At Relativity, we make software to help users organize data, discover the truth, and act on it. Our e-discovery platform is used by more than 13,000 organizations around the world to manage large volumes of data and quickly identify key issues during litigation, internal investigations, and compliance projects.
Here you can own your career in a community of values-driven people who help our customers around the world solve complex data challenges. If this sounds like the place for you, check out the details of this position below.
The Data Privacy Manager reports directly to our Chief Security Officer. The Data Privacy Manager also serves as Chair of our Relativity Privacy Committee. The Chief Security Officer may assign additional responsibilities and project in the security and compliance areas as needs arise and time permits.
This Role primarily supports and advances the following Objectives in the Privacy Committee Charter:
Providing Strategic and Thought Leadership –Develop and implement a strategic approach that considers privacy along with corporate growth.
Ensuring Cross-Functional Support– Create awareness of key privacy issues within the company and stress the importance of addressing these issues whenever they arise.
Develop Privacy Compliance Framework– Develop and implement a privacy framework tailored to Relativity’s business. The framework is to reflect the company’s operations and internal resources, the nature of Relativity’s data, any legal, regulatory and contractual obligations, risks, and the company’s privacy principles.
Understand Legal Privacy Requirements and Develop Privacy Compliance Plan– Maintain a solid, analytically strong, technical understanding of Relativity’s legal obligations and create a roadmap to achieving compliance, in collaboration with our Legal Team and subject to its approval and direction.
Develop Privacy Policies, Processes, and Internal Controls – Develop, maintain, and periodically update, policies and internal controls including, but not limited to: external and internal privacy statements, internal privacy policies, policies and procedures related to security breaches, internal and external reporting mechanisms, communication policies and procedures, policies that address policies that address the use of company resources, tools that manage privacy risk and assess program success, data governance policies and practices, controls for tracking and complying with jurisdiction-specific requirements, and supplier, vendor and other third-party privacy requirements.
Deal with Day-to-Day Operational Issues –Provide business-focused solutions that protect personal data while supporting business development and growth. Assist our Legal Team with privacy complaints and incidents, including investigation and response to data breach incidents. Assist with vendor privacy and security management.
This is a Privacy Management & Technical Role – Not a Legal Position. You will need to have a strong understanding and working knowledge of relevant privacy laws and regulations; however, you will not have a legal position and will instead work closely with our Legal Team, which retains authority and responsibility for all legal matters (including legal content, analysis, interpretations, advice, conclusions, directions, and approvals, as appropriate, etc.).
Serve as the Chair of the Relativity Privacy Committee. The Relativity Privacy Committee provides governance for Privacy policies for Relativity. The Data Privacy Manager schedule and lead quarterly meetings. Prepare agendas and meeting notes. Carry out the Data Privacy Manager duties described in the Relativity Privacy Management Charter or otherwise authorized or directed by the Relativity Privacy Committee.
Prepare Personal Information Data Maps. Prepare, maintain, and periodically update, detailed data maps for all personal information that the company collects, processes, stores, etc (excluding customer data in RelativityOne).
Prepare Data Privacy Policies and Data Retention and Deletion Schedules. Prepare, maintain, and periodically update detailed Data Privacy Policies (including Cookies), as well as Data Retention and Deletion Schedules, subject to review and approval by the company’s Legal Department as appropriate. Take all actions necessary to ensure that these items are properly posted on all websites and properly distributed.
Prepare a GDPR / Privacy Page on Our Intranet. Prepare, maintain, and periodically update an intranet page (Einstein) as a central company-wide resource for GDPR and other privacy matters, including overview explanations, SOPs, Privacy Policies, Data Retention and Deletion Schedules. Legal content is subject to review and approval by the company’s Legal Department as deemed appropriate.
Manage and Administer Privacy Awareness and Training Programs. Work with HR Learning & Development to prepare, maintain, and periodically update privacy awareness and training courses, subject to review and approval by the company’s Legal Department as appropriate. Work with L&D to track and enforce course completion.
Manage and Administer Privacy Compliance Programs, Including Data Retention and Deletion Schedules.
Ensure Our Supply Chain Has Adequate Privacy & Security. Collaborate with other Security Team members and coordinate with our procurement process to ensure that supplier security reviews are completed and approved, and updated as required. Also, obtain and maintain current copies of Data Processing Agreements from all supply vendors that will collect, process or store personal data. Work with our Legal Team to help ensure that the DPAs comply with GDPR and other privacy requirements as applicable.
Subject to collaboration with and approvals by the company’s Legal Department as appropriate.
- At least four (4) years of full-time data privacy compliance experience is preferred, with solid training and progressive increases in responsibilities, preferably in a B2B technology company with UK and EU employees
- Significant experience with data subject access requests, data privacy breach incidents, investigations, and notifications, in collaboration with experienced data privacy counsel
- Law degree not required, but could be a factor if candidate achieved high GPA, especially from top tier law school
- Privacy lawyer experience not required, but could be a factor if candidate has strong references from working on relevant privacy matters at a high quality law firm
- Certified Information Systems Security Professional (CISSP)
- Relativity Certified Administrator and Relativity Certified User (within 1 year after joining)
- To the extent that data privacy is relevant to our products, ability to develop knowledge and proficiency with Relativity’s products
- Good working knowledge of data privacy-related security best practices, including ISO, SOC 2, NIST, etc.
- Strong ability to research, analyze and understand applicable laws, regulations and commentary
- Strong oral presentation and written skills. Must be able to translate complex technical, compliance, and business issues into common language and make sound recommendations
- Strong ability to manage priorities effectively, making good decisions based on priorities and objectives
- Strong analytical ability, organizational skills, and attention to detail
- Intelligence, flexibility, creativity, diligence, and responsiveness
Relativity has over 160,000 users in 40+ countries from organizations including the U.S. Department of Justice, more than 70 Fortune 100 companies, and all of the Am Law 200. Relativity's cloud solution, RelativityOne, offers all the functionality of Relativity in a secure and comprehensive SaaS product. Our company has also been named one of Chicago's Top Workplaces by the Chicago Tribune for seven consecutive years. If you’re ready to grow with us, we’d love to hear from you. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, or national origin, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.