General Counsel

The General Counsel role requires a visionary leader with sound knowledge of business management and a working knowledge of information privacy practices. Will proactively work with state business units to implement practices that meet defined policies and standards for information privacy. Will also serve as the primary legal counsel for OITS. The General Counsel will regularly review contracts, review policies and regulations, as well as serve as the legal advisor to agency leadership.

The General Counsel will eventually be responsible for establishing and maintaining an enterprise-wide information privacy management program to ensure that Kansas information assets are adequately protected under the guidance of the Chief Information Technology Officer. Will be responsible for identifying, evaluating and reporting on information privacy risks in a manner that meets compliance and regulatory requirements.

Key Responsibilities:

Serve as the internal advisor to the CITO and CISO to interpret privacy-policy-related questions.

Serve as legal counsel to the agency

Perform legal review of contracts, MOU/MOA, and statements of work

Participate in contract negotiations

Provide cyber incident response legal counsel

Provide legal review of agency policies and regulations

Perform related duties and fulfill responsibilities as required

Maintain, develop, and implement the State s information privacy program and facilitate the development of agency level privacy programs

Assure that the use of technologies sustains, and do not erode, privacy protections relating to the use, collection, and disclosure of personal information.

Provide direction and oversight in the development and maintenance of State information privacy policies, standards, and guidelines.

Work directly with State agencies to facilitate privacy impact assessments and work with stakeholders throughout the enterprise on identifying privacy risk.

Work with procurement to ensure that third-party suppliers' contracts and operating-level agreements meet privacy and cybersecurity requirements.

Support the creation of an inventory that documents how and why the State collects, shares and uses personal data.

Conduct or oversee privacy awareness campaigns, training and orientation for all employees.

Provide regular reporting on the current status of the information privacy programs to senior business leaders and agency executives as part of a strategic enterprise risk management program.

Provide strategic privacy guidance for IT projects, including the evaluation and recommendation of technical controls.

Ensure that privacy programs are in compliance with relevant laws, regulations and policies to minimize or eliminate risk and audit findings.

Required Skills:

Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences.

Must be a critical thinker, with strong problem-solving skills

Exhibit excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives.

Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals.

Minimum Qualifications:

An advanced degree in law (J.D.)

5 to 10 years of legal experience in government, law firms or multinational corporations

Registered to practice law in the State of Kansas

Preferred Qualifications:

5 to 10 years of experience in privacy, data protection, security, risk management, auditing and/or compliance

3 to 5 years focused on privacy

Experience with information technology and cybersecurity related law to include advising clients during cybersecurity incidents

Professional privacy certification, such as a Certified Information Privacy Professional (CIPP), Certified Information Privacy Management (CIPM), Certified Information Privacy Technologist (CIPT) or other similar credentials

CISSP or similar cybersecurity certification

Necessary Special Requirements: Ability to obtain and retain an OITS Security and KCJIS clearances are requirement of employment and continued employment.

Disclaimer: Due to security requirements related to system access, the following will result in disqualification for this position: Felony Convictions, Felony Deferred Adjudication, Class A Misdemeanor Deferred Adjudication, Class B Misdemeanor Convictions less than 10 years, an Open Arrest for Any Criminal Offense (Felony or Misdemeanor).