Blackstone is the world’s largest alternative asset manager. We seek to create positive economic impact and long-term value for our investors, the companies we invest in, and the communities in which we work. We do this by using extraordinary people and flexible capital to help companies solve problems. Our $1.1 trillion in assets under management include investment vehicles focused on private equity, real estate, public debt and equity, infrastructure, life sciences, growth equity, opportunistic, non-investment grade credit, real assets and secondary funds, all on a global basis. Further information is available at www.blackstone.com. Follow @blackstone on LinkedIn, Twitter, and Instagram.
The candidate will join the Data Policy and Strategy Office in Blackstone’s Legal & Compliance department to support its cybersecurity, privacy and data protection programs, and to address regulatory and legal issues arising from Blackstone’s processing of personal and confidential data, including data protection, data loss, information access, and incident management. As experienced Privacy, Cybersecurity, & Data Protection Counsel for Blackstone, you will be responsible for providing advice and driving compliance efforts with respect to global privacy, cybersecurity, and data protection laws in all global jurisdictions. You will be a part of a team whose task it is to verify our businesses are in compliance with privacy, cybersecurity, and data protection regulations. You will be a partner to the business, leading initiatives, providing consultative advice, and acting as a point of escalation for privacy and data protection matters. The role will focus on assisting team members across multiple business groups and supporting compliance programs associated with the use of data in the support of its business operations and within its investment portfolio.
Primary job responsibilities include:
Provide guidance on and drive compliance efforts relating to global privacy and data security regulations and standards.
Track and research global regulatory developments relating to new and pending laws that impact Blackstone's privacy, cybersecurity and data protection program; translate that into practical, effective advice; work with business leader to address regulatory changes and lead compliance efforts relating to these laws.
Implement and update privacy, cybersecurity, and data protection related policies, procedures, best practices, and guidelines.
Administer and resolve privacy and data protection questions and issues that arise in business operations and commercial relationships.
Review and negotiate privacy and data protection requirements in contracts and licenses, other submissions and reporting documents, including the review, negotiation and management of Standard Contractual Clauses and Intracompany Data Transfer agreements.
Counsel on information technology development, acquisition and implementation and data architecture to ensure compliance with global privacy and data protection laws such as data localization requirements.
Counsel on regulated and complex uses of personal data including for digital marketing, algorithmic decision making and customer acquisition and retention.
Advise on privacy by design initiatives and privacy governance and strategy decision-making around protecting our investor, employee and other personal and confidential data entrusted to the firm and to Blackstone’s technology partners.
Oversee legal and compliance aspects of insider risk and Red Flag programs.
Counsel on privacy and security incident preparedness and management, including participating in tabletop exercises and any data-related incidents or regulatory inquiries.
Provide legal and compliance support and advice regarding data models, data repositories, transfer and distribution of data products and implementation of automated or algorithmic data processing.
Assist with and support other day-to-day legal and compliance matters and processes associated with the privacy and data protection programs as needed.
Prepare, coordinate, and deliver legal and compliance training regarding privacy, data protection, information risk management and associated activities.
Work collaboratively with intra-team and cross-functional partners, including Blackstone Innovations and Technology and other corporate groups and business units to develop creative solutions to complex challenges related to data privacy, data security and information risk management.
Closely collaborate and align about privacy, cybersecurity, and data protection compliance or related issues with the members of the Data Policy and Strategy Office, Information Security Office, Technology organization, Human Resources, and other relevant (group) functions.
Qualifications:
Blackstone seeks to hire individuals who are highly motivated, intelligent, collaborative and have demonstrated excellence in prior endeavors. The successful candidate should have:
Knowledge of global data privacy regimes including but not limited to U.S. State Privacy laws, HIPPA, GLBA, FCRA, GDPR, PIPA, DORA, PIPL, NYDFS Cyber regulations, Regulation SP privacy and cyber regulations, as well as global legal and regulatory data transfer mechanisms, data localization legal requirements and data de-identification and pseudonymization techniques
Knowledge of incident and breach management laws, regulations and techniques, data loss prevention, insider risk and fraud detection laws and regulations
Understanding of cloud technology, SaaS environments, and legal, regulatory and ethical aspects associated with automated decision-making and machine learning
Ability to work in a dynamic environment related to a growing and global business
Critical attention to detail and analytical skills
Strong drafting and organizational skills
Ability to communicate confidently and effectively
Ability to manage a team and drive strategic priorities, team collaboration and morale
Ability to work independently while remaining a strong team player; and
High initiative, creativity and drive
Minimum of eight (8) years of legal experience in a high-quality law firm or in-house environment, and be an experienced legal professional with a full understanding of privacy, cybersecurity, and data protection legal issues
Minimum of three (3) years of experience within privacy and/or cybersecurity law
J.D and license to practice law in at least one U.S. state.
Strong technical skills, and ability to understand difficult, complex compliance and business problems
The ability to work with colleagues to devise pragmatic and creative solutions
The ability to manage multiple projects simultaneously, including the lead role in a wide variety of matters with both legal and non-legal professionals
Prioritization, perspective and focus on critical tasks that add value
Excellent organizational skills and follow-through
Highly effective oral and written communication
Strong judgment and the ability to engender trust
Excited to work in a dynamic environment where innovating through cutting-edge legal issues is the norm.
The duties and responsibilities described here are not exhaustive and additional assignments, duties, or responsibilities may be required of this position. Assignments, duties, and responsibilities may be changed at any time, with or without notice, by Blackstone in its sole discretion.
Expected annual base salary range:
$200,000 - $250,000Actual base salary within that range will be determined by several components including but not limited to the individual's experience, skills, qualifications and job location. For roles located outside of the US, please disregard the posted salary bands as these roles will follow a separate compensation process based on local market comparables.
Additional compensation: Base salary does not include other forms of compensation or benefits offered in connection with the advertised role.
Blackstone is committed to providing equal employment opportunities to all employees and applicants for employment without regard to race, color, creed, religion, sex, pregnancy, national origin, ancestry, citizenship status, age, marital or partnership status, sexual orientation, gender identity or expression, disability, genetic predisposition, veteran or military status, status as a victim of domestic violence, a sex offense or stalking, or any other class or status in accordance with applicable federal, state and local laws. This policy applies to all terms and conditions of employment, including but not limited to hiring, placement, promotion, termination, transfer, leave of absence, compensation, and training. All Blackstone employees, including but not limited to recruiting personnel and hiring managers, are required to abide by this policy.
If you need a reasonable accommodation to complete your application, please email Human Resources at HR-Recruiting-Americas@Blackstone.com.
Depending on the position, you may be required to obtain certain securities licenses if you are in a client facing role and/or if you are engaged in the following:
Attending client meetings where you are discussing Blackstone products and/or and client questions;
Marketing Blackstone funds to new or existing clients;
Supervising or training securities licensed employees;
Structuring or creating Blackstone funds/products; and
Advising on marketing plans prepared by a sales team or developing and/or contributing information for marketing materials.
Note: The above list is not the exhaustive list of activities requiring securities licenses and there may be roles that require review on a case-by-case basis. Please speak with your Blackstone Recruiting contact with any questions.
To submit your application please complete the form below. Fields marked with a red asterisk * must be completed to be considered for employment (although some can be answered "prefer not to say"). Failure to provide this information may compromise the follow-up of your application. When you have finished click Submit at the bottom of this form.