Assistant General Counsel (Dublin / London)

Kroll Bond Rating Agency Europe Limited/Kroll Bond Rating Agency UK Limited and its affiliates (“KBRA”) are seeking an Assistant General Counsel to join its Legal Department. You will be enthusiastic, highly motivated, have a strong work ethic, and be well-equipped to work closely with other members of the Legal Department on privacy, data protection, and contract-related matters. The position will be based out of our Dublin or London office.

About the Team

The Legal Department handles all of KBRA’s legal matters with the exception of ratings. The Legal Department works with analysts, compliance, finance, technology, and senior management across the company.

As Assistant General Counsel, your responsibilities will primarily focus on privacy and data protection issues as well as contract drafting, reviewing, and negotiation. Specific responsibilities may include:

• Advising on international data privacy and cybersecurity laws/regulations (including GDPR, UK GDPR, ePrivacy Directive, CCPA/CPRA, etc.).
• Assisting in the enhancement, implementation, and ongoing maintenance of privacy, data protection, and cybersecurity policies and practices across KBRA.
• Conducting and advising on privacy impact assessments, legitimate interest assessments and assisting with vendor and third-party due diligence, and issues related to cross-border data transfers.
• Supporting records of processing activities.
• Assisting with incident/ breach response, coordinating with Technology, Information Security, Legal, and Compliance and other internal stakeholders.
• Drafting, reviewing, and negotiating contracts and clauses relevant to privacy, including data processing agreements.
• Drafting, reviewing, and negotiating vendor and service provider contracts, client engagement letters, subscription agreements, and technology/service agreements.
• Providing privacy‐related input into contract review workflows and advise internal teams on risk allocation and compliance.
• Monitoring and tracking developments in privacy, data protection and AI, including enforcement, guidance updates, and standards in Ireland, UK, EU, and other relevant jurisdictions.
• Reviewing and updating privacy notices and policies.
• Keeping up to date with technology trends, including AI, and technology in use at KBRA and how they interact with privacy laws.
• Liaising with external regulators, legal advisors, and auditors as needed.
• Delivering training and awareness programs on privacy and data protection for internal teams.
• Acting as a resource for internal teams with respect to privacy-related and other legal questions.
• Contributing to corporate governance on privacy matters, including preparing board or committee materials where required.
• You will collaborate closely with cross-functional teams (Compliance, Technology, Marketing, Business Development), as well as external counsel and regulators, as needed.

About You

You will be successful in this role if you have:

• A qualifying law degree (or equivalent) and are admitted to practise as a solicitor in Ireland or England & Wales with, or eligible to obtain, a current practising certificate. Exceptionally, highly experienced privacy professionals with significant legal advisory experience may also be considered.
• 4-8 years post-qualification experience, specifically with hands-on exposure to privacy/data protection law.
• Strong experience with drafting, negotiating, and reviewing contracts, especially with privacy-sensitive clauses (DPAs, vendor agreements, client contracts, etc.).
• Demonstrated knowledge of GDPR (EU & UK), cross-border data transfer mechanisms (e.g. Standard Contractual Clauses, Binding Corporate Rules, etc.), ePrivacy laws, vendor/third party risk, and cybersecurity basics.
• Excellent verbal and written communication skills. Ability to explain legal and technical privacy concepts to non-legal stakeholders.
• Strong research, analytical, organisational, and project management skills, with great attention to detail. Able to manage multiple matters/tracks simultaneously under tight deadlines.
• Experience working in regulated environments is an advantage (financial services, tech, data / analytics, etc.).
• IAPP certification (CIPP/E, CIPP/US, CIPM, or equivalent) is a plus.