Milbank LLP

Role Description The Data Security Specialist is responsible for protecting the confidentiality, integrity, and availability of the firm’s data assets across cloud and on-premises environments. This role designs, implements, and maintains controls that safeguard sensitive client, legal, and corporate information against unauthorized access, loss, and exfiltration — including emerging risks from generative AI and large language model (LLM) usage. Responsibilities - Data Protection & Governance - Design and operate data loss prevention (DLP) policies across email, endpoints, and cloud services (Microsoft Purview, M365, Azure). - Implement and tune data classification, labeling, and encryption frameworks aligned with firm policy and regulatory requirements. - Manage rights management (IRM/MIP), tokenization, and key management solutions. - Design and enforce AI data leakage prevention controls governing how sensitive data is used with Microsoft 365 Copilot, ChatGPT Enterprise, and other GenAI/LLM tools. - Monitor prompt and response, enforce sensitivity-label, and block unsanctioned AI services. - Monitoring & Incident Response - Investigate data security incidents, perform root-cause analysis, lead containment and remediation. - Monitor SIEM, CASB, and DLP alerts; triage events and escalate per the incident response plan. - Partner with the SOC and forensics teams on insider threat and exfiltration investigations. - Detect and respond to AI-related data exposure events, including sensitive data submitted to public LLMs, prompt injection, and shadow AI usage. - Risk & Compliance - Support compliance with GDPR, CCPA, NYDFS Part 500, SOC 2, and client security obligations. - Conduct data risk assessments for new applications, vendors, and AI/LLM use cases. - Maintain evidence and artifacts for internal and external audits. - Contribute to the firm’s AI governance program, aligning controls with frameworks such as NIST AI RMF and ISO/IEC 42001. - Engineering & Automation - Develop scripts and automations (PowerShell, Python, KQL) to scale data security operations. - Integrate data security controls into CI/CD, SaaS onboarding, and identity workflows. - Maintain documentation, runbooks, and control mappings. Compensation The anticipated base salary range offered for this role will be between $140,000 to 160,000 and represents the firm’s good faith and reasonable estimate of the range of possible base compensation. Actual base compensation will be dependent upon several factors, including but not limited to the candidate’s relevant experience, performance, qualifications, degrees, and location, as well as the needs of the firm. Qualifications - Bachelor’s degree in computer science, Information Security, or related field (equivalent experience accepted). - 4+ years in information security with at least 2 years focused on data protection, DLP, or data governance. - In-depth, hands-on experience with a range of enterprise DLP and rights management platforms, with deep expertise in the Microsoft M365 stack. - Experience tuning policies, authoring custom sensitive information types (SITs), trainable classifiers, and integrating Purview with Defender for Cloud Apps (MCAS) is required. - Experience with Microsoft Purview Insider Risk Management, Communication Compliance, eDiscovery (Premium), and Data Lifecycle Management. - Demonstrated experience with AI data leakage prevention — protecting sensitive data from exposure to generative AI and LLM services. - Working knowledge of third-party DLP/IRM tools (e.g., Symantec/Broadcom DLP, Forcepoint, Netskope, Zscaler, Digital Guardian) and how they complement or integrate with M365 controls. - Hands-on experience with at least one major cloud (Azure, AWS, or GCP). - Working knowledge of encryption standards, PKI, IAM, and Zero Trust principles. - Familiarity with regulatory frameworks: GDPR, CCPA, HIPAA, NYDFS, SOC 2, ISO 27001. - Strong analytical, written, and verbal communication skills. Preferred Qualifications - Industry certifications: SC-400 (Microsoft Information Protection Administrator), CISSP, CIPP, CCSP, AZ-500, or GIAC equivalents. - Experience in a law firm, financial services, or other highly regulated environment. - Scripting/automation proficiency (PowerShell, Python, KQL).

Overview Milbank LLP is seeking a dynamic and motivated individual for the newly established role of Lateral Conflicts Attorney, supporting the Firm globally. The Lateral Conflicts Attorney will be a member of the Firm’s Office of General Counsel and Conflicts Team working to support the Firm’s critical risk management function primarily responsible for the onboarding of new Firm personnel and the lateral conflicts clearance process. This is an exciting opportunity to hold a role on a new and growing team. We will consider a fully remote work schedule with flexibility to visit the office as required for training and team meetings. Responsibilities - Overseeing the lateral conflicts clearance process and providing guidance to new hires on conflicts resolution. - Review complex conflict reports to identify and resolve potential legal and business-related conflict issues, and provide detailed analysis and advice to partners, and collaborate with partners to resolve conflicts. - Proactively engaging in discussions with Firm attorneys and prospective hires in order to gather information and work to resolve conflicts of interest. - Liaising with Human Resources team members in connection to the onboarding of new Firm hires. - Document or audit steps taken to resolve any actual or potential conflicts and store supporting documentation appropriately. - Assist with clearance of new clients and matters as needed. Including, drafting of a Summary Conflicts Report -- to be provided to the relevant partner -- identifying (i) the specific conflict and the parties involved, (ii) the nature of such conflict and (iii) the proposed resolution thereof (e.g., waivers required, information wall, etc.). - Procure, review and draft conflict waivers and work closely with partners to obtain the waivers, as necessary. - Implementing and monitoring ethical screens/information walls via the Intapp Walls program. - Provide guidance to the conflicts analysts in support of the lateral and new business intake process, including best practices, corporate family tree research, matter maintenance, conflict report preparation, and other related research and analysis. - Run conflict searches and conduct family tree and other corporate research, when necessary. - Research appropriate conflict and ethical rules. - Monitor changes in ethics rules, opinions, and case law regarding conflicts of interest. - Be available for urgent matters and periodic on-call rotation, occasional evening hours, weekends, and certain holidays as needed. - All other duties as assigned. Compensation: -The anticipated base salary range offered for this role will be between $185,000 to $220,000 and represents the firm’s good faith and reasonable estimate of the range of possible base compensation. Actual base compensation will be dependent upon several factors, including but not limited to the candidate’s relevant experience, performance, qualifications, degrees, and location, well as the needs of the firm. Qualifications - Comprehensive working knowledge of ethical, legal and risk management rules, including the American Bar Association’s Model Rules of Professional Conduct and rules governing professional conduct of lawyers in the United Kingdom, Germany, and Asia is preferred. - 4 years of conflicts-analysis experience preferred; a plus if in a multi-office, large international law firm. - Strong research, analytical and problem-solving skills. - Ability to work effectively and provide quality work product with minimal supervision in a fast-paced environment of multiple projects and shifting priorities. - Excellent interpersonal and communication skills, including the ability to communicate effectively with Partners and members of the Office of the General Counsel about conflicts issues. - Ability to provide outstanding customer service and interact collegially with all attorneys, staff and clients. - Familiarity with the Intapp Conflicts System and Intapp Walls a plus. Education - Juris Doctor degree and active law license (NY, DC, or CA) in good standing is required.