Associate General Counsel - Government Contracts & Data Protecti

Position Description & Qualifications

The Associate General Counsel - Government Contracts & Data Protection Officer (DPO) serves as a senior legal advisor responsible for providing strategic legal counsel across U.S., Canadian, and international government contracts, privacy, cybersecurity, and information governance.

This role leads the organization's legal, regulatory, and operational data protection strategy within a highly regulated government contracting environment, while also advising on the full lifecycle of government contracts. The position functions as the primary subject matter expert on the lawful collection, use, sharing, retention, transfer, and protection of personal data, controlled unclassified information (CUI), export-controlled data, and other sensitive government or customer information.

The role partners closely with executive leadership, contracts, compliance, IT, cybersecurity, HR, procurement, and program teams to ensure compliance with applicable legal, regulatory, and contractual requirements. This individual may also serve as the formally designated Data Protection Officer and must operate with appropriate independence in monitoring compliance, assessing risk, and elevating concerns to leadership.

In this role, you will:

Government Contracts Legal Advisory

• Provide legal counsel across the full government contracting lifecycle, including capture, proposal, award, performance, and closeout
• Interpret and apply FAR, DFARS, and Canadian public procurement frameworks (including federal and provincial rules, Crown procurement policies, and agency-specific requirements), agency supplements, and procurement regulations
• Advise on contract structure, risk allocation, pricing considerations, and compliance obligations across U.S., Canadian, and international procurements
• Counsel on prime/subcontractor relationships, teaming agreements, joint ventures, and regulatory compliance requirements
• Support proposal development through RFP review, risk analysis, and compliance strategy

Contract Drafting & Negotiation

• Lead drafting, review, and negotiation of government contracts, subcontracts, NDAs, and related agreements
• Negotiate and advise on key provisions including limitation of liability, indemnification, IP/data rights, termination, and disputes
• Support negotiation of contract modifications, claims, and equitable adjustments
• Ensure appropriate flow-down of regulatory, cybersecurity, and data protection requirements

Privacy, Data Protection & Legal Advisory

• Provide strategic legal advice on privacy, data protection, cybersecurity, and information governance across operations
• Interpret and apply global privacy laws (GDPR, UK GDPR, CCPA/CPRA, PIPEDA and Canadian provincial privacy laws, and others)
• Advise on data handling implications of federal contracting requirements (DFARS, CMMC, NIST, Privacy Act)
• Counsel stakeholders on handling PII, PHI, CUI, export-controlled data, and sensitive government information
• Advise on cross-border data transfers, localization, vendor arrangements, and cloud/data hosting models
• Support negotiation of DPAs, security provisions, breach notification clauses, and subcontractor data requirements
• Evaluate privacy and data risks in emerging technologies, including AI-enabled tools, analytics, and digital platforms

Data Protection Officer & Compliance Oversight

• Lead enterprise privacy and data protection program and governance framework
• Ensure alignment of policies, controls, and procedures with legal and contractual obligations
• Maintain data governance structures for classification, access, retention, deletion, and lifecycle management
• Oversee data inventories, records of processing, and enterprise data mapping
• Conduct privacy risk assessments, DPIAs, transfer impact assessments, and compliance reviews
• Serve as an independent escalation point for data protection risks and compliance concerns
• Embed privacy-by-design principles into systems, processes, and business operations

Government Contracting Compliance (Cyber & Data)

• Advise on compliance with requirements for CUI, FCI, PII, export-controlled data, and secure system environments
• Support compliance with DFARS, CMMC, NIST, FedRAMP, Canadian data protection, information handling, and government security requirements, ITAR, and EAR obligations
• Partner with contracts and procurement teams to integrate cybersecurity and privacy requirements into agreements
• Advise on program operations involving government-furnished information, workforce data, and citizen/customer data
• Support audits, agency requests, and reviews involving privacy, cybersecurity, and data handling

Claims, Disputes & Regulatory Matters

• Advise on contract disputes, REAs, and claims under the Contract Disputes Act
• Support bid protests and litigation strategy (e.g., GAO, COFC) and Canadian procurement challenge processes
• Coordinate with outside counsel on litigation, investigations, and regulatory inquiries

Incident Response & Investigations

• Provide legal oversight for data incidents, cybersecurity events, and unauthorized disclosures
• Advise on investigative steps, remediation, preservation, and reporting obligations
• Determine breach notification and disclosure requirements under law and contract
• Coordinate with regulators, contracting officers, and internal stakeholders
• Track incidents, root causes, and corrective actions to strengthen controls

Regulatory & Stakeholder Engagement

• Serve as primary contact for regulators, supervisory authorities, and agency privacy offices
• Oversee responses to data subject rights requests, complaints, and inquiries
• Prepare executive-level communications, board updates, and risk summaries
• Advise leadership on risk-based decisions and compliance remediation strategies
• Collaborate with compliance, audit, cybersecurity, and enterprise risk teams

Training & Program Enablement

• Design and deliver privacy and compliance training tailored to government contracting environments
• Translate legal requirements into operational guidance, SOPs, FAQs, and playbooks
• Coach business leaders on compliance obligations and risk mitigation
• Promote a culture of responsible data handling and proactive risk management

To be successful in this role, you will have:

