PRIVACY LAW JOB LISTINGS

This page gathers privacy job listings. Check links for further details, including salary, qualifications, location, and responsibilities. We advise you to apply even if you don’t quite meet requirements for years of experience, as employers often don’t adhere strictly to such requirements. Please write to us if you know of privacy law job listings we should include.

NOTE: As we often don’t know when positions are filled, not all positions listed on this page are still open. Posted dates are approximations.

* * *

Autozone – Senior Counsel, Data Privacy

Responsibilities:

Evaluate and Strengthen Privacy Frameworks: Conduct a comprehensive assessment of the organization’s current data privacy posture. Design and implement a robust, scalable privacy program aligned with business goals and global regulations (e.g., GDPR, CCPA, LGPD), ensuring compliance and operational excellence.
Drive Strategic Privacy Leadership: Act as a trusted advisor to the business, offering forward-thinking guidance on emerging privacy laws and trends. Influence decision-making at all levels by translating complex legal requirements into actionable business strategies.
Collaborate on Risk Assessments and Mitigation: Partner with IT and cross-functional teams to lead Data Protection Impact Assessments (DPIAs) and other risk evaluations. Provide clear, practical recommendations to mitigate privacy risks and safeguard consumer trust.
Ensure Regulatory Compliance and Continuous Improvement: Monitor evolving privacy regulations and proactively update internal policies, procedures, and systems. Lead regular audits and risk assessments to identify gaps and implement corrective actions.
Champion Privacy Education and Awareness: Develop and deliver engaging training programs to promote a culture of privacy across the organization. Empower employees with the knowledge and tools to uphold data protection standards in their daily work.
Operationalize Privacy Across Channels: Ensure that all personal data collection and processing activities across digital, in-store, and third-party channels are compliant with privacy laws and reflected in company policies, contracts, and consumer rights responses.

Posted November 25, 2025

WTW – Americas Privacy Counsel

Responsibilities:

Act as designated country privacy officer for the United States and Canadian group DPO, which includes maintaining awareness of changes to privacy laws, performing gap analyses when required, and implementing required changes as needed in coordination with business teams and corporate functions
Serve as the legal lead resource (and where required, DPO) in the region on data protection and privacy matters involving privacy laws in the U.S. (i.e., CCPA, other state privacy laws, HIPAA, GLBA), Canada (i.e., PIPEDA and provincial laws), and elsewhere globally and in the Americas (i.e., GDPR, LGPD), including Bermuda and the Cayman Islands.
Negotiate data protection terms (including HIPAA business associate agreements) for client and supplier agreements in accordance with WTW standard positions.
Support ongoing maintenance and development of data protection standards and procedures for suppliers and clients in the form of playbooks, standard positions, and other collateral and guidance materials for non-privacy teams within the Office of General Counsel.
Advise business and corporate function stakeholders regarding privacy requirements related to collection and processing of personal data with regard to, for example, deidentification of personal data, cross border data transfers, data privacy rights requests, etc.
Provide support and guidance on privacy terms as needed in response to RFPs, bids, and strategic business partnerships.
Advise the business and fellow legal department members on legal compliance requirements for the Americas applicable to the privacy and management of the personal information of clients, suppliers, employees, and other individuals with whom the company interacts.
Other duties as assigned by the Global Head of Privacy Legal and Deputy Global Privacy Officer.

Posted November 25, 2025

Vericast – Legal Counsel – Privacy

Responsibilities:

Ability to analyze and have in-depth understanding of evolving privacy and data protection laws and regulations (GLBA, CCPA/CPRA, HIPAA, etc.) and related client contractual requirements (e.g., data acquisition/collection, usage, transfer, etc.) to assist in compliance efforts with respect to same (20%)
Assist in maintaining privacy-related policies, standards, guidelines, and processes (10%)
Assist with analysis of data procured for use in products and services, including ensuring proper collection, consent when required, scope of permissible uses, etc. (10%)
Assist with responding to internal inquiries regarding data governance and data usage to ensure compliance with privacy regulations, Company privacy policies, and client contractual requirements (10%)
Liaise with Vendor Security Risk Management team to ensure privacy compliance (10%)
Assist with Company’s data governance efforts, including privacy impact assessments and processes around appropriate deletion/destruction of data (15%)
Primary responsibility for Company’s consumer privacy request process and responses to consumers, including client inquiries related to consumer rights requests (25%)

Posted November 25, 2025

NBCUniversal – Counsel, Privacy

Responsibilities:

Counsel business and technology teams on privacy issues regarding the development of products, platforms, services and other initiatives involving the collection and use of personal information, with a focus on consumer data and related advertising and marketing use cases
Draft and negotiate privacy and data security terms for agreements related to third party vendors, advertising and marketing technologies
Assist in the counseling of digital properties, including consumer facing websites, mobile applications, and related internal databases with respect to privacy issues
Work closely with business, technology, information security, customer experience to establish relationships and deliver consistent, practical legal guidance and support
Advise on legal, regulatory and policy developments relating to data collection and use, tracking and analytics, advanced advertising, and related issues
Review and assist in developing privacy controls with respect to privacy impact assessments, including privacy -related notices, policies, guidelines, standards and processes

Posted November 19, 2025

Autodesk – Director, Data Security Counsel

Responsibilities:

Provide expert legal advice, research and track global data security legislation, evolving regulations, and enforcement and translate that into clear, concise, and actionable guidance
Partner with members of the Legal team, Trust team, and other stakeholders to ensure Autodesk’s compliance with data security laws, regulations, customer, and vendor contracts
Provide support and counsel during cybersecurity-related investigations and the response to data privacy incidents, including breach notification and mitigation strategies, to minimize impact and maintain trust
Provide legal support to the Global Risk & Compliance team in connection with security certifications for Autodesk products, including SOC 2, ISO, FedRAMP, C5, and other industry and geo specific certifications
Provide guidance to Legal and Product teams on data protection issues pertaining to new and existing products/features throughout the entire development lifecycle
Provide legal guidance on regulatory, third-party, and internal security audits, and work with teams to scope and perform mitigation and remediation activities
Draft and negotiate data security terms in contracts with customers (including public sector), vendors, and business partners
Provide legal guidance on data security matters for M&A acquisitions, enabling risk decisions and integration of acquisitions into Autodesk Trust framework
Respond to customers’ data security questions
Assist with renewals of Autodesk’s cybersecurity policy
Help enhance the global Trust program, including operations and documentation, employee training on data privacy and security obligations, promoting a culture of awareness and compliance throughout the organization, policy enforcement, compliance program monitoring and auditing, and third-party risk assessment

Posted November 19, 2025

Genentech – Senior Counsel Specialist, Assistant General Counsel, Privacy Law

Responsibilities:

Act as a key internal point-of-contact and subject matter expert on privacy and data protection, providing practical, timely, strategic, and high-quality legal advice on data privacy and security matters.
Influence strategic implementation of privacy legal and compliance requirements across the organization.
Drive privacy strategy and implementation based on continuous monitoring of new and evolving privacy laws, enforcement, and litigation across jurisdictions.
Draft, update, and implement internal privacy policies, procedures, and guidances, and external privacy notices and consent language, to reflect evolving legal requirements and industry best practices.
Develop standards, templates, playbooks, and training for drafting and negotiation of data processing agreements.
Provide legal support for the strategic reviewing, drafting, and negotiating of privacy and data security terms in contracts with business partners and vendors, including data processing agreements and data protection terms in clinical research agreements.
Provide advice, education, training, and legal direction on data protection laws impacting business operations and contractual relationships.
Advise on data privacy, legal risk identification and mitigation efforts, as well as data privacy compliance efforts.
Develop content for privacy training materials and other communications to increase employee understanding of company privacy policies, data handling practices and procedures and legal obligations, as well as to ensure awareness of “best practices” on privacy and data security issues.
Review Privacy Impact Assessments (PIAs) and advise on the management of complex privacy matters involving systems and data processing activities.
Provide legal counsel on investigations involving reports of inappropriate or unauthorized access, loss or disclosure of personal data, including advising on potential liability, identifying legal obligations, and supporting incident response efforts.

