Be on Alert – Fraudulent Employment Offers. Learn More

Fairfax, Virginia, United States of America
JOB #R2202258

U.S. Privacy Counsel

This role may be performed remotely with periodic travel to the Company’s headquarters in Northern Virginia, as determined by business need.

About ICF International

ICF International, Inc. (ICF or the Company) is a global consultancy that supports private and public sector clients across a broad range of government and commercial business lines.  Many of the Company’s business units are engaged in activities that include, for example, communications, marketing, research initiatives, behavioral analytics and insights, real-time and predictive analytics.  Our Company is founded on a culture of building close working relationships with our clients and among our teams. While we continue to grow and scope, we have gone to great lengths to maintain a culture of collaboration, inclusivity and mutual respect. This is something of which we are proud.

The services that we provide to our public sector and commercial customers sometimes involve the collection and processing of personal data, and we take our responsibility to protect such data seriously.

Position summary

The US Privacy Counsel will be expected to support the Company’s Data Protection Officer and be an effective and collaborative member of the Data Protection Team with a further reporting relationship to the ICF General Counsel, providing US data protection and e-privacy advice to ICF’s business units in relation to, compliance with, state, federal and contractual obligations. 

The US Privacy Counsel will also be required to enable, support, and actively contribute to ICF’s data protection and privacy compliance program.  In this regard, the US Privacy Counsel will act as an advisor in relation to existing and emerging US and Canadian regulation (at both the national and state and provincial levels), in relation to ICF activities that entail the processing of personal data in the context of providing services to clients.   

Knowledge of US public health regulations and data protection legislation in other regions is preferred, resulting in the ability to support ICF activities more widely.

The US Privacy Counsel will be the US representative of the Data Protection Team and will be expected to have the necessary experience to manage their own workload, support the DPO, make strategic decisions based on the Company’s global data privacy framework and actively engage with the business and its clients.  They will need to be easily accessible to both North American based employees of the Company and the EU based Data Protection team.


Support the implementation and maintenance of the ICF data privacy program

  • Provide support for the ICF DPO in the implementation of the Data Privacy Program for North America.

  • Provide legal advice across all Operating Groups on data protection and privacy laws, compliance, and best practice.

  • Support the development and maintenance of data protection policies and guidance.

  • Monitor and assess effectiveness of internal data protection policies and procedures (including assisting in data subject requests, personal data breaches and vendors management), and recommending amendments as applicable.

  • Liaise with Information Security to ensure that appropriate security measures/controls are implemented.

  • Manage privacy and security assessments, including those required by ICF clients and those involving suppliers and other business partners of ICF

  • Prepare, adapt and negotiate data protection contractual clauses and processes in relation to client relationships and third-party vendor agreements, as well as sub-processor agreements, ensuring ICF has appropriate language in place when acting as a data controller and/or data processor.

  • Engage as appropriate with key business stakeholders such as Executive Leadership, Division Leads, Line of business, Legal, IT, Digital, Marketing, HR etc. 

  • Provide updates and guidance to the business on the impact of new and changing laws.

  • Build a Data Privacy Network of Data Privacy Champions from across business divisions.

  • Collate and provide management information on key ICF data protection practices.

Monitor Company wide data privacy compliance practices

  • Provide operational guidance to the business on privacy and data protection laws, compliance, and best practice, including in relation to data sharing, data transfers, privacy by design, data breaches, data subject rights, and marketing.  This includes providing advice on privacy matters to Institutional Review Boards managed for US federal and other projects within the business.

  • Monitor documentation of processing activities (including addition into the Register of Processing Activities).

  • Support ICF’s DPO in communications with local Data Protection Authorities.

  • Review and assess local projects for data protection risk and make appropriate and pragmatic recommendations to ensure data privacy compliance (including supporting on data protection impact assessments, legitimate impact assessments and transfer assessments).

  • Support ICF’s DPO in the handling and coordination of potential data security incidents.

  • Respond to and monitor requests received from data subjects to ensure requests are handled adequately and in a timely manner (including reviewing and updating existing processes).

Raise and maintain internal awareness

  • Assist in the planning and delivery of company-wide training programs across all levels and business areas.

  • Initiate regular internal communications to ensure ongoing privacy awareness.

  • Keep up to date with proposed and actual changes in Data Protection Laws or guidance, and update teams as appropriate.

  • Train internal client groups to promote awareness of privacy and data protection and importance of adherence to sound privacy practices for the organization.

Required Skills:

  • Demonstrated knowledge of U.S. and Canadian Data Protection laws (CCPA, HIPAA, COPPA, PIPEDA), regulations and practices.

  • Working knowledge of Global Data Protection Regulations (GDPR) and related requirements

  • Operational experience advising on privacy and data protection in a fast-paced, in-house environment, preferably within Digital/technology/FMCG environment.

  • Confidence and experience to counsel internal clients and make complex decisions at pace, work with autonomy and ability to facilitate and contribute to collaborative decision-making processes and work effectively on cross-functional teams.

  • Good understanding of IT and Digital challenges

  • Strong project management skills

  • Solid communication skills

  • Ability to influence key stakeholders and manage relationships

  • Build strong networks with, and gain the trust of, colleagues across local and global business by bringing a confident and solutions-focused mindset


  • Juris Doctor degree from an accredited law school of recognized standing and candidate must be admitted to practice law on behalf of ICF in an appropriate jurisdiction in the U.S.

  • A minimum of 3 years legal experience managing privacy requirements, with a mixture of law firm and in-house experience preferred but not required.

  • CIPP or similar certification preferred.

Working at ICF

Working at ICF means applying a passion for meaningful work with intellectual rigor to help solve the leading issues of our day. Smart, compassionate, innovative, committed, ICF employees tackle unprecedented challenges to benefit people, businesses, and governments around the globe. We believe in collaboration, mutual respect, open communication, and opportunity for growth.

We can only solve the world's toughest challenges by building an inclusive workplace that allows everyone to thrive. We are an equal opportunity employer, committed to hiring regardless of any protected characteristic, such as race, ethnicity, national origin, color, sex, gender identity/expression, sexual orientation, religion, age, disability status, or military/veteran status. Together, our employees are empowered to share their expertise and collaborate with others to achieve personal and professional goals. For more information, please read our EEO & AA policy.

COVID-19 Policy: New or prospective U.S. employees must provide proof of complete vaccination on the date of their commencement of employment. If selected for employment, you will provide proof of your full vaccination status, defined as vaccinated two weeks after receiving the requisite number of doses of a COVID-19 vaccine approved or authorized for emergency use by the FDA.

Reasonable Accommodations are available, including, but not limited to, for disabled veterans, individuals with disabilities, and individuals with sincerely held religious beliefs, in all phases of the application and employment process. To request an accommodation please email and we will be happy to assist. All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations. Read more about non-discrimination:  EEO is the law and  Pay Transparency Statement.

Fairfax, VA (VA01)

Who is ICF?

A global consulting services company with approximately 8,000 people across 75+ countries, but we are not your typical consultants.

Join our talent network

ICF is growing, and we add new open roles to our site regularly. If you're waiting for that perfect opportunity at ICF or want an inside look at what it's like to do world-changing work, join our talent network to stay updated.

Join our talent network

ICF is growing, and we add new open roles to our site regularly. If you're waiting for that perfect opportunity at ICF or want an inside look at what it's like to do world-changing work, join our talent network to stay updated.