop flexible AI governance frameworks, design tailored AI use policies, negotiate AI‑related contracts, counsel on responsible AI innovation and algorithm development, and navigate the rapidly evolving AI regulatory landscape. The team has developed innovative client‑facing tools, including the Orrick AI Law Center, EU AI Act reference guide, U.S. AI Law Tracker, Gen AI Policy Builder, and Privacy in a Box. Responsibilities Advise clients on compliance with U.S. and international privacy, cybersecurity, and AI laws and regulations, including the CCPA/CPRA, GDPR, EU AI Act, HIPAA, GLBA, FCRA, COPPA, BIPA, TCPA, CAN‑SPAM, and a growing patchwork of U.S. state privacy, biometric, consumer health data, and AI laws. Support the development and implementation of comprehensive global privacy, AI, and cybersecurity compliance programs, taking a risk‑based approach to policies governing the full lifecycle of personal information. Counsel clients on privacy, security, and AI due diligence in corporate and technology transactions, including M&A deals, IPOs, and data licensing transactions. Draft, review, and negotiate data processing agreements, data licenses, privacy and security schedules in commercial contracts, privacy policies, terms of service, and related documentation. Provide guidance on incident preparedness, data breach response, regulatory investigations, and government inquiries at both the state and federal levels, including matters involving the FTC. Advise on cross‑border data transfer mechanisms and strategies, including the EU‑U.S. Data Privacy Framework, Binding Corporate Rules, and standard contractual clauses. Counsel clients on AI governance matters, including the responsible development and deployment of AI‑powered products, AI training data sourcing, employee AI use policies, and AI risk assessments. Provide practical product counseling across technology industries—PropTech, HealthTech, EdTech, adtech, automated and connected vehicles, and blockchain—integrating privacy and AI considerations into product development and change‑management processes. Manage multiple projects and deadlines simultaneously and proactively drive matters forward with minimal supervision. Qualifications 4‑6 years of relevant experience in privacy, cybersecurity, AI, and data protection matters at a law firm or in‑house legal department. Experience advising on compliance with major privacy and data protection frameworks (e.g., CCPA/CPRA, GDPR, HIPAA, GLBA, COPPA, BIPA, CAN‑SPAM, TCPA). Experience negotiating privacy, security, and data‑related terms in commercial contracts and handling all privacy and security components of corporate transactions. Familiarity with AI regulatory developments and emerging AI governance frameworks is strongly preferred. Excellent drafting, negotiation, analytical, and writing skills. Proactive communication and excellent project management skills. Superior verbal and interpersonal communication skills; ability to engage directly with clients and lead significant projects. Strong academic credentials from a nationally recognized law school. Ability to work effectively as part of a collaborative global team spanning multiple offices and jurisdictions. Demonstrated aptitude for technology and understanding of online technologies, digital advertising, and emerging technologies such as artificial intelligence and machine learning. CIPP/US, CIPT, CIPM, AIGP, or other IAPP certifications are a plus. JD is required. Admission to the state bar of the office in which the candidate would be located. Compensation and Benefits The expected salary range for this position is between $175,000 and $215,000. Orrick is committed to providing a comprehensive, competitive, and thoughtful total compensation package to our attorneys and staff, wherever they work. This compensation and benefits information is based on the Orrick's estimate as of the date of publication and may be modified in the future. The level of pay within the range will depend on a variety of job‑related factors that may include, but not limited to, qualifications, relevant experience or education, particular skills or expertise, geography. Other compensation may include an annual discretionary merit bonus, which would be determined by Firm and individual performance. We offer a full range of elective health benefits including medical, dental, vision and life; robust mental well‑being programs; child, family, elder, and pet care benefits; short‑and long‑term disability and industry‑leading parental leave benefits; health savings account contributions (w/applicable medical plan), flexible spending accounts, and a 401K program. This role will receive compensated time off through our Flexible Time Off program and paid holidays. Orrick accepts applications for this position on an ongoing basis, until filled. We are an Equal Opportunity Employer. Consistent with the SF Fair Chance Ordinance, an arrest and conviction record will not automatically disqualify a qualified applicant from consideration for employment. For attorney positions, a 'qualified applicant' is an individual who is a member of the State Bar of California, admitted in good standing, and is eligible to practice; or whose admission to the State Bar of California and eligibility to practice remains subject only to successful completion of the California Bar Examination. Qualified applicants with criminal histories will be considered for the position in a manner consistent with the requirements of the Los Angeles Fair Chance Initiative for Hiring. #LI-DNI #J-18808-Ljbffr