Posted November 18, 2025

HealthEquity – Associate General Counsel, Privacy & Security

Responsibilities:

Advise on complex U.S. privacy and data protection laws (GLBA, HIPAA, CCPA/CPRA, etc.) across business functions.
Lead legal reviews of products and features to integrate privacy-by-design principles throughout development lifecycles.
Draft, review, and negotiate agreements related to privacy, data protection, and data use.
Assess legal risk in AI initiatives, participate in AI governance, and recommend safeguards for compliance.
Contribute to enterprise policies and frameworks for security, privacy, and AI aligned with company values.
Monitor regulatory developments impacting privacy, data use, and AI.
Identify privacy and data protection risks and advise leadership on mitigation strategies.
Provide counsel on incident management, remediation, and regulatory inquiries at state, federal, and international levels.
Translate emerging privacy, cybersecurity, and data protection laws into actionable guidance.
Support development and maintenance of policies for privacy, cybersecurity, AI, and data protection.
Partner with privacy, security, and engineering teams to align legal obligations with operational practices.
Interpret and apply agency rules, legislation, and industry best practices to AI use cases.

Posted November 18, 2025

Bright Horizons – Privacy Counsel

Responsibilities:

Advise, draft, review and negotiate data protection agreements/clauses with a wide-range of vendors and clients including managing from end to end the full contract lifecycle in accordance with company procedures and business requirements.
Review contract templates and on-boarding procedures to mitigate legal and business risk, and to improve the efficiency and effectiveness of legal contracting.
Keep up to date on privacy law developments that will impact the business, its clients and the sector (e.g., evolving guidance out of the European Union, United Kingdom, Australia and the United States, including developments in e-privacy and Artificial Intelligence).
Evaluate the applicability and impact of global privacy laws and regulatory guidance and provide legal advice to internal and external Bright Horizons teams.
Support new projects, applications and systems on the privacy implications and compliance requirements, with emphasis on privacy by default and design requirements and assessing privacy risks.
Support Data Protection / Privacy Impact Assessments (DPIAs); Legitimate Interest Assessments (LIAs), data subject rights requests and reports of potential data/privacy incidents as required.
Support the development, review and update of privacy policies, programs, and procedures to align with legal requirements and best practices.
Address and manage ad hoc activities as assigned by members of the Privacy Team and any other duties commensurate with the role.

Posted November 14, 2025

T-Mobile – Corporate Counsel – Privacy

Responsibilities:

Advise the company on laws, regulations, obligations, and industry standards impacting employee privacy and Data Subject Requests
Provide counsel on and drive compliance programs related to Data Subject Requests
Drive a successful privacy compliance program through continuous improvement of internal-facing policies, trainings, and awareness programs.
Develop strong business partnerships to help guide the business on privacy considerations for business strategies and products.
Draft and negotiate related provisions in commercial contracts as needed.
Analyze potentially impactful legislation and regulations and provide subject matter expertise to T-Mobile’s Government Affairs team.
Propel other department and team initiatives as assigned.

Posted November 13, 2025

Zillow – Counsel, Privacy & Data

Responsibilities:

Advise product, engineering, and data teams on privacy, data protection, and responsible data use in connection with new features, products, and initiatives.
Partner with teams throughout the product lifecycle to implement Privacy by Design and Responsible Data Use principles.
Counsel on issues related to data collection, sharing, retention, analytics, and AI/ML model training, including de-identification and synthetic data.
Review customer-facing services, disclosures, and terms to ensure transparency and compliance with applicable data and privacy laws.
Counsel transactional teams on data use rights, cross-border transfers, information security obligations, and vendor risk management.

Posted November 12, 2025

Thomson Reuters – HIPAA Officer & Data Regulatory Counsel

Responsibilities:

Serve as the organization’s HIPAA Privacy and Data Regulatory Counsel, for both when it acts in the context of a Business Associate (when it provides services to Covered Entities or upstream BAs) and for the Thomson Reuters health plans;
Monitoring and tracking current and emerging data protection regulations governing sensitive data, such as PHI, and translate legal terms into business requirements, guidance, and advice;
Assisting in the design, maintenance, and implementation of the Thomson Reuters Privacy Program, including drafting privacy policies and establishing related processes specific to those business lines handling sensitive data, such as those needed to ensure compliance with HIPAA Privacy, Security, and Breach Notification Rules;
Oversee workforce training and awareness programs, including those regarding HIPAA obligations;
Collaborating with product and business teams to identify legal and privacy risks in product and system development and provide risk-mitigation counseling, including advising on privacy-by-design, reviewing PIAs, and conducting risk assessments;
Providing legal counsel to cybersecurity teams, including during investigations to ensure they are conducted and documented appropriately to minimize risks, protect individual privacy, and fulfill legal obligations arising from incidents;
Assist contracting teams in drafting, maintaining, and negotiating data protection agreements;
Otherwise provide legal counsel to the company and assist the Thomson Reuters Privacy Office in discharging its duties.

Posted November 12, 2025

Electronic Arts (EA) – Counsel, Privacy

Responsibilities:

Partner with the Privacy Team to design, implement, and continuously enhance a comprehensive global privacy program focused on risk assessment, control design, compliance monitoring, and long-term program evolution.
Advise on complex or high-risk privacy issues in game development, deployment, live services, marketing/ad-tech, marketplace/commerce tools, and player engagement features.
Act as the primary legal partner for central technology and engineering organizations, embedding privacy-by-design from concept through launch across shared platforms, back-end systems, cross-game infrastructure, and enterprise-wide internal tools.
Shape and refine internal privacy and data governance policies, playbooks, and practical guidance.
Deliver legal research and actionable advice on emerging global privacy regulations, while building subject-matter expertise on key laws and issues.
Guide vendor and partner privacy diligence, including third-party integrations such as SDKs, ad-tech, analytics, and cloud providers.
Contribute to incident response readiness and execution, including data breach investigations, regulator notifications, and player- and employee-facing communications.
Support responses to regulator inquiries, audits, and investigations, in collaboration with cross-functional partners.
Develop targeted training and awareness programs for studios, engineers, and business partners to reinforce privacy and data protection best practices.
Track organizational processes and internal controls, conduct effectiveness reviews, and complete documentation (such as PIAs/DPIAs, and RoPAs) to demonstrate compliance and drive continuous improvement.

Posted November 11, 2025

lululemon – Senior Privacy Counsel

Responsibilities:

Day to day legal direction on complex global privacy laws and regulations with diverse business stakeholders.
Provide direction to teams during incidents, engagement of outside counsel, and generating clear guidance to both business and legal leaders.
Ability to provide tactical risk-based guidance that balances business objectives, company values, and shifting compliance requirements.
Provide direction on Organizational and Departmental strategy to create appropriate implementation strategies and effectively advise cross-functional partners.
Partners closely with the Cybersecurity team, revising existing policies, procedures, and continued counsel .
Completes complex risk assessments on critical business initiatives with consistently clear guidance to business stakeholders.
Provides direction to cross-functional partners on external vendor relationships and business goals, as well as quickly collecting input from key departments to apply policies and minimize risk, including Insurance, Finance, and Information Security.
Identifies legal issues, analyzes risks, and creates and implements solutions structured to achieve business objectives efficiently with rationalized legal and practical risk. This role also engages directly with external counsel on incidents, data subject access requests and new legislation.
Collaborates with the rest of the Privacy team on compliance execution, matter and regulatory tracking, program maturity projects, and reporting to leadership.
Provides clear counsel on legal matters to all levels within the organization, working independently and representing the Privacy team on complex privacy issues.

Posted November 6, 2025

Bloomberg Industry Group – Data Privacy Counsel (INDG)

Responsibilities:

Updating Records of Processing Activities (ROPA): Maintain existing ROPA (and adding new entries) to ensure accuracy & currency.
Privacy Impact Assessments: Conduct DPIAs, LIAs, and TIAs; maintain the assessment register; track mitigations.
Data Subject Rights: Fulfill DSARs end-to-end, including identity verification, data retrieval, response drafting, and evidence management.
Data Processing Agreements (DPAs): Draft and negotiate customer and vendor DPAs (as well as contract provisions associated with privacy); escalate complex or high-risk matters.
Vendor Due Diligence: Conduct privacy due diligence on vendors and manage routine DPAs.
Incident Response: Execute incident/breach runbooks, including evidence collection, reporting, and customer/vendor communication support.
Privacy by Design: Participate in Privacy by Design reviews within the SDLC/PLC, documenting advice and risk assessments.
Training & Awareness: Assist in development and delivery of privacy trainings.
Regulatory Monitoring: Conduct horizon scanning of evolving privacy laws; distill requirements into actionable obligations and communicate them to control owners.

