Position Description & Qualifications
The Associate General Counsel – Government Contracts & Data Protection Officer (DPO) serves as a senior legal advisor responsible for providing strategic legal counsel across U.S., Canadian, and international government contracts, privacy, cybersecurity, and information governance.
This role leads the organization’s legal, regulatory, and operational data protection strategy within a highly regulated government contracting environment, while also advising on the full lifecycle of government contracts. The position functions as the primary subject matter expert on the lawful collection, use, sharing, retention, transfer, and protection of personal data, controlled unclassified information (CUI), export‑controlled data, and other sensitive government or customer information.
The role partners closely with executive leadership, contracts, compliance, IT, cybersecurity, HR, procurement, and program teams to ensure compliance with applicable legal, regulatory, and contractual requirements. This individual may also serve as the formally designated Data Protection Officer and must operate with appropriate independence in monitoring compliance, assessing risk, and elevating concerns to leadership.
In this role, you will:
Government Contracts Legal Advisory
- Provide legal counsel across the full government contracting lifecycle, including capture, proposal, award, performance, and closeout.
- Interpret and apply FAR, DFARS, and Canadian public procurement frameworks (including federal and provincial rules, Crown procurement policies, and agency‑specific requirements), agency supplements, and procurement regulations.
- Advise on contract structure, risk allocation, pricing considerations, and compliance obligations across U.S., Canadian, and international procurements.
- Counsel on prime/subcontractor relationships, teaming agreements, joint ventures, and regulatory compliance requirements.
- Support proposal development through RFP review, risk analysis, and compliance strategy.
Contract Drafting & Negotiation
- Lead drafting, review, and negotiation of government contracts, subcontracts, NDAs, and related agreements.
- Negotiate and advise on key provisions including limitation of liability, indemnification, IP/data rights, termination, and disputes.
- Support negotiation of contract modifications, claims, and equitable adjustments.
- Ensure appropriate flow‑down of regulatory, cybersecurity, and data protection requirements.
Privacy, Data Protection & Legal Advisory
- Provide strategic legal advice on privacy, data protection, cybersecurity, and information governance across operations.
- Interpret and apply global privacy laws (GDPR, UK GDPR, CCPA/CPRA, PIPEDA and Canadian provincial privacy laws, and others).
- Advise on data handling implications of federal contracting requirements (DFARS, CMMC, NIST, Privacy Act).
- Counsel stakeholders on handling PII, PHI, CUI, export‑controlled data, and sensitive government information.
- Advise on cross‑border data transfers, localization, vendor arrangements, and cloud/data hosting models.
- Support negotiation of DPAs, security provisions, breach notification clauses, and subcontractor data requirements.
- Evaluate privacy and data risks in emerging technologies, including AI‑enabled tools, analytics, and digital platforms.
Data Protection Officer & Compliance Oversight
- Lead enterprise privacy and data protection program and governance framework.
- Ensure alignment of policies, controls, and procedures with legal and contractual obligations.
- Maintain data governance structures for classification, access, retention, deletion, and lifecycle management.
- Oversee data inventories, records of processing, and enterprise data mapping.
- Conduct privacy risk assessments, DPIAs, transfer impact assessments, and compliance reviews.
- Serve as an independent escalation point for data protection risks and compliance concerns.
- Embed privacy‑by‑design principles into systems, processes, and business operations.
Government Contracting Compliance (Cyber & Data)
- Advise on compliance with requirements for CUI, FCI, PII, export‑controlled data, and secure system environments.
- Support compliance with DFARS, CMMC, NIST, FedRAMP, Canadian data protection, information handling, and government security requirements, ITAR, and EAR obligations.
- Partner with contracts and procurement teams to integrate cybersecurity and privacy requirements into agreements.
- Advise on program operations involving government‑furnished information, workforce data, and citizen/customer data.
- Support audits, agency requests, and reviews involving privacy, cybersecurity, and data handling.
