Ropes & Gray is a preeminent, global law firm. The firm has been ranked in the top-three on The American Lawyer's prestigious "A-List" for seven years and is ranked #1 on Law.com International's "A-List" in the U.K.—rankings that honor the "Best of the Best" firms.

The firm has approximately 2,500 lawyers and professionals serving clients in major centers of business, finance, technology, and government in Boston, Chicago, Dublin, Hong Kong, London, Los Angeles, New York, San Francisco, Seoul, Shanghai, Silicon Valley, Singapore, Tokyo and Washington, D.C.

The firm has consistently been recognized for its leading practices in many areas, including asset management, private equity, M&A, finance, real estate, tax, antitrust, life sciences, health care, intellectual property, litigation & enforcement, privacy & cybersecurity, and business restructuring.

Ropes & Gray is an equal opportunity employer.

The Senior Information Governance Compliance Analyst has a specialized focus and expertise in IG risk and compliance issues. The Senior IG Compliance Analyst has an understanding of global regulatory laws with which the firm must comply. The Senior IG Compliance Analyst develops procedures, policies, and programs to promote, monitor, maintain, and train on compliance with laws, local guidance, and firm policies. The Senior IG Compliance Analyst will provide guidance on how evolving technologies are used, including AI tools, and how data is stored or used. The Senior IG Compliance Analyst combines technical skills with strong analytical, customer service and communication skills.

1. Analyze current IG risk and compliance processes, procedures and technologies and identify gaps or areas of improvement. Recommend and execute plans to close gaps. Recommend enhancements/ improvements to existing policies. Conduct routine audits to ensure compliance with processes and procedures.
2. Stay informed of new regulatory guidance and laws in all countries in which the firm has offices. Consult with colleagues in other offices to understand the privacy and regulatory landscapes. Draft communications to inform stakeholders at the firm.
3. Respond to client audits, in collaboration with the Information Security Risk & Compliance team. Respond to Outside Counsel Guideline requests, with Information Security and the IG Disposition Specialist.
4. Review and provide guidance on new software and services, in collaboration with Information Security. Provide guidance as a member of the IT Architectural Review Board on implementation of new tools.
5. Provide guidance on the classification of data, especially relating to network shares.
6. Identify where Know Your Client (KYC) data is stored at the firm. Develop and maintain a process to audit for KYC data on a recurring basis, determining when retention has been met based on regulations, and the process for purging the data.
7. Advise on best practices and requirements for storing files containing Protected Health Information and Personally Identifiable information. Improve processes for monitoring compliance with PHI and PII document storage in the DMS and other approved firm repositories. Develop and maintain user facing documentation and materials regarding storage procedures. Participate in presentation development and facilitation for PHI and PII best practices training. Perform routine audits to ensure sensitive data is not retained longer than needed.
8. Coordinate with paralegals and attorneys to obtain and execute Business Associate Agreements and Sub-Business Associate Agreements. Maintain the firm’s BAA and sub-BAA libraries. Coordinate with IG team members when a PHI document storage request requires a BAA on file. Perform routine audits to ensure BAAs are in place where needed.
9. Assist with matter mobility, file transfer reviews, attorney departures, and personal document reviews as needed.
10. Review requests from users and clients to use removable media and cloud-based storage or collaboration services, such as Box.com. Respond to other ticket as needed.

• Bachelor's degree required. Degree in a relevant field strongly preferred.
• 5-7 years of law firm experience required, preferably in Information Governance, Compliance, and/or Risk Management.
• Experience with security & privacy standards and regulations such as GDPR or HIPAA required.
• Experience with iManage Work and associated support tools strongly preferred.
• Excellent Excel, Word and Outlook skills required. Strong PowerPoint skills preferred.
• Experience with Microsoft E5 Compliance, Information Protection, and Purview strongly preferred.
• Experience with cloud software services and generative AI strongly preferred, including Box.com.
• Strong business analysis, troubleshooting, problem solving, quality assurance and project management skills.
• Exceptional attention to detail required.
• Ability to work with a variety of people at all levels within the organization.
• Clear and precise communication skills.
• Demonstrated ability to manage competing projects, individually and as part of a team, while prioritizing work based on the needs of the department, user needs, and ticket due dates.

Ropes & Gray is proud to offer a comprehensive Total Rewards package to our business support team members. The firm also offers comprehensive health and well-being benefits, personal and professional development, career growth opportunities and a collegial and supportive culture. The anticipated pay range for this role is listed below which represents our good faith and reasonable estimate of the starting salary range at the time of posting. In addition, this role is eligible for a discretionary bonus based on performance. The actual offered rate for this position will be determined based on job-related, non-discriminatory factors, including qualifications and experience, geographic location, education, external market data and consideration of internal equity.  

Boston, Chicago, & Washington, D.C.: $86,500 - $131,000 

New York & Los Angeles: $91,000 - $137,000 

San Francisco & Silicon Valley: $95,000 - $144,000 

This position requires hybrid on-site presence as an essential function of the role. Consistent and predictable on-site presence is required for ongoing business continuity, professional development and effective collaboration with colleagues and management.