Trabajo | Privacy Counsel, Europe/Global | Madrid

This role will focus on supporting and expanding McKinsey’s global approach to privacy and data risk management. As a member of McKinsey’s global privacy team, you will work closely and collaboratively with other members of the Legal Department and also colleagues across McKinsey, including those in Cybersecurity, Information Technology, Recruiting, Human Resources, Finance, and Client Relationship Management.  You will also actively support McKinsey’s client-facing lines of business, including consulting teams, as one of McKinsey’s privacy subject matter experts.  


McKinsey & Company, Inc. is a global management consulting firm founded in 1926 and deeply committed to helping institutions in the private, public, and social sectors achieve lasting success. With consultants in over 100 cities in over 60 countries, McKinsey serves 90 of the top 100 corporations worldwide. 

The Legal Department provides comprehensive legal and risk management services across the firm in a dynamic and fast-paced environment. 

Descripción del puesto

We are recruiting for a Europe-based Privacy Counsel to support our privacy program in Europe and globally. This position will also be expected to provide privacy and data risk management support to the other regions in which McKinsey operates, and particularly to regions with emerging data protection frameworks (e.g. Eastern Europe, Middle East, Africa). The Privacy Counsel is part of the core Privacy Team embedded in the Firm Data and Assets team within the Legal Department. 

The Privacy Team plays an important and dynamic role within McKinsey, and the work is diverse, interesting, and challenging. Working closely with McKinsey's Global Privacy Officer, European Data Protection Officer, other Privacy Team members, members of the Legal Department, and McKinsey’s leaders and client service teams, you will help shape McKinsey’s global approach to privacy and data risk management, including playing a key role in developing and maintaining McKinsey’s strategic compliance, and governance activities. As a member of the Privacy Team, you will be expected to keep abreast of key developments in privacy law, regulation, technology, and best practices in Europe and other regions, and to provide direction as well as day-to-day operational support for McKinsey’s business activities.   



Specific additional responsibilities will include:

  • Leading or participating in complex and/or cross-functional privacy and data risk management projects for a global firm with a diverse and evolving range of business lines and internal functions
  • Contributing to leadership and guidance to McKinsey in connection with the continued maturation of McKinsey’s privacy program
  • Conducting or providing advice with regard to data protection impact assessments 
  • Developing privacy guidance for McKinsey leadership in connection with important strategic opportunities and liaising and coordinating with other McKinsey colleagues to ensure that privacy and data risk management considerations are appropriately identified and addressed as part of new projects and initiatives
  • Assisting in the creation and review of privacy program governance and operational documentation (e.g., policies, guidelines, templates, and FAQs)
  • Reviewing McKinsey’s privacy program and performance on an ongoing basis to ensure compliance with law and continued maturation in a manner commensurate with business and strategic priorities, applicable law and industry best practices
  • Reviewing and negotiating contractual arrangements with clients, collaborators and vendors, as a resource and escalation point on privacy matters for colleagues across McKinsey
  • Developing privacy risk management resources and participating in training and awareness activities. 



  • Required -- qualification as a lawyer with a minimum of five (5) years of professional experience with one or more of a law firm, in-house legal department, or organization with a privacy and data risk management focus. 


  • Required -- Excellent written and oral communications skills in English 


  • Required – At least two (2) years of practical operational experience in  privacy, preferably with global or multinational experience. 


  • Strong background in information security and technology, including working collaboratively with technical experts in these areas will be considered favourably


  • Other compliance and/or legal experience in areas closely connected to privacy (e.g., technology transactions, cybersecurity, or intellectual property) or in specific regulated industries (e.g., healthcare or banking) will be considered favourably


  • Additional practical, operational experience in data risk management, compliance (including GDPR compliance),cybersecurity, and data governance -- as a lawyer or non-lawyer -- will be taken into consideration. 


  • Privacy and data risk management credentials are preferred (e.g., CIPP-E or equivalent) 


Profile for Success


  • Excellent team player with a keen ability to apply business and risk judgment on tight schedules
  • Excellent interpersonal skills, including clear and effective writing and communication skills
  • Excellent organizational skills, including the ability to handle high volume of work efficiently, recognize priorities, manage time effectively and meet deadlines
  • Ability to work independently with moderate supervision in a decentralized, challenging and fast-paced environment.  
  • Inspiring team player who collaborates effectively within cross-functional and fast-paced team environment and proactively builds collective knowledge and capabilities
  • Pragmatic problem solver who skilfully navigates challenging situations


  • Highly effective communicator who translates complex laws and regulations into actionable advice
  • Trusted advisor who demonstrates impeccable judgment and values and builds strong relationships across the organization