Claims, Disputes & Regulatory Matters
- Advise on contract disputes, REAs, and claims under the Contract Disputes Act.
- Support bid protests and litigation strategy (e.g., GAO, COFC) and Canadian procurement challenge processes.
- Coordinate with outside counsel on litigation, investigations, and regulatory inquiries.
Incident Response & Investigations
- Provide legal oversight for data incidents, cybersecurity events, and unauthorized disclosures.
- Advise on investigative steps, remediation, preservation, and reporting obligations.
- Determine breach notification and disclosure requirements under law and contract.
- Coordinate with regulators, contracting officers, and internal stakeholders.
- Track incidents, root causes, and corrective actions to strengthen controls.
Regulatory & Stakeholder Engagement
- Serve as primary contact for regulators, supervisory authorities, and agency privacy offices.
- Oversee responses to data subject rights requests, complaints, and inquiries.
- Prepare executive‑level communications, board updates, and risk summaries.
- Advise leadership on risk‑based decisions and compliance remediation strategies.
- Collaborate with compliance, audit, cybersecurity, and enterprise risk teams.
Training & Program Enablement
- Design and deliver privacy and compliance training tailored to government contracting environments.
- Translate legal requirements into operational guidance, SOPs, FAQs, and playbooks.
- Coach business leaders on compliance obligations and risk mitigation.
- Promote a culture of responsible data handling and proactive risk management.
To be successful in this role, you will have:
- Ability to obtain and maintain a DoD Secret security clearance.
- U.S. citizenship required.
- Juris Doctor (JD) from an accredited law school and active bar membership in good standing.
- Minimum 8 years of experience advising U.S. and Canadian government contractors on applicable procurement law (e.g., FAR, DFARS), privacy law, and cybersecurity law.
- Deep knowledge of cybersecurity and privacy laws (e.g., CMMC, FedRAMP, NIST 800‑171/53, GDPR, PIPEDA, CPRA, Privacy Act) and Artificial Intelligence regulatory/legal frameworks.
- Strong working knowledge of trade compliance laws (e.g., Canadian Controlled Goods, ITAR, and EAR).
- Experience negotiating complex contracts, subcontracts, data protection agreements, and security/privacy provisions.
- Proven experience leading privacy programs, risk assessments, audits, and incident response efforts.
- Strong executive communication skills with the ability to deliver clear, business‑oriented advice.
- Ability to operate independently and influence cross‑functional stakeholders.
- Ability to travel up to 10%.
Additional desired experience and skills:
- Privacy certifications (e.g., CIPP/US, CIPP/E, CIPP/C).
- Experience serving as a Data Protection Officer or privacy program leader of a multinational corporation or organization.
- Experience counseling clients through data breach incident response and notification requirements to individuals and regulators.
- Familiarity with HR systems, cloud environments, AI technologies, and vendor risk management.
- Prior in‑house company legal experience.
- Active or prior security clearance (or eligibility).
Core Competencies
- Government contracts law and compliance.
- Privacy and data protection law.
- Cybersecurity legal risk management.
- Contract drafting and negotiation.
- Data governance and lifecycle management.
- Incident response and breach management.
- Regulatory interpretation and enforcement trends.
- Executive advisory and stakeholder influence.
- Policy development and operationalization.
- Audit support and risk remediation.
- Training and organizational enablement.
Pay Transparency
Our Total Rewards package includes competitive pay, performance‑based incentives, and benefits that promote well‑being and work‑life balance—so you can thrive both professionally and personally. Eligible employees also gain access to a wide range of benefits from comprehensive health coverage and health savings accounts to retirement plans, life and disability insurance, and time‑off programs that support work‑life balance. Program availability may vary based on factors such as contract type, location, hire date, and applicable collective bargaining agreements.
Benefits
- Medical, dental, and vision insurance.
- Robust vacation and sick leave benefits, and flexibl