J.J. Jones

J.J. Jones focuses her practice on cybersecurity law, incident response, crisis management, enterprise risk management, regulatory compliance and governance, advising complex global organizations on their most critical security, privacy and data challenges. Ms. Jones draws on two decades of integrated experience spanning senior in-house leadership at major technology companies, defense of federal agencies in civil litigation matters, and white collar criminal defense and complex commercial litigation in private practice.

Most recently at Microsoft, Ms. Jones served as senior director in the Office of the Chief Information Security Officer (CISO), where she led the company's external communications for critical security, AI and data breach incidents, as well as customer-impacting security vulnerabilities, with a focus on preserving customer trust and protecting brand value, while minimizing legal and regulatory risk.

As assistant general counsel for cybersecurity regulatory strategy, compliance and operations at Microsoft, Ms. Jones advised the Global CISO and senior security leadership on legal risk management, incident and data breach response, cybersecurity regulatory compliance across global jurisdictions, government and industry partnerships and cybersecurity policy – helping to safeguard the company and its customers against sophisticated cyber threats.

Before her in-house career, Ms. Jones served as an Assistant United States Attorney and as a litigator at global law firms, building a foundation in high-stakes advocacy that informs her approach to crisis decision-making and legal strategy. She also served as strategy counsel at Google, navigating consumer protection regulatory inquiries and investigations, managing high-stakes security and privacy incidents and developing regulatory compliance strategies and programs for the evolving global landscape of data security and consumer protection regulation – all further deepening her understanding of the tech sector and the regulatory pressures facing global technology companies.

Ms. Jones's substantive experience spans high-risk security and privacy incident response, global regulatory compliance, insider threat programs, data loss prevention, threat intelligence, cybersecurity M&A diligence and post-acquisition integration and enterprise data risk management strategy concerning security, privacy and generative AI. She is a trusted cross-functional advisor with demonstrated experience facilitating crisis management and complex decision-making across highly matrixed organizations.