Posted November 5, 2025

Everseen – DPO, Lead Privacy Counsel

Responsibilities:

As Everseen’s dedicated DPO, you will fulfill all obligations required by the GDPR and relevant data protection laws, operating independently to advise and monitor privacy compliance within the organization.
Advise the organization and its employees on Company obligations under GDPR / other data protection laws (e.g., US State laws/UK).
Monitor compliance with data protection legislation and organizational policies, including oversight of internal privacy activities, staff privacy training, internal privacy audits, and undertaking of necessary Data Protection Impact Assessments (DPIAs).
Serve as the main point of contact for, and cooperate with regulatory authorities for privacy and for individuals (data subjects) regarding privacy matters, including handling queries and complaints.
Provide advice on, and monitor, DPIAs, especially for projects with high privacy risk.
Inform and raise awareness within the organization regarding data protection issues, ensuring staff training and fostering a privacy-aware culture.
Maintain a record of processing operations and ensure proper documentation of compliance efforts.
Assess, and report on personal data breaches, and support organization with corresponding mitigation strategies.
Maintain independence in the role: the DPO will report to the Chief Financial Officer and must not be instructed in the execution of their tasks or penalized for performance of their duties.
Lead Privacy Counsel
As Lead Privacy Counsel, you will serve as the legal subject matter expert for privacy advice and governance, providing appropriate expertise and execution support to the General Counsel & legal team on all privacy matters not reserved for the DPO.

Posted November 4, 2025

Ascendion – Data Privacy Cyber Security Attorney

Responsibilities:

Advise on and ensure compliance with various data privacy laws such as GDPR, CCPA, and HIPAA.
Draft, review, and negotiate privacy policies, terms of use, data processing agreements, and other related contracts.
Manage the legal response to data breaches and security incidents, including investigations and regulatory notifications.
Evaluate privacy and security threats and conduct gap analyses to identify and mitigate risks.
Represent clients in litigation related to privacy violations and represent them before regulatory bodies

Posted November 3, 2025

Universal Music Group – Senior Privacy Counsel

Responsibilities:

Advise stakeholders (Legal, Product, Engineering, Marketing) on global privacy laws (GDPR, CCPA/CPRA, PIPL, and more), privacy-enhancing technologies, and AI/ML
Translate legal and regulatory requirements into business and technical guidance.
Draft, negotiate, and review privacy/security provisions in commercial contracts, ad-tech partnerships, platform integrations, and data-sharing agreements
Collaborate with product and engineering teams to embed privacy-by-design and responsible AI principles into new features and offerings
Conduct or support DPIAs and AI risk assessments, ensuring robust documentation and compliance.
Lead privacy and data security incident response, including coordination with forensics, drafting breach notifications, and liaising with regulators
Track developments in global privacy and cyber laws, regulatory guidance, and enforcement actions.
Support regulatory inquiries and prepare responses or disclosures.

Posted November 1, 2025

Safeway – Senior Counsel, Privacy and HIPAA

Responsibilities:

Provide expert legal counsel on HIPAA Privacy and Security Rules, including Business Associate Agreements (BAAs), data aggregation, de-identification, and breach notification requirements.
Advise on state consumer privacy laws (e.g., CCPA/CPRA, Virginia CDPA, etc.) and federal regulations impacting health data.
Support product development and marketing initiatives with Privacy by Design principles, ensuring compliance in digital health platforms, mobile apps, and retail pharmacy services.
Draft, review, and negotiate privacy-related provisions in contracts with vendors, partners, service providers, and business associates.
Collaborate with cross-functional teams including Pharmacy, Product, Marketing, IT, Compliance, and Security to assess privacy risks and implement mitigation strategies.
Lead privacy incident response efforts, including investigation, legal analysis, and regulatory reporting.
Monitor and interpret evolving privacy laws, regulations, and enforcement trends, providing proactive guidance to stakeholders.
Participate in internal governance committees and contribute to the strategic direction of the enterprise privacy program.
Mentor legal and privacy professionals and contribute to training initiatives across the organization.

Posted October 31, 2025

Lucid Motors – Sr. Counsel, Privacy

Responsibilities:

Serve as a privacy subject matter expert to the organization and provide practical, timely counsel in response to business concerns and requests
Partner closely with our HR, IT, compliance, engineering, procurement and other business teams on privacy and data protection-related matters to deliver practical and business-minded legal advice
Provide legal support to work streams and processes relating to the rollout and maintenance of privacy compliance programs
Advise operational and governance teams on regulatory requirements across existing and developing local market privacy programs including in Asia, EU, and the Kingdom of Saudi Arabia
Evaluate and internally report on the impact of U.S., European, and international legislative, regulatory, legal developments and industry guidelines involving privacy and drive compliance strategies
Track, evaluate, and internally report on the impact of and developments relating to new and pending international and US privacy and data protection, and translate that into practical, effective advice; and support compliance efforts related to these laws
Drive privacy-by-design and default through the product development process
Counsel the organization in support of new business models or new technology offerings
Engage and manage outside counsel as necessary
Assist in the preparation and submission of reporting and applications to the appropriate data processing authorities
Review, revise, and negotiate privacy and security provisions within contractual agreements
Develop and implement privacy and data security trainings

Posted October 31, 2025

HARMAN International – Privacy Counsel

Responsibilities:

Identifying data privacy and security issues in product initiatives and customer agreements, and working cross-functionally with the appropriate teams to create solutions and minimize risk.
Engaging strategically in risk assessment/mitigation and developing innovative approaches to data privacy and security issues in support of business objectives.
Identify and develop initiatives to prevent, detect, and respond to internal and external data privacy risks through the continuous development and evolution of a comprehensive data privacy program, policies and procedures, annual oversight and monitoring plans, and privacy education and awareness-building.
Bring a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, controls, and governance processes.
Establish and maintain practices to protect personal information and HARMAN’s confidential information in a manner consistent with HARMAN’s values and applicable laws and regulations.
Anticipate and address data privacy issues as they arise, respond to internal and external inquiries, concerns, and complaints, and prepare formal responses.

Posted October 31, 2025

Maximus – Associate Counsel – Privacy (REMOTE)

Responsibilities:

Develop and maintain a working knowledge of US federal and state privacy and data protection laws and regulations.
Develop and maintain awareness of global privacy and data protection laws that apply to the company and how they impact the company’s privacy and data protection compliance posture.
Develop a working knowledge of Artificial Intelligence legal landscape to understand risks, impacts, and harms associated with the use of personal information.
Review proposals/solicitations to identify privacy risks and mitigations; communicate effectively with stakeholders, with minimal oversight.
Review contracts, subcontracts, licensing agreements, etc. and identify privacy and data protection requirements, risks, and contract mitigations, with minimal oversight.
Develop and maintain a working knowledge and ability to identify required federal/state/global privacy controls for management review.
Draft privacy impact assessment for management review with minimal oversight.
Draft public-facing privacy statements with minimal oversight.
Develop and maintain an understanding of Maximus operations, systems and systems integration
Investigate and document the risk resulting from assigned privacy and data protection incidents, including applying legal analysis to make breach determination under all applicable standards, determine root causes, recommend sanctions, identify potential process improvements, including training recommendations, with minimal oversight.
Participate in the breach notification process with internal and external stakeholders with support from management.

Posted October 31, 2025

Arrive – Global Data Privacy Counsel; U.S. & Canada Privacy Officer

Responsibilities:

Serve as a trusted strategic legal advisor to executive leadership, business unit and function heads, and the governance committees on global privacy, data protection, and cybersecurity risks, as well as opportunities aligned with rapid business growth and innovation.
Design, lead, and continuously evolve the global privacy and data protection program, ensuring it not only meets regulatory requirements but also supports scalable growth and competitive advantage in a fast-paced, high-growth environment.
Partner closely with product, technology, payments, data, software and hardware sales, marketing, and strategy teams to embed privacy-by-design and data governance principles into all data-driven and payment-related initiatives.
Advise on privacy, data protection, cross-border data processing, and emerging technologies (AI and machine learning), in connection with parking, public transport and other urban mobility technologies and data services (B2B, B2C), to help the company navigate these complex regulatory environments while accelerating innovation.
Balance risk management with enabling agility—help business units achieve their ambitious growth objectives without compromising compliance or customer trust.

