Privacy and Security Counsel

Privacy and Security Counsel

Requirements

• 2+ years of data security, data privacy, data protection, and governance experience.
• Bachelor’s degree plus a Juris Doctorate from an ABA-accredited law school.
• Familiarity with US and global data privacy security and security protection laws and regulations.
• Ability to educate cross-functional partners on attorney-client privilege, privacy, and security issues.
• Understanding of security and data privacy regulations and frameworks, such as GDPR, NIS2, SEC Cybersecurity Rule, CCPA, COPPA, NIST CSF, and PCI.
• Experience working cross-functionally to provide legal advice on privacy, regulatory, commercial, and security initiatives.
• Experience or demonstrated interest in managing supply chain risk management practices, including assessing legal risk in due diligence and vendor compliance initiatives.
• Experience or demonstrated interest in collaborating with Information Security teams, including managing low-to-medium severity incidents with the Detection and Response Team, providing legal support to a Bug Bounty program, and offering legal expertise for compliance initiatives in Governance, Risk, and Compliance.
• Experience or demonstrated interest in managing legal support for a wide range of low-to-medium severity incidents across the organization, covering areas such as Safety, AI/ML, Privacy, Compliance, Platform Reliability, Communications/PR, User Experience, Anti-Money Laundering (AML), Policy, and Law Enforcement Engagement.
• Experience or demonstrated interest in supporting global data protection and security requirements.
• Training at a major national law firm; in-house experience highly valued.
• Experience managing domestic and international law enforcement requests.
• Active membership in at least one U.S. state bar; California Bar admission highly preferred.
• Strong business-oriented judgment.

Responsibilities

• Assist in advising on global and domestic data privacy and security laws, regulations, and industry best practices for privacy and security.
• Stay informed about relevant privacy security and data privacy laws and regulations and industry standards to support the team in providing sound compliance advice.
• Support the analysis and interpretation of evolving data privacy and security legislation, regulations, and enforcement actions, and help translate this analysis into clear, concise, and actionable guidance.
• Support the Detection and Response Team, including providing impact analysis, notification obligations, post incident retrospectives, and proposing guidance on repair items.
• Provide legal support for a wide range of low-to-medium severity incidents across the organization, covering areas such as Safety, AI/ML, Privacy, Compliance, Platform Reliability, Communications/PR, User Experience, Anti-Money Laundering (AML), Policy, and Law Enforcement Engagement.
• Support privacy and security initiatives related to supply chain risk management, including vendor due diligence, security provisions in contracts, and reviewing compliance attestations.
• Support updating legal incident response policies.
• Work cross-functionally with other counsel, including commercial, product, regulatory, employment, and securities.
• Assist in providing insights and recommendations on internal company privacy security and data privacy policies in collaboration with Information Security.
• Develop expertise in privacy security and data privacy to give inputs into Quantified Risk assessments.
• Report to Senior Privacy Security Counsel.

Preferred Qualifications

• Training at a major national law firm; in-house experience highly valued.