• Ability to obtain and maintain a DoD Secret security clearance
  • U.S Citizenship required
• Juris Doctor (JD) from an accredited law school and active bar membership in good standing
• Minimum 8 years of experience advising U.S. and Canadian government contractors on applicable procurement law (e.g., Federal Acquisition Regulations (FAR), Defense FAR), privacy law, and cybersecurity law
• Deep knowledge of cybersecurity and privacy laws (e.g., CMMC, FedRAMP, NIST 800-171/53, GDPR, PIPEDA, CPRA, Privacy Act) and Artificial Intelligence regulatory/legal frameworks
• Strong working knowledge of trade compliance laws (e.g., Canadian Controlled Goods, ITAR, and EAR)
• Experience negotiating complex contracts, subcontracts, data protection agreements, and security/privacy provisions
• Proven experience leading privacy programs, risk assessments, audits, and incident response efforts
• Strong executive communication skills with the ability to deliver clear, business-oriented advice
• Ability to operate independently and influence cross-functional stakeholders
• Ability to travel up to 10%

Additional desired experience and skills:

• Privacy certifications (e.g., CIPP/US, CIPP/E, CIPP/C)
• Experience serving as a Data Protection Officer or privacy program leader of a multinational corporation or organization
• Experience counseling clients through data breach incident response and notification requirements to individuals and regulators
• Familiarity with HR systems, cloud environments, AI technologies, and vendor risk management
• Prior in -house company legal experience
• Active or prior security clearance (or eligibility)

Core Competencies

• Government contracts law and compliance
• Privacy and data protection law
• Cybersecurity legal risk management
• Contract drafting and negotiation
• Data governance and lifecycle management
• Incident response and breach management
• Regulatory interpretation and enforcement trends
• Executive advisory and stakeholder influence
• Policy development and operationalization
• Audit support and risk remediation
• Training and organizational enablement

Company Overview

Serco Inc. (Serco) is the Americas division of Serco Group, plc. In North America, Serco's 9,000+ employees strive to make an impact every day across 100+ sites in the areas of Defense, Citizen Services, and Transportation. We help our clients deliver vital services more efficiently while increasing the satisfaction of their end customers. Serco serves every branch of the U.S. military, numerous U.S. Federal civilian agencies, the Intelligence Community, the Canadian government, state, provincial and local governments, and commercial clients. While your place may look a little different depending on your role, we know you will find yours here. Wherever you work and whatever you do, we invite you to discover your place in our world. Serco is a place you can count on and where you can make an impact because every contribution matters.

To review Serco benefits please visit: https://careers.serco-na.com/us/en/what-we-offer . If you require an accommodation with the application process please email: careers@serco-na.com or call the HR Service Desk at 800-628-6458, option 1. Please note, due to EEOC/OFCCP compliance, Serco is unable to accept resumes by email.

Candidates may be asked to present proof of identify during the selection process. If requested, this will require presentation of a government-issued I.D. (with photo) with name and address that match the information entered on the application. Serco will not take possession of or retain/store the information provided as proof of identity. For more information on how Serco uses your information, please see our Applicant Privacy Policy and Notice.

Serco does not accept unsolicited resumes through or from search firms or staffing agencies without being a contracted approved vendor. All unsolicited resumes will be considered the property of Serco and will not be obligated to pay a placement or contract fee. If you are interested in becoming an approved vendor at Serco, please email Agencies@serco-na.com .

Serco is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, and other legally protected characteristics.

Pay Transparency

Our Total Rewards package includes competitive pay, performance-based incentives, and benefits that promote well-being and work-life balance-so you can thrive both professionally and personally. Eligible employees also gain access to a wide range of benefits from comprehensive health coverage and health savings accounts to retirement plans, life and disability insurance, and time-off programs that support work-life balance. Program availability may vary based on factors such as contract type, location, hire date, and applicable collective bargaining agreements.

Salary range: The range for this position can be found at the top of this posting. This range is provided as a general guideline and represents a good faith estimate across all experience levels. Actual base salary will be determined by a variety of factors, including but not limited to, the scope of the role, relevant experience, job-related knowledge, education and training, key skills, and geographic market considerations. For roles available in multiple states, the range may vary to reflect differences in local labor markets. In addition to base salary, eligible positions may include other forms of compensation such as annual bonuses or long-term incentive opportunities. Benefits - Comprehensible benefits for full-time employees (part-time employees receive a limited package tailored to their role):

• Medical, dental, and vision insurance
• Robust vacation and sick leave benefits, and flexible work arrangements where permitted by role or contract
• 401(k) plan that includes employer matching funds
• Tuition reimbursement program
• Life insurance and disability coverage
• Optional coverages that can be purchased, including pet insurance, home and auto insurance, additional life and accident insurance, critical illness insurance, group legal, ID theft protection
• Birth, adoption, parental leave benefits
• Employee Assistance Plan

To review all Serco benefits please visit: https://careers.serco-na.com/us/en/about-us .

Serco complies with all applicable state and local leave laws, including providing time off under the Colorado Healthy Families and Workplaces Act for eligible Colorado residents, in alignment with our policies and benefit plans. The application window for this position is for no more than 60 days. We encourage candidates to apply promptly after the posting date, as the position may close earlier if filled or if the application volume exceeds expectations. Please submit applications exclusively through Serco's external (or internal) career site. If an applicant has any concerns with job posting compliance, please send an email to: careers@serco-na.com .