Posted October 30, 2025

Block – Cybersecurity Counsel

Responsibilities:

Provide expert legal advice to our teams as it relates to managing cybersecurity risks and compliance with global cybersecurity laws and regulations.
Build and improve incident detection and response processes.
Provide support and counsel during cybersecurity-related investigations and the response to data privacy incidents, including breach notification and mitigation strategies, to minimize impact and maintain trust.
Provide legal guidance on regulatory, third-party, and internal security audits, and work with teams to scope and perform periodic security hygiene assessments, mitigation and remediation.
Help enhance the global privacy program, including privacy operations and documentation, employee training on data privacy and security obligations, promoting a culture of awareness and compliance throughout the organization, policy enforcement, privacy compliance program monitoring and auditing, and third-party risk assessment.
Collaborate with the global legal team to align security and privacy practices across the company, ensuring a unified approach to data protection.
Remain up-to-date on relevant data security laws and regulations, industry approaches to privacy program management, and on privacy and security technological developments, threat vectors, and evolving industry standards to provide solutions to complex issues.
Help prepare board and executive presentations, regulatory filings, and other legal disclosures to ensure accuracy and completeness of cybersecurity representations.
Support global AI governance, helping the business teams continue innovating responsibly.

Posted October 26, 2025

SureScripts – Senior Privacy and Regulatory Counsel

Responsibilities:

Provide legal support and advise across a myriad of regulations including HIPAA, Information Blocking Rules, Anti-Lead complex legal services arising from business priorities and data rights associated with the handling of deidentified data, PII/Protected Health Information (PHI).
Provide legal and strategic advice to the Chief Legal Officer, Privacy Officer and VP, Legal Affairs to ensure compliance and manage risk to PII/PHI.
Partner with other members of the Legal Affairs team, product managers and developers, Growth team, and other stakeholders to ensure privacy is incorporated in the development of products, services, and systems.
Create and foster partnerships across the enterprise, managing those relationships as well as providing high quality advice in innovative ways, including through PowerPoint and visual representation.
Participate in the operation of data privacy, risk, and governance boards or committees, such as developing priorities and initiatives.
Act in accordance with the Department’s service delivery model.
Serve as senior leader on the Privacy and Regulatory team to develop, implement, and execute strategic vision, including team meetings, brainstorming sessions, trainings, and team building activities.
Draft, maintain, and update Business Associate Agreement (BAA) and related privacy and data protection templates.
Draft and negotiate/advise on BAAs and related privacy and data protection agreements and terms in customer/vendor contracts or other legal documentation with customers, suppliers, and other parties.

Posted October 24, 2025

Fox Corporation – Vice President, Privacy and Data Security (Legal Counsel)

Responsibilities:

Serve as lead privacy counsel on a variety of consumer-facing digital initiatives, including websites, streaming apps, data analytics, AI, and adtech.
Provide strategic and day-to-day legal counsel on privacy, data protection, and cybersecurity issues—including federal and state privacy laws (VPPA, COPPA, CIPPA, CCPA/CPRA, etc.).
Draft and negotiate data privacy and security provisions in commercial agreements, vendor contracts, and strategic partnerships.
Advise business teams on data use, data governance, and cross-border data transfer issues.
Lead privacy impact assessments and partner with stakeholders to embed privacy-by-design across business and product development lifecycles.
Monitor and advise on legal developments, regulatory trends, industry self-regulation, and best practices in data protection and cybersecurity.
Support incident response and breach notification processes in collaboration with Information Security and Legal teams.
Prepare and present briefings on privacy and data risk for internal stakeholders, including executive leadership and the Audit Committee.
Develop and deliver internal privacy trainings, policies, and communications.
Respond to consumer privacy rights requests and manage regulatory inquiries as needed.
Operate as a strategic advisor within a lean, high-performing legal and privacy function.

Posted October 24, 2025

Aon – Associate General Counsel, Global Cyber Security

Responsibilities:

Develop a process to advise and shape compliance strategies on global cybersecurity regulatory developments and relevant contract risk management requirements.
Monitor and interpret global cybersecurity regulatory developments and advise the Global Cyber Security organization on control framework enhancements, developing and implementing policies, playbooks, key performance and risk indicators, processes, guidelines and training.
Collaborate with cybersecurity and engineering teams on embedding privacy and security by design principles.
Advise strategically on global incident response, policies and procedures, and support the review of incidents, breach notification and regulatory reporting, inquiries, investigations, complaints, and litigation, including the determination of root cause and remediation and stakeholder communication.
Support compliance initiatives and audits.
Advise on cybersecurity issues in M&A activities, strategic transactions and third-party security risk management requirements.
Manage and provide strategic advice and support to the North America and LATAM privacy and data trust team that is made up of experienced privacy lawyers, contract security and incident response professionals.
Coordinate and work cross functionally and collaboratively with global teams and risk committees to support Aon business initiatives.
Collaborate and coordinate with the Global Privacy & Data Trust Office team to develop risk management strategies and external materials and artefacts that promote Aon’s best practices for cyber, privacy and data laws.

Posted October 23, 2025

The Trade Desk – Director, Associate General Counsel- Privacy

Responsibilities:

Draft and maintain external data privacy disclosures (such as privacy policies and other public data compliance / security statements) as well as internal privacy documentation (DPIAs, ROPAs, LIAs) pertaining to our data processing activities.
Work collaboratively with Information Security, Trust & Safety, and other cross-functional data teams to identify opportunities to enhance our internal legal policies for how the company manages personal data, and draft and maintain those policies (such as data retention, cross-border data transfers, data access controls).
Counsel our Product team on associated data compliance product designs (such as data access/deletion and opt-out tools).
Help build and standardize internal information sharing and record-keeping workflows with respect to personal data being processed by the company, in close collaboration with your other privacy and data governance colleagues, product counsel, and commercial data attorneys (as well as our DPO and cross-functional teams).

Posted October 22, 2025

Regeneron – Director, Privacy Counsel

Responsibilities:

Providing advice and counseling on a wide range of privacy and related issues such as advising on sensitive data, digital advertising, and use of emerging technologies/AI.
Strategically assess potential privacy risks on new projects, including risk-mitigation counseling and advising on appropriate controls.
Monitoring emerging regulations and supporting the operationalization of compliance with evolving laws.
Upkeep and development of internal policies, procedures, and guidance documents; educating business clients through training and awareness programs; Improving and counseling on privacy program operations.
Working with Regeneron’s Privacy Steward Council to drive initiatives that enhance data privacy across the organization.
Collaborating with our Government Affairs division on opportunities to influence legislation.
Assisting contracting teams in drafting, maintaining, and negotiating data processing agreements.
Participating in industry group meetings to stay updated on best practices and emerging trends.

Posted October 22, 2025

Sabre Corporation – Managing Privacy Counsel

Responsibilities:

Lead the legal privacy team, driving strategic direction, daily operations, and performance alignment with enterprise privacy goals.
Advise on compliance across global, federal, state, and local data privacy laws, serving as a strategic legal partner to the business.
Negotiate and draft privacy and data protection terms in commercial agreements to mitigate risk and ensure compliance.
Collaborate with cross-functional teams—including procurement, product, engineering, and security—to guide privacy-related decisions.
Drive enterprise privacy compliance initiatives, shaping and executing strategic programs.
Immerse in Sabre’s business landscape to provide context-aware legal guidance rooted in market, product, and competitive understanding.

Posted October 17, 2025

Snap Inc. – Privacy & Cybersecurity Counsel

Responsibilities:

Partner closely with Snap’s Engineering Security team to provide legal and strategic advice on a range of matters, including vendor due diligence, third party privacy and security assessments, governance, risk and compliance, and privacy and security incident response
Collaborate with stakeholders to help develop, improve, and enforce Snap’s data security policies, standards, and practices, ensuring they meet global legal requirements
Ensure Snap’s data processing globally complies with all applicable privacy laws, including the EU General Data Protection Regulation (GDPR) and state and federal consumer protection and privacy laws
Partner with Product Counsel on complex issues that arise in the development of new products and technologies, including privacy, data security, and encryption
Work with Snap’s Privacy Engineering team to continually improve Snap’s privacy-by-design program
Analyze potential legal risks and regulatory requirements for new products and technologies
Conduct privacy due diligence reviews, privacy impact assessments, and integration plans for potential acquisitions and partnerships
Help draft public-facing descriptions of new products and technologies
Track and analyze proposed, pending, and new domestic and global privacy, data security, and consumer legislation that could impact the business and recommend necessary modifications to practices, as well as advise Snap’s Policy team on policy engagement priorities
Conduct periodic privacy and security trainings across the company

Posted October 17, 2025

Curriculum Associates – Privacy & Data Protection Counsel

Responsibilities:

Provides strategic legal guidance and counseling, on a broad spectrum of privacy and data protection issues, with an emphasis on student data privacy, including relevant U.S. federal and state laws, international laws, compliance obligations, AI, data privacy in contracts, etc.
Supports the ongoing development and implementation of the Company’s global data protection and privacy program in accordance with applicable laws and regulations.
Partners closely with stakeholders and provides subject matter expertise, advice, and trainings related to data protection legal and compliance obligations.
Assists with and monitors compliance with the Company’s data protection and privacy policies, processes, and procedures.
Raises awareness and helps create and deliver effective training and guidance to teams across the Company to promote best practices and drive a data protection and privacy-oriented culture.
Assists with data governance and compliance efforts, such as preparing and overseeing Data Protection Impact Assessments (DPIAs), Data Sharing Agreements (DSAs), and other data protection and privacy compliance documentation.
Provides subject matter expertise advice and support on the Company’s AI governance and compliance efforts in accordance with relevant regulations and best practices.
Advises on appropriate technical and organizational measures to protect and safeguard personal data, with an emphasis on student data.
Supports customer conversations as they apply to data protection, privacy and AI and assists with Company vendor contract diligence.
Support the business and assist with other compliance matters and legal functions on an as needed, reasonable basis.

Posted October 16, 2025

Hyundai Motor Company – Counsel, Privacy & Cybersecurity

Responsibilities:

Partner in the implementation, maintenance and adherence to the company’s privacy strategy and program.
Assist in the implementation and maintenance of the California Consumer Privacy Act, California Privacy Rights Act, Virginia Consumer Data Protection Act, and other state and federal privacy legislation/regulation.
Analyze Privacy Impact Assessments.
Serve as privacy subject matter expert to the Company for all departments and appropriate entities.
Support the company’s internal privacy awareness program.
Contribute towards the development, implementation, maintenance, and adherence to the company’s privacy strategy and program. Ensure that privacy practices are in place and compliant with applicable laws and industry-specific regulations.
Maintain current knowledge of applicable federal and state privacy and cybersecurity legislation and regulation and monitor industry trends and advancements to ensure company adaptation and compliance.
Assist with the analysis and coordinated response to legal process.
Counsel business units, parent company, and affiliates on data privacy and cybersecurity legal requirements for HMA products and services, including Internet of Things (IoT) efforts such as vehicle telematics, mobile apps, and wearables.
Provide cybersecurity legal and regulatory counsel to the company in order to mitigate risks associated with a cybersecurity or privacy breach.
Monitor HMA’s and GMA’s data usage including vehicle technologies, data usage rights, data ownership with partners, vendors and affiliates, online behavioral advertising, mobile device usage, social media, etc. Create data maps and support updates to same.
Assist in corporate alignment to industry privacy and cybersecurity frameworks (ISO, NIST, including, without limitation, ISO 27001 & 27701 and CIS 18.
Develop and maintain internal privacy policies.
Manage third party data sharing including affiliate and dealer data sharing.
Support Vendor Risk Management program.
Support internal and external audit of company data practices and remediation of gaps.
Maintain knowledge of privacy practices across the company in order to better understand and isolate the risk of exposure or liabilities, develop practical preventive measures, and respond to information security incidents.
Represent the company with trade associations, legislators, law enforcement, and think tanks.
Assist in responding to inquiries from outside parties (e.g., government, NGOs, etc.).
Assist with obtaining relevant Company privacy certifications and manage any applicable registrations with state and federal authorities.

Posted October 10, 2025

Aristocrat – Counsel & Senior Director, Privacy

Responsibilities:

Function as a legal associate for the Company’s privacy initiative as instructed by the Chief Privacy Officer.
Offer exact and timely legal assistance regarding international privacy risks and requirements, covering data protection, data security, marketing, advertising, and data analytics.
Interpret and advise business units on relevant privacy laws and regulations.
Promote seamless teamwork and become an essential strategic partner to the business, aiding in their strategic goals and objectives.
Coordinate the creation, implementation, and modification of global privacy policies and procedures.
Lead or support in handling disputes and legal matters concerning data protection and privacy.
Find opportunities for program enhancements and guarantee flawless execution.
Take charge or support in privacy-related data breach incidents.
Build and deliver educational presentations and tools relevant to global privacy issues.
Work on special projects requiring in-depth evaluation of variable factors.
Analyze privacy issues impacting the business, evaluate options, and recommend mitigating actions.
Support and role model the Legal & Compliance Team’s Drive to Thrive strategy.
Deliver timely and solution-focused legal services while managing cash flow and achieving budget targets.
Operate as a sustainability champion by providing advice and counsel to our business clients.
Manage external counsel resources.
Champion honesty, integrity, and responsible corporate behavior by nurturing a compliance culture within the organization.
Lead and coordinate with cross-functional teams to support business growth and product development with global privacy compliance strategies.

Posted October 9, 2025

HUB International – Legal Counsel/Sr. Counsel, Cybersecurity

Responsibilities:

Monitor, analyze, and provide legal advice on existing and emerging cybersecurity laws and industry frameworks, including GLBA, NYDFS, and HIPAA
Prepare SEC-required cyber disclosures.
Support incident management and collaborate closely with information security function and Senior Privacy Counsel, including advising on legal risk and data breach notification requirements.
Contribute to the ongoing improvement of cybersecurity-related legal templates & playbooks and incident response paybooks; assist with Incident Response tabletop exercises.
Review and support the negotiation of cybersecurity terms in contractual documents .
Manage regulatory reporting and registration requirements under cybersecurity laws.
Work with engineering and product teams to translate legal obligations into technical requirements.
Assist with risk assessments and provide guidance on mitigating cybersecurity risks.
Provide awareness and compliance training to legal colleagues and business clients on cybersecurity matters, including incident response.

Posted October 9, 2025

Vonage – Sr. Legal Counsel – Privacy

Responsibilities:

Negotiate all privacy agreements for customers, vendors, and partners (including DPAs, BAAs, and others) and develop templates, contracting support materials, playbooks and processes.
Provide internal and customer-facing support for privacy inquiries and due diligence.
Develop and implement privacy initiatives and policies across Vonage.
Assess privacy risk across Vonage (including through vendor reviews, privacy impact assessments, privacy-by-design initiatives, and ad hoc guidance).
Support response to data subject rights requests.
Researching and analyzing global privacy laws and HIPAA and advising various business functions (e.g., marketing, product, finance, sales) and within privacy operations.
Providing litigation and incident response support.
Managing initiatives to develop and mature privacy practices across the organization.
Advise on new privacy laws, regulations, and industry trends.
Manage day-to-day support of privacy program.
Support development for employees and partner privacy training.

Posted October 9, 2025

CRC Group – Privacy Lawyer

Responsibilities:

Provide strategic legal counsel on data privacy and protection matters across the organization.
Lead and scale the company’s privacy compliance program, ensuring alignment with business objectives and regulatory requirements.
Develop and implement comprehensive data privacy and security policies and procedures.
Oversee the protection of data collected by the company and ensure compliance with applicable laws and regulations.
Draft, review, and negotiate privacy and security contractual clauses and data protection agreements.
Monitor and assess changes in privacy laws and regulations, including CCPA, GLBA, GDPR, HIPAA, NYDFS, and others.
Conduct privacy risk assessments and manage incident response for data breaches and cybersecurity events.
Deliver ongoing training and education to employees on data privacy and security best practices.
Collaborate with cybersecurity, IT, HR, and other cross-functional teams to ensure cohesive privacy strategies.
Support privacy-related aspects of M&A activity, including due diligence and integration planning.
Maintain strong relationships with internal stakeholders and external counsel to manage privacy-related legal matters.

Posted October 9, 2025

Tractor Supply Company – Dir, Privacy Counsel

Responsibilities:

Provide expert legal counsel and day-to-day advice to the business on privacy and data protection compliance, ensuring adherence to U.S. federal and state privacy laws (e.g. CCPA, CPRA, HIPAA) and company policies.
Develop, implement, and maintain the company’s privacy policies, procedures, and training programs in coordination with the Privacy team (Technology) to promote enterprise-wide compliance and awareness.
Draft, review, and negotiate data privacy and security provisions in commercial contracts, including Data Processing Agreements (DPAs) and third-party data sharing agreements, to protect the company’s interests and ensure regulatory compliance.
Advise internal stakeholders (including IT, Digital, Marketing, HR, and Operations teams) on privacy issues related to new projects, initiatives, and technologies – helping to identify potential risks and recommend compliant solutions that align with business objectives.
Monitor and stay up-to-date on evolving privacy and data protection laws and regulations (domestic and international). Proactively communicate legislative or regulatory changes to relevant business partners and recommend necessary operational or policy adjustments.
Provide guidance to the Privacy team in managing day-to-day compliance tasks and complex privacy inquiries. Support team members in interpreting privacy requirements and implementing best practices.
Collaborate with management and other legal colleagues on overarching data protection strategy, governance initiatives, and privacy compliance projects to ensure a cohesive approach to privacy issues.
Coordinate and oversee responses to Data Subject Access Requests (DSARs) in partnership with the Privacy team.
Build and strengthen relationships with other individuals and groups within TSC to ensure that the Legal department is viewed as an effective and trusted business partner.
Help manage outside counsel or privacy consultants as needed for specialized advice, regulatory guidance, or to support investigations and compliance efforts in the privacy domain.
Support the Legal Department on other commercial or technology transactions and projects as requested, particularly those involving significant privacy or data security considerations.

Posted October 7, 2025

GenTech – Senior Counsel Specialist, Assistant General Counsel, Privacy Law

Responsibilities:

Act as a key internal point-of-contact and subject matter expert on privacy and data protection, providing practical, timely, strategic, and high-quality legal advice on data privacy and security matters.
Influence strategic implementation of privacy legal and compliance requirements across the organization.
Drive privacy strategy and implementation based on continuous monitoring of new and evolving privacy laws, enforcement, and litigation across jurisdictions.
Draft, update, and implement internal privacy policies, procedures, and guidances, and external privacy notices and consent language, to reflect evolving legal requirements and industry best practices.
Develop standards, templates, playbooks, and training for drafting and negotiation of data processing agreements.
Provide legal support for the strategic reviewing, drafting, and negotiating of privacy and data security terms in contracts with business partners and vendors, including data processing agreements and data protection terms in clinical research agreements.
Provide advice, education, training, and legal direction on data protection laws impacting business operations and contractual relationships.
Advise on data privacy, legal risk identification and mitigation efforts, as well as data privacy compliance efforts.
Develop content for privacy training materials and other communications to increase employee understanding of company privacy policies, data handling practices and procedures and legal obligations, as well as to ensure awareness of “best practices” on privacy and data security issues.
Review Privacy Impact Assessments (PIAs) and advise on the management of complex privacy matters involving systems and data processing activities.
Provide legal counsel on investigations involving reports of inappropriate or unauthorized access, loss or disclosure of personal data, including advising on potential liability, identifying legal obligations, and supporting incident response efforts.
Collaborate with External Affairs colleagues on opportunities to influence privacy and data security legislation.
Participate in industry group meetings to stay updated on best practices and emerging trends.
Partner and align with global colleagues on development and implementation of compliance and training programs.

Posted October 7, 2025

Paylocity – Privacy Counsel

Responsibilities:

Partner with the Chief of Privacy to drive the execution of the enterprise privacy strategy and advance the privacy roadmap.
Maintain understanding and expertise of new and evolving privacy regulations including domestic and international laws and provide actionable guidance to ensure compliance and strategic alignment.
Act as subject matter expert and primary escalation point for data protection issues in contracting.
Draft, negotiate, and close privacy and data protection agreements with clients and vendors, and support data protection negotiation in commercial contracting process.
Work closely with commercial legal team on improvements to privacy contracting process, tools and related efficiencies.
Collaborate with cross-functional stakeholders – including sales, product, engineering, and operations – to embed privacy-by-design principles into product development and business processes.
Perform regular privacy assessments of new and existing business processes (including through data protection impact assessments as applicable).
Provide practical and timely advice to internal clients in compliance with applicable data protection requirements, including those relating to cross-border data transfers.
Draft, maintain, and optimize privacy-related templates, including DPA, consent notices, negotiation cheat sheets and playbooks, to support consistent and efficient implementation.
Advise the marketing and digital teams on global compliance requirements related to privacy practices in marketing initiatives, including use of cookies, demand generation, tracking technologies, and analytics.
Design and deliver engaging privacy and data protection training for employees across functions and levels.
Lead privacy due diligence for mergers and acquisitions and support the post-acquisition integration of privacy practices and controls.
Collaborate with stakeholders to develop, update, and enforce enterprise-wide privacy and data protection policies and procedures.
Manage and maintain public-facing privacy assets, including Paylocity’s Privacy Center, ensuring timely updates to privacy notices, cookie policies, and FAQs.

Posted October 3, 2025

Mozilla – Sr. Counsel, Privacy

Responsibilities:

Develop and implement risk-based strategies in partnership with internal teams, including Product, Engineering, People, Business Development and Marketing teams.
Evaluate and internally report on privacy-related U.S., European, and international legislative, regulatory, legal developments and industry guidelines and translate them into guidance for the business teams.
Design and evolve global privacy compliance programs and strategies across Mozilla.
Lead privacy risk assessments including DPIAs,TIAs and third-party reviews, using a scalable approach to manage and mitigate risk.
Draft, revise, and maintain consumer and developer legal terms, privacy policies, notices, and privacy trainings.
Help us embed privacy-by-design principles into workflows and product development
Work with commercial legal teams on critical privacy issues for our agreements with advertisers and other third parties.
Provide privacy advice in M&A transactions and post-close integration activities.

Posted October 2, 2025

RTX – Associate Director and Assistant General Counsel, Privacy

Responsibilities:

Advise and counsel RTX and its businesses on all aspects of global privacy and data protection law, focusing on reviews of assessments, incident response, compliance, and transactions and contracts.
Serve as the lead Privacy Professional for the RTX Corporate Office and work closely with the Privacy Professionals and Data Protection Officers and Stewards in the businesses.
Provide day-to-day legal support to the RTX Corporate organization, and where needed, in coordination with the appropriate RTX LCC function (e.g., Cybersecurity, Global Trade, Intellectual Property).
Work with the RTX Corporate functions to ensure that their policies and processes incorporate current and compliant privacy requirements.
Review privacy impact assessments and privacy terms in contracts for the RTX Corporate organization and for RTX as a whole.
Support data inventory activities related to our regulatory requirements.
Participate in and support the annual privacy self-assessment program, the internal audit testing of privacy controls, and other program effectiveness monitoring efforts.
Assist with the development, implementation, and maintenance of privacy and data protection policies, standard work, playbooks, guidance, templates, and other documentation, including our Binding Corporate Rules.
Develop and deliver training on privacy and data protection law, including continuing legal education (CLE) for lawyers and continuing professional education (CPE) for contract professionals, as well as assist with the development and delivery of general awareness training for employees, contractors, and third parties.
Manage the response to and investigation of data incidents involving personal information and be responsible for ensuring timely satisfaction of legal reporting obligations.
Manage outside counsel and vendors engaged on privacy and data protection legal matters.

Posted October 1, 2025

Instacart – Privacy Counsel

Responsibilities:

Global Privacy Leadership. Advise on global privacy regulatory and industry developments, assessing impact on and ensuring alignment with Instacart’s global objectives.
Drive privacy compliance and awareness across Instacart, including in product development, engineering, advertising, marketing, data science, HR, business development & sales, security and the global policy team.
Incident Management. Lead privacy and data security event response teams.
Innovation Leader. Serve as privacy subject matter expert for Instacart’s key initiatives, including artificial intelligence, personalization, advertising, Instacart Health and smart carts.
Strategic Program Management. Drive privacy initiatives and governance programs to scale across the organization, working in partnership with our privacy engineering and risks teams on the maturation and operationalization of Instacart’s privacy program operations.
Partner with legal team colleagues on commercial transactions and M&A activity;
Think ahead, see around corners, and help to prepare for legal issues that may arise in the future.

Posted October 1, 2025

CCC Intelligent Solutions – Data Privacy Counsel

Responsibilities:

Updating and maintaining a strategic and comprehensive privacy program that with policies and processes enable consistent, effective privacy practices which minimize risk and ensure the confidentiality of data.
Maintain subject matter expertise in areas of data use and protection laws (including state and federal consumer protection and privacy laws, GDPR, CCPA, and other global privacy laws) and advise on compliance
Assist product managers, product developers, and leadership in evaluating the impact of privacy laws, regulatory guidance and enforcement actions, and other related guidelines on product features
Support members of the technology, business, and operations teams on privacy and security-related legal matters, including areas related to partnerships, acquisitions, integrations, and other business development opportunities
Works with organization senior leadership on governance for the privacy program.
Works with security personnel to maintain alignment between security and privacy compliance programs including policies, practices, investigations.
Manages an ongoing process to track, investigate and report inappropriate access and disclosure of data. Monitor patterns of inappropriate access and/or disclosure of data.
Advises on and negotiates contractual terms related to privacy with customers and vendors.
Performs or oversees initial and periodic information privacy risk assessment/analysis, mitigation and remediation.
Conducts related ongoing compliance monitoring activities in coordination with the organization’s other compliance and operational assessment functions.
Oversees, develops and delivers initial and ongoing privacy training to the workforce.
Engages with CCC’s customers on privacy matters as needed.
Manages all required breach determinations under applicable State and Federal requirements.

Posted September 26, 2025

Consilio – Privacy Attorney – APAC

Responsibilities:

Advise on and monitor evolving privacy, data protection, cybersecurity, and cross-border data transfer laws and regulations throughout Asia and the Pacific, including but not limited to Singapore PDPA, Japan APPI, South Korea PIPA, China PIPL, and Australia’s Privacy Act.
Provide legal counsel to internal stakeholders on business initiatives involving personal data collection, use, sharing, and retention in the APAC region.
Draft and negotiate privacy-related contractual terms, including data processing agreements, cross-border data transfer agreements, and data protection clauses.
Partner with compliance, cybersecurity, product, and engineering teams to ensure data handling practices align with APAC regional laws and global company standards.
Support incident response efforts involving data breaches or regulatory inquiries in the Asia-Pacific region.
Liaise with external counsel in Asia-Pacific jurisdictions, as necessary.
Contribute to global privacy program development and implementation, including privacy impact assessments (PIAs) and data governance frameworks.

Posted September 25, 2025

Mastercard – Assistant General Counsel, Privacy, AI & Data Responsibility

Responsibilities:

Provide strategic leadership on any topic relating to privacy, data and AI as they apply to Core Payments and CNPF.
Play a pivotal role in product development and operational support for Core Payments and CNPF business lines on a daily basis, advising on product and tech design and on implementation of adequate controls.
Actively participate as a member of the PAIR Management Team, ensuring strong alignment across all PAIR units and the broader Law Department.
Cultivate future leaders within Mastercard’s Law Department by establishing the vision and mission for the PAIR Core Payments and CNPF team and drive effective execution. Lead, mentor, and develop an international team comprising over lawyers and legal professionals.
Contribute as a key member of the Core Payments and CNPF Cabinet, collaborating closely with peer legal teams on priority setting, resource allocation, and talent management.
Oversee and assess shifts in regulatory requirements—such as privacy, artificial intelligence, and data localisation—as they pertain to Core Payments and CNPF products and services.
Serve as a robust second line of defense for Vocalink Link Limited (“VLL”), representing PAIR at the VLL Board.
Support both internal and external communications on all data-related initiatives associated with Core Payments and CNPF.
Work collaboratively with regional PAIR legal counsel to maintain consistent understanding and interpretation of PAIR laws across global operations.

Posted September 24, 2025

Maximus – Sr Counsel – Privacy & Technology

Responsibilities:

State Consumer Privacy Rights Program Management: Serve as a subject matter expert on state consumer privacy laws, shaping enterprise-wide data governance and compliance strategies. Lead the implementation and ongoing management of the corporate state consumer privacy rights program, including policy development and cross-functional coordination. Collaborate with internal stakeholders to design and maintain technological and administrative solutions that support privacy compliance. Monitor regulatory developments and proactively advise senior leadership to ensure program alignment with evolving state-specific privacy laws (e.g., CCPA/CPRA, VCDPA, CPA, etc.).
Contractual and Transactional Support: Independently review and negotiate complex contracts, subcontracts, licensing agreements, and other legal documents. Identify privacy and data protection requirements, assess risks, and recommend strategic contract mitigations. Provide strategic, enterprise-level legal guidance on technology transactions and vendor engagements involving personal data.
Privacy Impact Assessments, Transfer Impact Assessments, Records of Processing Activities: Lead and oversee Privacy Impact Assessments (PIAs) and Transfer Impact Assessments (TIAs). Maintain and update Records of Processing Activities (RoPAs) in accordance with global privacy regulations. Partner with the global privacy operations team to manage cross-border data transfers, ensuring compliance with UK GDPR, SCCs, and other international frameworks. Collaborate with other functional areas, including IT, Security, Procurement, Contracts, and Compliance to embed privacy-by-design principles in enterprise systems and processes. Serve as a strategic advisor and provide training and guidance to internal teams on privacy and data protection issues.
Draft and Manage Website Privacy Statements: Draft and manage website privacy statements and policies as required by federal or state law. Independently monitor legal developments and update public-facing statements accordingly.

Posted September 24, 2025

Coinbase – Senior Counsel, Privacy Legal

Responsibilities:

Developing, implementing, and scaling Coinbase’s privacy program in partnership with Privacy Operations.
Deliver privacy legal advice and guidance to Coinbase’s product teams.
Track the rapidly changing landscape of global data protection laws, regulations, and standards, and translate them into clear requirements and actionable guidance for business and product stakeholders.
Participate in large, cross-functional projects involving data governance, data protection, and data request tools and settings for our privacy-conscious customer base.
Partner with Security and Trust & Risk to respond to privacy incidents, regulatory inquiries, law enforcement demands, and other information requests.
Oversee the drafting of and regular updates to privacy-related notices, disclosures, transparency reports, policies, and procedures.
Collaborate with Privacy Operations to build cross-functional relationships and spearhead data protection training and awareness programs to foster a privacy-centric environment throughout Coinbase.
Collaborate with product teams to implement privacy-forward, secure, and customer-centric product design.

Posted September 23, 2025

T-Mobile – Sr. Corporate Counsel – U.S. Privacy

Responsibilities:

Serve as the primary privacy advisor for U.S. advertising operations, ensuring compliance with relevant privacy laws.
Develop, enhance, and oversee U.S. privacy compliance program.
Oversee privacy impact assessments and similar analyses of existing and proposed products, services, systems, and processes.
Conduct research and analysis on privacy laws and regulations.
Partner closely with advertising teams to drive efficiency and maturity in our advertising privacy program.
Draft and update relevant internal and external facing policies, standards, and statements, where needed, to address privacy obligations.
Lead strategic initiatives to streamline the complexities of privacy requirements, ensuring robust compliance frameworks are in place.

Posted September 23, 2025

Synectics Inc. – Privacy and Technology Attorney

Responsibilities:

Advise clients on all aspects of privacy, data governance, and data security compliance.
Draft policies and agreements related to privacy, AI, and cybersecurity.
Provide legal strategy and issue-spotting across complex matters.
Maintain and develop client relationships with Fortune 100 to startup clients.
Collaborate remotely with internal legal teams and external stakeholders.

Posted September 20, 2025

Reinsurance Group of America, Inc. – VP, Data Privacy & Security Counsel

Responsibilities:

Data privacy & Protection Provide expert legal advice on global data privacy laws including GDPR, CCPA, PIPEDA, PDPA, AI laws and regulations, and other emerging regional regulations.
Cybersecurity Legal Support Provide legal guidance on cybersecurity risk management and incident response. Advise on cyber insurance coverage, claims, and regulatory reporting requirements. Support global breach notification obligations.
Data Governance & Information Management Develop and implement enterprise-wide data governance policies and procedures. Maintain legal frameworks for data classification, retention, and disposal. Advise on data and analytics product development and third-party data sharing arrangements.
Regulatory Compliance & Risk Management Monitor and interpret evolving data protection and cybersecurity regulations globally. Liaise with regulatory authorities on data protection and cyber matters.
Cross-Functional Collaboration Ability to coordinate legal and compliance response to data privacy or security incidents (investigation, remediation, and communication for example). Partner with IT, Risk Management, Compliance, and Business teams on data-related initiatives.

Posted September 20, 2025

FIRNA – Senior Director & Counsel, Enterprise Data Privacy Office

Responsibilities:

Develops and implements FINRA’s enterprise-wide data privacy strategy and roadmap, with a focus on maturing the privacy program, including refining enterprise-wide privacy policies and establishing a comprehensive risk matrix and risk register
Oversees the privacy program, including policies, standards, and controls to ensure compliance with applicable US laws and regulations
Establishes and oversees privacy compliance monitoring programs, including regular audits to ensure ongoing compliance
Oversees the Office’s program to conduct privacy impact assessments for new and existing business activities and systems across the enterprise
Leads the Enterprise Data Privacy Office, to include managing a team of legal and non-legal privacy professionals to execute the privacy program and managing the budget
Advises senior leadership on privacy risks and mitigation strategies, including those related to disruptive technologies such as generative and agentic artificial intelligence
Fosters a culture of privacy awareness and accountability across the organization, including through delivery of enterprise–wide and targeted training and communications
Collaborates cross-functionally with business units, Technology, Legal, and other stakeholders to address privacy concerns
Monitors US privacy regulatory developments and updates FINRA’s practices accordingly
Demonstration of FINRA’s values
Collaboration, both in-person and virtually, in furtherance of FINRA’s mission of investor protection and market integrity

Posted Sept. 13, 2025

Marriott International – Legal Counsel, Global Privacy & AI

Responsibilities:

As Legal Counsel, Global Privacy & AI, you will be a trusted advisor to our hospitality business leaders—offering practical, forward-thinking guidance on privacy, AI, and data-related matters that touch every corner of our operations. In this role, you will counsel the business on the intersection between innovative technology and the law and help shape how we navigate these high-impact areas across the company.

This role provides legal support and leadership for our Individual Rights and Privacy Impact and AI Assessment programs, partnering closely with the business teams that run them day-to-day. You will be expected to interpret complex global privacy and AI laws and translate them into actionable, business-aligned strategies—always with a focus on creativity, compliance, and clarity.

Posted Sept. 11, 2025

HUB International – Legal Counsel, Cybersecurity

Responsibilities:

Monitor, analyze, and provide legal advice on existing and emerging cybersecurity laws and industry frameworks, including GLBA, NYDFS, and HIPAA
Prepare SEC-required cyber disclosures.
Support incident management and collaborate closely with information security function and Senior Privacy Counsel, including advising on legal risk and data breach notification requirements.
Contribute to the ongoing improvement of cybersecurity-related legal templates & playbooks and incident response paybooks; assist with Incident Response tabletop exercises.
Review and support the negotiation of cybersecurity terms in contractual documents .
Manage regulatory reporting and registration requirements under cybersecurity laws.
Work with engineering and product teams to translate legal obligations into technical requirements.
Assist with risk assessments and provide guidance on mitigating cybersecurity risks.
Provide awareness and compliance training to legal colleagues and business clients on cybersecurity matters, including incident response.

Posted Sept. 11, 2025

Public Protection & Advocacy Bureau, Boston, MA – Attorney General Andrea Joy Campbell – Deputy Division Chief, Privacy & Responsible Technology Division

The Deputy Division Chief will take an active part in working with the Division Chief to oversee, strategize, and pursue litigation and investigations surrounding data security, data privacy, and online or digital abuses. The Deputy Division Chief will be expected to assist with the administrative oversight of the Division, including preparation of reports, tracking and management of case statuses, and setting and streamlining of internal policies and procedures. Duties will also include independently leading investigations and enforcement actions, supervising and assisting staff in their matters, as well as learning new industries and technologies, collaborating with other state and federal enforcement entities, and negotiating resolutions that serve the public interest. The Deputy Division Chief will be expected to contribute to the development and growth of all attorneys and staff in the Division. The Deputy Division Chief must effectively and efficiently work alongside many different bureaus and divisions within the Office. There are also opportunities to assist in educational and policy work to protect privacy interests and prevent the unfair and deceptive use of technology.

Posted Sept. 6, 2025

Morgan Stanley – Cyber & Privacy Counsel

Responsibilities:

Provide legal support and advice on cybersecurity, privacy, fraud and operational resilience matters impacting Morgan Stanley’s Wealth Management (WM), Institutional Securities Group (ISG), and Investment Management (IM) divisions, as well as enterprise-level business functions such as Human Resources, Operational Risk, Central Privacy Compliance (CPC), Firmwide Marketing, Firmwide AI, and Cyber, Data, Risk & Resilience.
Serve as a collaborative subject matter expert to other lawyers within the Legal and Compliance Division and provide advice to functional areas and regional business units on privacy and cybersecurity laws and requirements.
Partner closely with lead cyber & privacy counsel for WM, ISG, and IM divisions, as well as international data protection counsel, to provide strategic direction to Morgan Stanley’s business units and enterprise functions as they navigate complicated privacy and cybersecurity issues.
Advise on requirements and restrictions on the collection, use, storage and sharing of sensitive client, consumer and employee information, including with respect to Morgan Stanley’s use of artificial intelligence and machine learning technologies.
Assist in the maintenance and improvement the Firm’s cybersecurity and privacy law program, coordinating privacy, fraud, and cybersecurity legal requirements.
Work cross-functionally with Morgan Stanley’s CPC team and business unit-specific Risk Management teams to support maintenance notices, policies and procedures for privacy and information security, consistent with applicable international, federal and state laws, rules and guidance.
Partner with Morgan Stanley’s CPC Privacy Operations team to advise on Privacy Impact Assessments and data subject access rights requests.
Participate in projects addressing Morgan Stanley’s continued utilization of and leadership in artificial intelligence and machine learning.
Maintain current knowledge of applicable state, federal and international cybersecurity, privacy, fraud and system resilience laws and regulations, and work with internal stakeholders, law enforcement, and regulators to respond to and remediate incidents.
Maintain and disseminate monthly, enterprise-level communications to business, legal, risk, and compliance partners on emerging national and international trends and issues in cybersecurity and privacy law.

Posted Sept 5, 2025

Stack Overflow – Sr. Privacy Counsel

Responsibilities:

Support the business (product, engineering, etc.) to build trustworthy, privacy-first products and services, by working closely with product and engineering to advise on the management and use of data, including privacy matters related to EdTech, Advertising, and data governance.
Support our public community platform and Ads and Stack Overflow for Teams businesses.
Provide subject matter expert advice in connection with regulatory investigations, individual complaints and enquiries received related to GDPR, the management of GDPR individual data subject access rights requests and data retention.
Provide subject matter expert advice across all aspects of global privacy law and regulation.
Support product lawyer in evaluating impact of privacy laws, regulatory guidance and enforcement actions, and other related guidelines on new and existing products and features.
Develop and maintain subject matter expertise in areas of data use and protection laws and advising the impact of the same on Stack’s business
Structure, draft, review, and negotiate data protection terms in a variety of commercial agreements including master service agreements and DPAs.
Collaborate with and support the InfoSec team to obtain and maintain security certifications.

Posted Sept 5, 2025

Aledade, Inc. – Privacy Counsel, Remote

Responsibilities:

Provide legal advice and guidance on U.S. privacy laws and regulations, including HIPAA, the California Consumer Privacy Act (CCPA/CPRA), state privacy laws (e.g., Colorado, Virginia), and applicable federal laws (e.g., TCPA, FTC Act).
Collaborate with cross-functional teams – including product, engineering, security, and compliance – to identify and mitigate privacy risks in products and services.
Assist the Commercial Legal Team with review and negotiation of data protection terms in contracts with customers, vendors, and partners.
Support the development and implementation of internal privacy policies, procedures, and training programs.
Advise on incident response, including data breach investigation, notification, and remediation.
Monitor and analyze regulatory developments, enforcement trends, and industry best practices related to U.S. privacy and data protection.
Support responses to regulatory inquiries, audits, and investigations.
Help shape Aledade’s privacy strategy and ensure alignment with business goals and legal requirements.

Posted Sept 3, 2025

* * *

Looking for an older job listing? In an effort to keep this page as up-to-date as possible, we have moved Job Listings older than the date above to our Condensed Job Listings page. We hope this comprehensive list will allow you to see the many different career opportunities that exist in Privacy and Data Security Law.

Privacy Law Job Listings

PRIVACY LAW JOB LISTINGS