Mayer Brown

Risk Management Lawyer (Data Privacy & Information Security)

Job Post Information* : Posted Date 3 months ago(11/23/2022 3:52 AM)
# of Positions
Pos. Category
Legal Risk Management
Office Location
Hong Kong - Central
Pos. Type
Regular Full Time


Mayer Brown is a leading global law firm with offices in 26 key business centres across the Americas, Asia, Europe and the Middle East. With approximately 200 lawyers in each of the world’s three largest financial centres — New York, London and Hong Kong — we are uniquely positioned to advise leading companies and financial institutions on their most complex legal needs. We have deep experience in high-stakes litigation and complex transactions across industry sectors, including our signature strength, the global financial services industry.


We are a collegial, collaborative and diverse firm where highly motivated individuals with an unwavering commitment to excellence receive the opportunity, support and development they need to grow, thrive and realise their greatest potential. We also encourage all our people to use their skills to support the wider community through our pro bono and community volunteering programmes. At Mayer Brown the principles of mutual respect, dignity and understanding are central to the way we work and help to provide an environment where diversity and inclusion are embraced.


The role in outline is to provide legal advice and support from within the Asia Legal Risk Management team to Mayer Brown in the areas of IT, information security, data privacy and information governance.

The LRM team provides advice to Mayer Brown globally on risk management, claims, professional conduct, conflicts and compliance.

  • Work together with the Deputy General Counsel – Asia and Head of Data Privacy, to advise the on Asian and global IT, information security, data privacy and information governance compliance matters;
  • Ensure the Firm's IT efforts comply with rules of professional conduct, in particular with the Firm's IT Innovation team;
  • Act as an active member of the global Technology Task Force and other forums in which IT, information security, data privacy and information governance advice is required.
  • Work in a team to design and implement Asian IT, data privacy, information security and information governance compliance programmes;
  • Advise on IT and data privacy clauses in agreements with Firm clients and suppliers and with client audit questionnaires;
  • Advise on requirements and boundaries regarding collection, storage and sharing of Firm, client, and employee information;
  • Draft and maintain appropriate Firm policies and guidance and updates as appropriate regarding IT, information security, data privacy and information governance;
  • Monitor Privacy Team mailbox for Asian-related incidents and incoming emails and escalates/actions items, as appropriate, according to policies and regions;
  • Action/supervises data subject requests for Asia, liaises with regional Data Privacy Contacts for non-Asian data subject requests;
  • Work with other Firm IT and Privacy Lawyers and Paralegals with input from IT, Business Support and Procurement to maintain data mapping and risk assessments;
  • Advise on data related activities and global/Asian projects to ensure compliance with Asian data privacy laws;
  • Advise on consent and information requirements for Firm marketing communications, privacy notices, websites and apps;
  • Provide guidance and training on Asian data privacy issues to the Firm, including Legal Risk Management, as appropriate;
  • Horizon scan for new legal developments, guidance and best practice in legal and compliance areas related to IT, information security, data privacy and information governance; and
  • Provide other ad hoc IT, information security, data privacy and information governance advice as required according to the needs of the business.

Qualifications / Person Specification

  • Qualified lawyer with a knowledge of/ interest in IT, data privacy, information security and information governance legal and professional conduct regimes of Hong Kong, mainland China Singapore, Japan and Vietnam.
  • A CIPP/A qualification or similar would be beneficial.
  • Willingness to learn about unfamiliar IT and data privacy regimes, liaise with fee-earners in those jurisdictions and instruct outside counsel where appropriate.
  • A team player who can also work independently.
  • Excellent command of spoken and written English and Chinese (Cantonese and Mandarin).


Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed