PRIVACY LAW JOB LISTINGS

This page gathers privacy job listings. Check links for further details, including salary, qualifications, location, and responsibilities. We advise you to apply even if you don’t quite meet requirements for years of experience, as employers often don’t adhere strictly to such requirements. Please write to us if you know of privacy law job listings we should include.

NOTE: As we often don’t know when positions are filled, not all positions listed on this page are still open. Posted dates are approximations.

* * *

GE Appliances – Associate General Counsel- Data Privacy and Cybersecurity

Responsibilities:

Develop, implement, and lead a global privacy strategy that aligns with Company’s objectives, relevant laws and regulations, and industry best practices
Serve as a point of contact for privacy and security‐related customer and regulatory inquiries and investigations
Lead the Company’s Privacy Committee and Executive Privacy Council
Present Privacy Program updates to C‐Suite, Board of Directors, Governance and Risk Committees
Work closely with Chief Digital Technology and Information Security teams to document Data Governance strategies and classification standards
Work closely with business teams on product innovation, data mapping, data collection, and PIA assessments
Work with cross‐functional teams to draft and review privacy policies, procedures, internal and external facing privacy notices to ensure compliance with privacy and cybersecurity laws
Collaborate with internal business teams, such as legal, information technology, engineering, and business units, to resolve complex privacy and risk management issues and to assess cybersecurity measures and response protocols
Stay informed of changes and developments in privacy laws, regulations, standards, and guidance, and communicate these changes effectively to relevant stakeholders
Lead education programming and training for employees in data privacy and cybersecurity to foster a culture of security and privacy

Posted July 11, 2025

RVO Health – Senior Corporate Counsel, Privacy

Responsibilities:

Provide legal and privacy guidance to all business lines focusing on healthcare technology, digital advertising, marketing, digital media, and publishing.
Support an expanding, comprehensive consumer healthcare platform and ensure compliance with global, federal, and state privacy, data protection, and healthcare laws.
Collaborate with enterprise teams to incorporate privacy-by-design in product development and enhancement.
Conduct enterprise privacy training on company privacy policies and relevant data protection laws.
Stay updated on global, federal, and state privacy laws and data protection regulations, assessing their impact on company products and services.
Assist with incident response and investigations

Posted July 10, 2025

American Express – Manager & Counsel, Privacy & Data Law

Responsibilities:

Advise B2C and B2B businesses with day-to-day data protection and privacy queries across the U.S. region, including across nascent and developing areas.
Provide guidance for new product launches, strategic initiatives, and practical risk mitigation strategies.
Draft and negotiate commercial agreements relating to data protection and privacy, including co-brand and business partner agreements and data processing agreements.
Oversee the development and maintenance of data privacy related policies and guidance, including reviewing and drafting privacy notices and disclosures.
Draft and uplift data protection and privacy templates and guidance documents/playbooks.
Provide legal support for regulatory change management projects

Posted July 8, 2025

Regeneron – Director, Privacy Counsel

Responsibilities:

Providing advice and counseling on a wide range of privacy and related issues such as advising on sensitive data, digital advertising, and use of emerging technologies/AI.
Strategically assess potential privacy risks on new projects, including risk-mitigation counseling and advising on appropriate controls.
Monitoring emerging regulations and supporting the operationalization of compliance with evolving laws.
Upkeep and development of internal policies, procedures, and guidance documents; educating business clients through training and awareness programs; Improving and counseling on privacy program operations.
Leading Regeneron’s Privacy Steward Council to drive initiatives that enhance data privacy across the organization.
Collaborating with our Government Affairs division on opportunities to influence legislation.
Assisting contracting teams in drafting, maintaining, and negotiating data processing agreements.
Participating in industry group meetings to stay updated on best practices and emerging trends.

Posted July 6, 2025

William Blair – Counsel/Senior Counsel and Privacy Compliance Officer

Responsibilities:

Provide global legal guidance and leadership to internal teams on privacy matters that affect the firm, with an eye towards holistic impact.
Serve as subject matter expert and resource on issues related to privacy and data protection.
Monitor the evolution of the privacy regulatory landscape in various jurisdictions and incorporate new laws and regulations into the privacy framework.
Draft internal and external privacy notices and disclosures, contract templates, and related data privacy and protection documents.
Review third-party vendor contracts for compliance with privacy and data protection requirements, including cross-border data processing and standard contractual clause requirements.
Work effectively across business units and internal functions to resolve business and risk management issues related to privacy and data protection.
Serving as a primary point of contact for data privacy supervisory authorities across the globe.
Coordinate with internal stakeholders to create and manage data use in compliance with the firm’s privacy framework and relevant privacy laws.
Manage the general life cycle of data recording and deletion at the firm, including documentation of processing activities, an organizational data map, cookie compliance, and a process to maintain the integrity of records.
Create, implement, and record privacy assessments, including privacy risk and transfer impact assessments, and other required privacy procedures to ensure compliance with global privacy laws.
Respond to and manage privacy related inquiries and investigations on a global basis, including complex privacy-related complaints, data subject requests, and support for interactions with local privacy authorities.
Maintain processes and readiness to address personal data breaches.
Develop and deliver privacy training to business stakeholders across the firm.

Posted July 5, 2025

Ibotta – Privacy Lawyer

Responsibilities:

Advise on privacy and data protection laws and regulations, including GDPR, CCPA/CPRA, Colorado Privacy Act, FTC Act, ePrivacy Directive, and other global frameworks.
Draft and negotiate data processing agreements (DPAs), privacy terms, and contractual provisions related to data acquisition, use, licensing, and transfer.
Lead and support privacy impact assessments (PIAs), data protection impact assessments (DPIAs), and record-keeping obligations.
Partner with product, engineering, and security teams to ensure products are designed and maintained in compliance with privacy laws.
Develop and maintain internal policies, procedures, and training programs related to data privacy.
Develop and maintain external privacy notices, policies, and other privacy-related regulatory disclosures.
Monitor regulatory developments and guide the company’s response to new and evolving data protection laws.
Support incident response and breach notification processes as needed.
Liaise with external counsel and regulators, as appropriate.

Posted July 5, 2025

Neurocrine Biosciences – Senior Privacy Counsel

Responsibilities:

Design, implement, and maintain a comprehensive privacy program aligned with U.S. and international regulations, including but not limited to GDPR, UK GDPR, HIPAA, Switzerland’s FADP, TCPA, CAN-SPAM, and various U.S. state privacy laws
Develop and enforce company-wide privacy policies, standards, and procedures
Develop and deliver privacy training programs to educate employees on data protection obligations and best practices
Monitor developments in privacy laws and regulations globally, providing actionable guidance to the business on maintaining compliance
Ensure appropriate processes are in place for compliance with data protection regulations, including data subject rights, data processing activities, and cross-border data transfers
Conduct privacy impact assessments (PIAs) and data protection impact assessments (DPIAs)
Identify and remediate privacy risks, working collaboratively with relevant stakeholders
Serve as a key advisor to cross-functional teams, including IT, HR, marketing, and R&D, on privacy-related matters
Collaborate with legal counsel and external stakeholders on privacy issues and incidents
Lead and/or collaborate with colleagues on the investigation and resolution of any privacy incidents, including regulatory notifications and root-cause analyses
Provide regular updates to the leader and senior management on privacy compliance status, risks, and initiatives

Posted July 4, 2025

Insulet Corporation – Senior Privacy Counsel

Responsibilities:

Insulet is committed to balancing innovation while protecting individual privacy and has embraced privacy and data protection as core to the successful execution of our business strategy. As part of that commitment, Insulet has established a robust privacy program and is adding talent to our US Data Compliance and Privacy team – Legal Department.
The Sr Manager – Privacy Counsel role will ensure compliance with privacy and data protection laws (e.g. HIPAA, CCPA, GDPR) while enabling data-driven innovation, with particular focus on supporting Insulet’s projects in North America.
The position will report to the Director, Data Compliance and Privacy who provides global privacy and AI compliance support.
The ideal candidate will have the ability to think and act both strategically and tactically with respect to the needs of business clients and their objectives while ensuring that Insulet remains compliant with privacy and data protection laws and other laws relating to data as well as industry best practices in medical devices/ digital health industry.

Posted July 3, 2025

Norwegian Cruise Line Holdings – Director Associate Counsel Data Privacy

Responsibilities:

Lead the development and execution of privacy, data protection, and artificial intelligence compliance strategies across enterprise-wide contract negotiations, ensuring robust risk mitigation and alignment with NCLH’s legal and business objectives.
Serve as a strategic advisor to senior leadership and business units by reviewing new and evolving initiatives for compliance with global privacy, data protection, and AI regulations, ensuring the organization maintains a proactive and compliant posture.
Drive regulatory compliance in consumer communications and marketing initiatives, offering strategic oversight to ensure alignment with consumer protection, advertising, and digital engagement laws.
Lead cross-functional collaboration in incident response efforts, including high-impact data breach investigations and reporting, working closely with the Office of Cybersecurity, Digital Experience Team, and Data Governance to ensure effective containment, analysis, and compliance.
Monitor and assess global regulatory trends in privacy and AI, translating legal developments into actionable business strategy and advising the organization on emerging risks and opportunities.
Direct the design, implementation, and continuous improvement of NCLH’s privacy and AI compliance frameworks, including policies, procedures, data handling protocols, and stakeholder communications.
Develop and oversee enterprise-wide training and awareness programs, cultivating a culture of compliance and accountability around privacy, data protection, and responsible AI use across all levels of the organization.
Provide leadership for key Privacy Office programs, including enterprise privacy impact assessments (PIAs), AI risk assessments, website tracking audits, and fulfillment of data subject rights under global privacy regulations.

Posted July 3, 2025

Take-Two Interactive – Senior Director & Counsel, Privacy

Responsibilities:

Provide day-to-day and strategic privacy advice to Take-Two’s game labels and corporate services including on product development, marketing, marketing technology, analytics, and employment activities
Apply practical, risk-based privacy approaches to a variety of complex privacy and data issues involving new technologies, AI, and game services delivered through console, PC, mobile, and web experiences
Serve as a privacy lead and manage privacy reviews across multiple games and key projects simultaneously
Guide the maintenance and continued development of the privacy program including data diligence, PIAs / DPIAs, policies and procedures, compliance, and training
Lead pre-contract privacy diligence and review / negotiate privacy terms with vendors and business partners – including collaboration across Legal, Security, HR, and game publishing labels
Collaborate with customer support, technology, security, and data teams to help address data requests, regulatory inquiries, and incident response
Serve as part of a global team of lawyers, paralegals, and staff helping Take-Two’s game labels create the most innovative and creative products as efficiently as possible

Posted July 3, 2025

Instacart – Privacy Counsel

Responsibilities:

Global Privacy Leadership. Advise on global privacy regulatory and industry developments, assessing impact on and ensuring alignment with Instacart’s global objectives.
Drive privacy compliance and awareness across Instacart, including in product development, engineering, advertising, marketing, data science, HR, business development & sales, security and the global policy team.
Incident Management. Lead privacy and data security event response teams.
Innovation Leader. Serve as privacy subject matter expert for Instacart’s key initiatives, including artificial intelligence, personalization, advertising, Instacart Health and smart carts.
Strategic Program Management. Drive privacy initiatives and governance programs to scale across the organization, working in partnership with our privacy engineering and risks teams on the maturation and operationalization of Instacart’s privacy program operations.
Partner with legal team colleagues on commercial transactions and M&A activity

Posted July 2, 2025

Docusign – Sr. Legal Counsel, Cybersecurity

Responsibilities:

Provide expert legal advice to our teams as it relates to managing cybersecurity risks and compliance with global cybersecurity laws and regulations
Provide legal guidance on regulatory, third-party, and internal security audits, and work with teams to scope and perform periodic security hygiene assessments, mitigation and remediation
Help enhance Docusign’s data governance posture, including data governance operations and documentation, employee training on data governance and security obligations, promoting a culture of awareness and compliance throughout the organization, policy enforcement, data compliance program monitoring and auditing, and third-party risk assessment
Collaborate with the global legal team to align security and data practices across the company, ensuring a unified approach to data protection
Support building and improving incident detection and response processes
Provide support and counsel during cybersecurity-related investigations and the response to data incidents, including breach notification and mitigation strategies, to minimize impact and maintain trust
Remain up-to-date on relevant data security laws and regulations, industry approaches to data governance program management, and on data compliance and security technological developments, threat vectors, and evolving industry standards to provide solutions to complex issues
Help prepare board and executive presentations, regulatory filings, and other legal disclosures to ensure accuracy and completeness of cybersecurity representations
Support global AI governance, helping the business teams continue innovating responsibly

Posted July 1, 2025

Atlassian – Director of Privacy, Data Counsel

Responsibilities:

Collaborate with Legal teammates, product teams, and engineering teams to build trustworthy, privacy-conscious products our customers love
Advise business teams on privacy considerations for customer data lifecycle and use, including with AI and machine learning
Partner with cross-functional stakeholders and leadership (including trust, marketing, sales, and others) on customer privacy initiatives
Scale Atlassian’s privacy program by developing and implementing customer data lifecycle policies, practices, and processes
Drive awareness of data privacy, including developing business trainings and guidance

Posted July 1, 2025

Mastercard – Senior Counsel, Privacy, AI & Data Responsibility

Responsibilities:

Analyze Cybersecurity solutions in light of privacy and cyber law requirements with the aim of identifying the relevant process and infrastructure requirements to ensure compliance with applicable privacy, cyber, AI and data protection laws globally
Develop contract structures that address privacy and cyber security requirements and lead the integration of M&A acquisition, review and negotiation of applicable privacy and cyber security language in agreements with affiliates, vendors, and customers
Provide day-to-day support to Cybersecurity business teams and perform privacy, AI and cyber-law assessments in line with Mastercard’s privacy, cyber, AI and data protection policies and processes.
Increase awareness among business clients, global privacy and legal teams regarding privacy and cyber security pertaining to Mastercard Cybersecurity solutions through training and other initiatives.
Ensure overall compliance by integrating M&A acquisitions seamlessly into existing frameworks, maintaining adherence to global privacy, cybersecurity, AI, and data protection standards.

Posted June 29, 2025

Wise – Privacy Counsel – NorthAm & LATAM

Responsibilities:

Localize group policies and drive the implementation of global and regional requirements for the NorthAm and LATAM regions
Partner with business and engineering teams on the design and launch of innovative products for the NorthAm and LATAM markets
Advise on the privacy aspects of Wise platform partnerships and arrangements with partner banks and financial institutions, including contractual arrangements
Support expansion activities for launching Wise products and services in new jurisdictions
Oversee privacy compliance for NorthAm and LATAM entities and support reporting to oversight committees and entity boards in the regions
Support periodic global and regional audits of privacy compliance within Wise.
Keep up with evolving regulatory requirements in the region and translate them into actionable business requirements
Support implementation of the Wise AI Governance framework, monitor emerging AI regulations and guidelines in the NorthAm and LATAM regions and support associated regulatory change initiatives

Posted June 29, 2025

Lensa – Privacy Counsel

Responsibilities:

Partner with the Chief of Privacy to drive the execution of the enterprise privacy strategy and advance the privacy roadmap.
Maintain understanding and expertise of new and evolving privacy regulations including domestic and international laws and provide actionable guidance to ensure compliance and strategic alignment.
Act as subject matter expert and primary escalation point for data protection issues in contracting.
Draft, negotiate, and close privacy and data protection agreements with clients and vendors, and support data protection negotiation in commercial contracting process.
Work closely with commercial legal team on improvements to privacy contracting process, tools and related efficiencies.
Collaborate with cross-functional stakeholders – including sales, product, engineering, and operations – to embed privacy-by-design principles into product development and business processes.
Perform regular privacy assessments of new and existing business processes (including through data protection impact assessments as applicable).
Provide practical and timely advice to internal clients in compliance with applicable data protection requirements, including those relating to cross-border data transfers.
Draft, maintain, and optimize privacy-related templates, including DPA, consent notices, negotiation cheat sheets and playbooks, to support consistent and efficient implementation.

Posted June 29, 2025

Goldman Sachs – Legal, Privacy & Cyber Law Attorney, Vice President

Responsibilities:

Provide legal advice to company affiliates in the Americas and globally on the full range of privacy, data governance and cybersecurity issues.
Review cyber and data exposure incidents and make determinations as to whether any regulatory and/or individual notifications are required. Draft / review and submit such notifications.
Advise colleagues in the Employment Law Group on matters pertaining to employee privacy (including monitoring programs, data analytics issues, notice and consent requirements, etc.).
Work closely with other colleagues in Legal, Compliance and Risk who focus on consumer and client related privacy matters.
Assist in responding to requests to exercise data subject rights (e.g., access, deletion, etc.).
Review, assist and advise on Data Protection Impact Assessments.
Provide legal analysis and advice in relation to international transfers of personal data.
Review and as needed uplift existing policies and procedures regarding privacy. Draft / review new policies, procedure, best practice documents, as needed.
Review and negotiate data protection and information security terms in vendor agreements, confidentiality agreements, etc.
Prepare data protection-related training materials for use online, via videoconference and in live sessions.
Liaise with colleagues in Europe, the Middle East and Africa (“EMEA”) and APAC to promote consistent data protection / privacy practices globally.
Monitor and respond to developments in privacy and information security (i.e., new laws, regulations, important case decisions, regulatory guidance, etc.).
Advise on privacy issues arising from the full range of marketing efforts and Web-related advertising activities.
Play a central role in compliance readiness programs to prepare for new privacy laws and regulations globally.

Posted June 28, 2025

Warner Bros. – Senior Counsel, Legal, Privacy & Data Strategy

Responsibilities:

Draft, review, and negotiate privacy, security, advertising, and data terms for complex business and transactional agreements, including service/SAAS, ad tech, ad sales, and data sharing agreements as well as contracts with major distributors and bundle partners for WBD’s flagship streaming service (HBO Max) and other products, to align with strategic business objectives and comply with applicable laws.
Provide advice and guidance that breaks down statutory, regulatory, and contractual obligations into actionable business and technical requirements.
Develop and maintain global, strategic positions, templates, and documentation for distribution and other agreements, including data terms.
Advise on privacy, legal, data strategy, and data security issues for Engineering, Product, Technology, Ad Sales, Ad-Tech, and Digital Marketing teams.
Work with business stakeholders and technical subject matter experts on complex and innovative ad sales, ad-tech, and digital marketing products, including advanced advertising initiatives, clean rooms, data safe havens, etc.
Work with stakeholders across WBD on consumer-facing product counseling, digital marketing, advertising, AI/ML, and other data initiatives to provide strategic, creative, and innovative global privacy advice for their own portfolio of high-profile brands, products, and franchises, which could include HBO Max, CNN, Bleacher Report, WB Games, Theatrical/Home Entertainment, Wizarding World/Harry Potter, HGTV, Food Network, etc.
Provide guidance and support to other Privacy Legal & Data Strategy team members involved in similar projects globally.
Review, develop, and maintain legal research, analysis, templates, checklists, training, and other materials.
Help educate stakeholders and others on the Privacy & Data Strategy Team on complex privacy matters related to privacy-enhancing technology and other data-driven privacy initiatives.
Monitor developments and maintain internal documentation about US privacy laws, requirements, litigation, enforcement actions and priorities, and industry standards and practices.

Posted June 27, 2025

Digital Realty – Sr. Manager, Corporate Counsel, Privacy

Responsibilities:

Support and advise on the Company’s global data protection program consistent with relevant laws and regulations, including on best practices, mitigation of privacy risk, and compliance with U.S. and global data protection laws, legal and regulatory aspects of data collection and use, privacy disclosures and transparency, consent forms, and related issues.
Review and advise on privacy considerations related to systems and data processing activities, as well as emerging products and technologies while partnering with cross-functional, global teams to ensure the design of new products, features, and business initiatives incorporate privacy and data security compliance.
Provide legal support for the strategic reviewing, drafting, and negotiating of privacy and data security terms in contracts with business partners and vendors, including data processing agreements, intra-company data transfer agreements, and standard contractual clauses (SCCs), and other data protection terms in agreements.
Prepare Transfer Impact Assessments.
Provide legal support on investigations involving reports of inappropriate or unauthorized access, loss or disclosure of personal data, including advising on potential liability, identifying legal obligations, and supporting incident response efforts.
Support development of enterprise-wide best practices for incident response readiness and advising on all aspects of incident response, whether privacy and/or cybersecurity related.
Experience with data loss prevention and cybersecurity events, including forensic investigations, breach notifications, and cybersecurity preparedness.

Posted June 27, 2025

Dimensional Fund Advisors – Privacy Counsel

Responsibilities:

Supporting Dimensional’s business on all privacy matters, including to ensure compliance with global data protection laws and regulations (e.g., GDPR, PECR, Regulation S-P)
Tracking and advising on legal, regulatory, and policy developments as they relate to data collection and use, online privacy, tracking and analytics, public engagement and related issues
Drafting, updating, and maintaining privacy policies and statements, including obtaining necessary internal approvals for such documents
Advising on the response to potential privacy and data incidents
Advising on the response to data subject access requests and similar events
Overseeing and working with outside counsel on the legal aspects of privacy matters
Drafting and updating data protection agreements, addenda, and amendments (third-party and affiliate relationships)
Advising business teams on privacy-related product improvements
Researching legal issues and preparing memoranda to advise the business of privacy-related risks
Assisting in the development of in-house legal templates
Contributing to the development of internal procedures and methodologies
Advising on novel requirements for engaging with the general public globally (including generating media from events and conferences)

Posted June 25, 2025

Highmark Health – Senior Counsel (Privacy)

Responsibilities:

Perform management responsibilities to include, but are not limited to involved in hiring and termination decisions, coaching and development, rewards and recognition, performance management and staff productivity. Plan, organize, staff, direct and control the day-to-day operations of the department; develop and implement policies and programs as necessary; may have budgetary responsibility and authority.
Provide regular legal support for one or more discrete units of the Corporation; demonstrate deep knowledge of the Corporation’s business, while retaining the discipline of legal analysis; interpret law and apply to internal / external business issues and recommend best practices; provide timely, accurate, comprehensive, thorough and practical legal advice and prepare effective documents based upon knowledge of federal, state and other applicable law and the regulatory environment in which the Corporation functions; apply sound business judgment to the provision of legal advice; have highly advanced expertise in areas of legal practice that are necessary to effectively provide legal counsel; is viewed as a subject matter expert; provide results of analysis to other attorneys in the Department or directly to appropriate management and staff of the Corporation; provide legal advice to management and staff; able to provide direction to other staff regarding advice or requests for advice from business.
Maintain positive, responsive, consistent and effective relationships with other members of the Department, as well as management and other staff of the Corporation, and teams of inside / outside counsel; effectively manage, educate and mentor other attorneys and/or paralegals; educate internal customers on legal issues; maintain and foster productive relationships between the Corporation and external parties.
Manage litigation, transactions or other matters and/or assist and work cooperatively with and/or supervise outside legal counsel, including outside lawyers from approved law firms used by the Corporation; may direct such work of outside legal counsel or facilitate such work of outside counsel to address issues effectively and efficiently, including minimizing outside legal counsel fees and expenses, as appropriate. Willing and able to assist others in effectively managing matters as necessary / appropriate.
Have excellent skills in preparing precise, thorough and responsive legal memoranda, contracts, pleadings, analyses, correspondence and other relevant documents; perform legal research and investigate facts; exhibit a strong attention to detail and work ethic; able to handle complex legal matters or projects independently; able to effectively mentor others in development of similar skills.
Should have excellent decision-making capability and should be highly proficient in being able to make business-oriented yet legally compliant recommendations.

Posted June 21, 2025

Entrust – Corporate Privacy Attorney

Responsibilities:

Work closely with our Product and Engineering teams to ensure privacy by design and ongoing compliance with biometric, privacy, AI and cyber security laws and regulations.
Perform various privacy impact assessments and advise business stakeholders regarding applicable privacy requirements.
Develop and improve Entrust’s privacy compliance program to meet requirements of existing and emerging laws.
Advise colleagues across our business on customer-facing matters such as coordinating responses to customer privacy and security concerns including AI governance and transfer impact assessments, communicating Entrust’s privacy compliance and safeguards.
Support the wider legal, procurement and growth teams with client deals including being a point of escalation for contract negotiations.
Respond to day-to-day privacy queries from across the Entrust business including on Product, HR, Contracts, Client queries, End User and Law Enforcement requests.
Lead on privacy vendor due diligence and ongoing vendor management matters, undertaking risk assessments, developing supplier privacy compliance frameworks and managing records of processing including client notifications.
Work collaboratively with key stakeholders, including Product, Marketing, Compliance, Legal, Strategy, HR and Information Security teams, setting clear accountabilities and policies for data protection.
Assist in the creation and delivery of training, legal resources and playbook content.
Monitor global privacy, AI and biometric regulation and policy developments, advise on risks and opportunities arising from emerging laws and help drive Entrust’s policy positions.

Posted June 20, 2025

Conduent – Assistant General Counsel, Cybersecurity

Responsibilities:

Providing legal support related to cybersecurity incidents, compliance, and contract negotiations.
Staying updated on evolving laws and regulations in cybersecurity, privacy, AI, and data governance.
Collaborating with IT, risk, and privacy professionals to refine cybersecurity policies and best practices.
Supporting the Chief Information Security Officer and team on incident response, vendor contracts, and risk mitigation.
Liaising with the Data Privacy team to address cyber-related legal concerns.
Engaging with clients, regulators, vendors, and internal teams regarding cybersecurity and privacy matters.
Managing outside counsel and vendors engaged in cybersecurity legal issues.
Educating the Legal Department on emerging cybersecurity laws and risks.
Handling litigation, compliance, and contract-related legal matters as assigned.

Posted June 19, 2025

RVO Health – Senior Corporate Counsel, Privacy

Responsibilities:

Provide legal and privacy guidance to all business lines focusing on healthcare technology, digital advertising, marketing, digital media, and publishing.
Support an expanding, comprehensive consumer healthcare platform and ensure compliance with global, federal, and state privacy, data protection, and healthcare laws.
Collaborate with enterprise teams to incorporate privacy-by-design in product development and enhancement.
Conduct enterprise privacy training on company privacy policies and relevant data protection laws.
Stay updated on global, federal, and state privacy laws and data protection regulations, assessing their impact on company products and services.
Assist with incident response and investigations

Posted June 18, 2025

Ibotta – Privacy Lawyer

Responsibilities:

Advise on privacy and data protection laws and regulations, including GDPR, CCPA/CPRA, Colorado Privacy Act, FTC Act, ePrivacy Directive, and other global frameworks.
Draft and negotiate data processing agreements (DPAs), privacy terms, and contractual provisions related to data acquisition, use, licensing, and transfer.
Lead and support privacy impact assessments (PIAs), data protection impact assessments (DPIAs), and record-keeping obligations.
Partner with product, engineering, and security teams to ensure products are designed and maintained in compliance with privacy laws.
Develop and maintain internal policies, procedures, and training programs related to data privacy.
Develop and maintain external privacy notices, policies, and other privacy-related regulatory disclosures.
Monitor regulatory developments and guide the company’s response to new and evolving data protection laws.
Support incident response and breach notification processes as needed.
Liaise with external counsel and regulators, as appropriate.

Posted June 13, 2025

OneTrust – Head of Privacy & AI Governance

Responsibilities:

Develop and execute a comprehensive privacy and AI governance strategy aligned with global regulations and business objectives.
Oversee privacy and AI compliance programs, ensuring adherence to frameworks such as GDPR, CCPA, EU AI Act, and emerging AI regulations.
Translate complex privacy and AI compliance requirements into strategic opportunities for product differentiation.
Work closely with Product, Engineering, and Marketing teams to integrate privacy-enhancing technologies into our platform in ways that create market value.
Lead Customer Zero (C0) feedback and implementation initiatives to ensure privacy and AI governance features are tested, iterated, and refined based on real-world use cases.
Collaborate with various teams to ensure that privacy and AI ethics are integrated into our product development, engineering, and business operations.
Partner with Legal, Information Security, and Product teams to integrate privacy and AI risk management into business processes.
Lead the organization’s response to privacy and AI-related incidents, regulatory inquiries, and compliance audits.
Foster a culture of ethical AI use and privacy awareness across the organization.
Communicate complex technical and ethical concepts to non-technical audiences effectively.
Represent the organization at industry conferences and regulatory discussions.
Build relationships with commercial partners, regulators, and industry bodies.
Publish research or thought leadership on responsible AI topics.
Bridge business growth objectives with responsible innovation.
Influence product strategy and business decisions through a responsible AI lens.

Posted June 14, 2025

LPL Financial – SVP, Associate General Counsel, Chief Privacy Officer

Responsibilities:

Lead a team of dedicated privacy attorneys and professionals, providing guidance on substantive legal issues and thoughtfully contributing to their career development. The CPO is a member of various authorized risk committees, as well as executive leadership for projects at the firm. As such, the ability to influence strategy with executive stakeholders is critical.
Stay abreast of relevant privacy laws and regulations, including Gramm-Leach-Bliley Act (GLBA) and Regulation S-P, applicable state laws, such as the California Consumer Privacy Act (CCPA), and other applicable regional or industry-specific regulations. Experience with the General Data Protection Regulation (GDPR) compliance is a plus but not required.
Develop and maintain privacy policies, procedures, and guidelines that align with legal requirements and industry best practices. Communicate and educate employees on these policies to foster a culture of privacy awareness and compliance.
Develop and deliver privacy training programs to educate employees about their responsibilities regarding data protection and privacy. Raise awareness of privacy-related risks and best practices throughout the organization.
Maintain and enhance procedures for handling and responding to privacy incidents. Coordinate with relevant stakeholders, such as Cybersecurity teams, Technology teams, Regulatory Affairs, and Corporate Communications to ensure timely and appropriate incident response.
Advise and oversee LPL’s response to fulfilling various data subject rights. Work collaboratively with Technology and Data Governance teams to establish processes and systems to efficiently handle and document data subject rights afforded by applicable law.
Draft and negotiate a high volume of provisions and agreements for a wide variety of commercial and technology contracts; collaborate with Commercial Contracts team to drive standards around privacy and data protection provisions, and handle escalations where the norm is not applicable.
Serve as the legal leader for AI matters at LPL. Actively participate as a member of the AI Governance Committee and other governance forums. Organize and informally lead a group of legal subject matter experts in support of various AI initiatives. Stay up to date on legal, regulatory, and technological developments relating to AI.

Posted June 13, 2025

Amazon – Corporate Counsel, Central Privacy Legal

Responsibilities:

Amazon’s Privacy Legal team is looking for a talented attorney with privacy experience to advise on policies and practices for the collection, storage, and use of personal information across all of the company’s business lines.

Responsibilities will include working closely with business leaders, legal teams, and our public policy team to advise on all aspects of global privacy laws and regulations. As a subject-matter expert, you’ll help chart the company’s long term strategy for handling customer information associated with our retail operations, online advertising activities, electronic devices, and other business areas, as well as work directly with teams that are implementing privacy infrastructure for Amazon and its subsidiaries. You will also consult directly with lawyers and business leaders throughout the company and its subsidiaries to help shape the development of innovative new products and services and to implement new or evolving data protection regulation, including regulation relating to children and teens. And you’ll work closely with our public policy, public relations, and other teams to help explain our policies and practices to regulators and customers.

Posted June 12, 2025

Aura – Senior Privacy & Cybersecurity Lawyer

Responsibilities:

Provide expert legal advice on privacy, data protection, and cybersecurity laws and regulations applicable to the company’s operations, products, and services.
Advise internal stakeholders on global privacy laws and regulations, including GDPR, CCPA, HIPAA, and other relevant data protection frameworks.
Review and negotiate contracts and agreements (e.g., vendor agreements, NDAs) from a data privacy and security perspective.
Oversee the creation, implementation, and maintenance of privacy policies, risk assessments, security protocols and internal training.
Support product teams by offering legal guidance on privacy-by-design principles, ensuring privacy considerations are integrated into product development and service offerings.
Conduct privacy impact assessments (PIAs) and risk assessments, advising on mitigation strategies.
Monitor and stay up-to-date with evolving global privacy laws, regulations, and trends in the cybersecurity space.
Work closely with other legal, compliance, and security teams to ensure a holistic approach to privacy and security risk management.
Manage and respond to data subject access requests (DSARs) and other privacy-related inquiries.
Support internal and external investigations and audits related to data security and privacy policies and practices.
Lead the company’s privacy and security compliance programs, ensuring alignment with industry best practices and regulatory requirements.

Posted June 12, 2025

Stripe – Privacy Counsel

Responsibilities:

Partner closely with cross-functional teams (e.g., Product, Engineering, Security, Data Science, GTM) to assess potential privacy and security risks for Stripe’s products and operational processes and design mitigative measures
Develop, enhance, and implement Stripe’s privacy infrastructure, policies, and procedures to effectively scale privacy throughout the organization and embed privacy-by-design principles in Stripe’s product development lifecycle and operational processes
Oversee and manage privacy compliance functions, including Stripe’s processes for conducting Data Protection Impact Assessments (DPIAs), responding to Data Subject Access Requests (DSARs), and maintaining Records of Processing Activities (ROPAs) to ensure compliance with applicable privacy regulations
Manage and coordinate the response to privacy and security incidents, collaborating closely with cross-functional teams to assess and mitigate risks, ensure compliance with data breach notification requirements, and develop and implement effective resolution strategies
Support commercial transactions by negotiating and drafting Data Processing Agreements (DPAs) and other privacy-related contractual provisions, ensuring compliance with applicable data protection laws while facilitating business objectives.
Help build Stripe’s compliance program for AI and ML.

Posted June 11, 2025

Omnissa – Privacy Counsel

Responsibilities:

Lead the development, implementation, and continuous improvement of our global privacy compliance program
Own the drafting, maintenance and management of internal policies, processes and procedures, as well as external privacy documentation, including privacy notices
Partner with engineering, product, security, marketing, HR and other business functions to assess privacy risks and develop practical, creative and scalable solutions to minimize privacy risks while enabling business goals
Oversee privacy impact assessments (PIAs), transfer impact assessments (TIAs), trustworthy AI assessments, and vendor due diligence
Lead or support responses to regulatory inquiries, audits, and investigations
In coordination with our Cybersecurity Counsel and other appropriate staff, lead the investigation of privacy breaches and other privacy-related violations
Contribute to privacy training and awareness initiatives across the organization; conduct privacy trainings
Draft, negotiate, and close privacy and data protection agreements with customers, vendors and partners; continue to develop template and playbook materials for contracting and advise/train members of the legal department on handling privacy-related language in contracts
Oversee company responses to individual rights requests
Stay current with applicable and emerging global data privacy and security laws, including CCPA, GDPR, and other U.S. and international privacy laws
Advise leadership and business stakeholders on risk, trends, and emerging obligations

Posted June 11, 2025

Paylocity – Privacy Counsel

Responsibilities:

Partner with the Chief of Privacy to drive the execution of the enterprise privacy strategy and advance the privacy roadmap.
Maintain understanding and expertise of new and evolving privacy regulations including domestic and international laws and provide actionable guidance to ensure compliance and strategic alignment.
Act as subject matter expert and primary escalation point for data protection issues in contracting.
Draft, negotiate, and close privacy and data protection agreements with clients and vendors, and support data protection negotiation in commercial contracting process.
Work closely with commercial legal team on improvements to privacy contracting process, tools and related efficiencies.
Collaborate with cross-functional stakeholders – including sales, product, engineering, and operations – to embed privacy-by-design principles into product development and business processes.
Perform regular privacy assessments of new and existing business processes (including through data protection impact assessments as applicable).
Provide practical and timely advice to internal clients in compliance with applicable data protection requirements, including those relating to cross-border data transfers.
Draft, maintain, and optimize privacy-related templates, including DPA, consent notices, negotiation cheat sheets and playbooks, to support consistent and efficient implementation.
Advise the marketing and digital teams on global compliance requirements related to privacy practices in marketing initiatives, including use of cookies, demand generation, tracking technologies, and analytics.
Design and deliver engaging privacy and data protection training for employees across functions and levels.
Lead privacy due diligence for mergers and acquisitions and support the post-acquisition integration of privacy practices and controls.
Collaborate with stakeholders to develop, update, and enforce enterprise-wide privacy and data protection policies and procedures.
Manage and maintain public-facing privacy assets, including Paylocity’s Privacy Center, ensuring timely updates to privacy notices, cookie policies, and FAQs.
Support privacy-related initiatives, providing legal advice and strategic guidance across business units on privacy risks, mitigations, and best practices.

Posted June 8, 2025

Fortis Games – Senior Legal Counsel, Privacy & Compliance

Responsibilities:

Oversee and enhance the compliance function to ensure alignment with legal and ethical requirements across all operations.
Develop, implement, and maintain comprehensive compliance policies and procedures.
Lead ad-hoc compliance projects related to GDPR, game design, and other regulations.
Identify gaps in compliance and develop solutions to address them
Advise on global privacy and data protection laws (e.g., GDPR, CCPA/CPRA, COPPA) impacting game development, publishing, and marketing.
Collaborate with engineering, product, and marketing teams to integrate privacy-by-design into game features and systems.
Conduct privacy impact assessments (PIAs) and ensure compliance with data protection regulations.
Partner with compliance, central, and game teams to integrate legal requirements into product development.
Collaborate with senior stakeholders to align compliance strategies and address emerging risks.
Work with the General Counsel to mitigate potential compliance risks and ensure legal standards are upheld.
Develop and deliver training on compliance and privacy topics.
Foster an internal culture of compliance through awareness programs.

Posted June 8, 2025

HubSpot – Senior Counsel, Privacy & Data Governance

Responsibilities:

Develop and implement a comprehensive data governance framework: This includes creating and maintaining policies, standards, and procedures for data collection, use, sharing, storage, and disposal, encompassing areas like data quality, integrity, security, and lifecycle management (classification, retention, disposal).
Data governance council: Develop and lead a cross-functional data governance council to drive data management and governance initiatives and decision-making
Provide legal counsel on data use: Advise stakeholders on legal and ethical considerations related to data analytics, machine learning, AI, data sharing, and international data transfers.
Ensure regulatory compliance: Stay current on and ensure compliance with global data protection laws (e.g., GDPR, CCPA) and industry best practices.
Foster a culture of data governance: Develop and deliver training programs, collaborate with cross-functional teams (engineering, product, marketing, security) to integrate data governance into business processes, and proactively identify areas for improvement.
Oversee data governance operations: This includes collaborating with data stewards and owners, establishing data definitions and standards, managing metadata, monitoring data quality metrics, and conducting audits to ensure compliance.
Privacy and Data Protection Projects: This role will include driving and advising on strategic initiatives related to privacy and data protection.

Posted June 6, 2025

Warner Bros. Discovery – Senior Counsel, Legal, Privacy & Data Strategy

Responsibilities:

Draft, review, and negotiate privacy, security, advertising, and data terms for complex business and transactional agreements, including service/SAAS, ad tech, ad sales, and data sharing agreements as well as contracts with major distributors and bundle partners for WBD’s flagship streaming service (HBO Max) and other products, to align with strategic business objectives and comply with applicable laws.
Provide advice and guidance that breaks down statutory, regulatory, and contractual obligations into actionable business and technical requirements.
Develop and maintain global, strategic positions, templates, and documentation for distribution and other agreements, including data terms.
Collaborate with Product and Engineering teams on data use, data architecture, and other privacy issues.
Analyze and provide privacy legal requirements for the development and implementation of consent frameworks, data use cases, and privacy controls for end-to-end backend infrastructure supporting HBO Max and other top tier WBD products.
Provide legal and privacy review of data use cases and conduct Privacy/Data Protection Impact Assessments (DPIAs) to maintain legal compliance and enable strategic business goals.
Make recommendations with respect to legal risk, mitigation, and remediation. Escalate any high-risk issues.
Analyze, advise, and manage the development of global privacy requirements and documentation for product counseling, user testing, and audits.

Posted June 5, 2025

UPS Healthcare – Privacy Attorney

Responsibilities:

Advising on all aspects of the GDPR, including drafting and reviewing data protection contracts, data protection policies, procedures and notices.
Assisting and managing privacy compliance framework projects and liaising with the UPS Global Privacy Office and UPS Public Affairs.
Assisting in management of Privacy Impact Assessments.
Negotiating and advising on Business Associate Agreements (BAA) and other related privacy and data protection agreements with customers and vendors.
Advising on data privacy and cyber security risk issues.
Managing, with the Global Privacy Office, any data incidents occurring in UPS Healthcare.

Posted June 5, 2025

BioSpace – Director, Privacy Counsel

Responsibilities:

Providing advice and counseling on a wide range of privacy and related issues such as advising on sensitive data, digital advertising, and use of emerging technologies/AI.
Strategically assess potential privacy risks on new projects, including risk-mitigation counseling and advising on appropriate controls.
Monitoring emerging regulations and supporting the operationalization of compliance with evolving laws.
Upkeep and development of internal policies, procedures, and guidance documents; educating business clients through training and awareness programs; Improving and counseling on privacy program operations.
Leading Regenerons Privacy Steward Council to drive initiatives that enhance data privacy across the organization.
Collaborating with our Government Affairs division on opportunities to influence legislation.
Assisting contracting teams in drafting, maintaining, and negotiating data processing agreements.

Posted June 2, 2025

Adyen – Privacy Counsel

Responsibilities:

Together with the team, strengthen Adyen’s global data privacy compliance framework.
Provide strategic privacy advice on a wide range of matters within the business, including financial products, data products, incidents, contracts, HR, marketing and product development.
Anticipate and identify data protection obligations and risks.
Implement practical and scalable privacy procedures.
Educate stakeholders on privacy obligations.
Keep track of new legislative proposals and other legal and compliance developments regarding privacy across the globe.

Posted May 30, 2025

Entrust – Corporate Privacy Attorney

Responsibilities:

Work closely with our Product and Engineering teams to ensure privacy by design and ongoing compliance with biometric, privacy, AI and cyber security laws and regulations.
Perform various privacy impact assessments and advise business stakeholders regarding applicable privacy requirements.
Develop and improve Entrust’s privacy compliance program to meet requirements of existing and emerging laws.
Advise colleagues across our business on customer-facing matters such as coordinating responses to customer privacy and security concerns including AI governance and transfer impact assessments, communicating Entrust’s privacy compliance and safeguards.
Support the wider legal, procurement and growth teams with client deals including being a point of escalation for contract negotiations.
Respond to day-to-day privacy queries from across the Entrust business including on Product, HR, Contracts, Client queries, End User and Law Enforcement requests.
Lead on privacy vendor due diligence and ongoing vendor management matters, undertaking risk assessments, developing supplier privacy compliance frameworks and managing records of processing including client notifications.
Work collaboratively with key stakeholders, including Product, Marketing, Compliance, Legal, Strategy, HR and Information Security teams, setting clear accountabilities and policies for data protection.
Assist in the creation and delivery of training, legal resources and playbook content.
Monitor global privacy, AI and biometric regulation and policy developments, advise on risks and opportunities arising from emerging laws and help drive Entrust’s policy positions.

Posted May 29, 2025

HARMAN International – Privacy Counsel

Responsibilities:

Manage Data Privacy Risks
Identifying data privacy and security issues in product initiatives and customer agreements, and working cross-functionally with the appropriate teams to create solutions and minimize risk.
Engaging strategically in risk assessment/mitigation and developing innovative approaches to data privacy and security issues in support of business objectives.
Identify and develop initiatives to prevent, detect, and respond to internal and external data privacy risks through the continuous development and evolution of a comprehensive data privacy program, policies and procedures, annual oversight and monitoring plans, and privacy education and awareness-building.
Bring a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, controls, and governance processes.
Establish and maintain practices to protect personal information and HARMAN’s confidential information in a manner consistent with HARMAN’s values and applicable laws and regulations.
Anticipate and address data privacy issues as they arise, respond to internal and external inquiries, concerns, and complaints, and prepare formal responses.
Adherence to privacy laws and regulation.
Stay current and drive proactive action in the dynamic regulatory environment.
Oversee and monitor HARMAN’s compliance with applicable state, federal, and global laws, and with HARMAN policies and procedures, and privacy standards.
Conduct training to increase awareness and proficiency around data privacy issues to reduce risk and incidents.
Protect the integrity of data collected, created, transmitted, released, and stored by HARMAN entities and affiliates.
Investigation and response to privacy incidents
Working closely with HARMAN’s information technology and cybersecurity teams, lead complex investigations into privacy-related allegations and incidents, conduct interviews as needed, and follow incidents to resolution in accordance with regulatory reporting or contractual deadlines.
Take a lead role in preparing formal responses to external state, federal or global investigative bodies; recommend corrective action plans and subsequent monitoring plans to management.
Steward operational controls so that data privacy program components and activities meet state, federal, and international privacy laws.
Work closely with HARMAN’s information technology and other data security and privacy leaders across HARMAN to coordinate policies and procedures, incident response, best practices, and messaging relative to data privacy.

Posted May 29, 2025

SEPHORA – Senior Counsel, Privacy

Responsibilities:

Counsel on legal compliance related to all collection and use of personal information of consumers, employees, and applicants, and on all applicable laws including CCPA, COPPA, TCPA, CAN-SPAM, CASL, PIPEDA, MoCRA, GDPR, and state privacy laws related to artificial intelligence, health, youth, cybersecurity, and social media;
Provide guidance on generative AI initiatives, participate in the Responsible AI Committee, and advise leadership on new developments in AI law that may present risk to the business;
Develop program updates, expansion, and remediation; assist in managing company compliance with relevant privacy and data protection laws, including implementation of new requirements;
Manage regulatory responses to regulator inquiries as they arise;
Foster a culture of privacy and drive privacy awareness and education.
Work with internal clients and legal colleagues to negotiate data processing agreements, and other privacy-related agreements; contribute to the improvement of standard forms of agreements, alternate language playbooks, and internal resource documents with respect to privacy and data processing matters;
Lead data privacy incident response in partnership with Cybersecurity team; manage, triage, and document all data incidents as they arise; notify regulators and global teams as required;
Manage and support privacy-related litigation and legal disputes;
Manage team of three privacy professionals and enterprise data privacy compliance program;
Act as a contact for privacy issues involving the Sephora Canada business while working with local counsel in those jurisdictions.
Foster a culture of privacy and drive privacy awareness and education.
Partner with Sephora Global on privacy projects as they arise and assist in providing KPIs to Global Privacy team.
Attend retail industry group privacy meetings, track state, provincial, and federal privacy legislation, and advise leadership and business teams on potential impacts;

Posted May 28, 2025

Legal.io – Privacy and Compliance Counsel

Responsibilities:

Develop and Implement Compliance Programs: Lead the design, implementation, and continuous improvement of compliance programs and controls, with a particular emphasis on those related to our technology platforms, data handling practices, and obligations under the DOJ China Rule.
Provide Expert Legal Counsel: Advise internal stakeholders, including technology, product, and business teams, on a wide array of legal and regulatory matters. This will heavily involve interpreting and applying regulations related to data privacy (e.g., GDPR, CCPA), cybersecurity, data governance, and intellectual property as they intersect with our systems and the DOJ China Rule.
Provide Technology & Data Systems Expertise: Utilize in-depth experience with technology data systems to provide practical and actionable legal advice. This includes understanding system architecture, data flows, and international data-sharing agreements to assess compliance risks and solutions.
Foster Cross-Functional Collaboration: Work closely and effectively with cross-functional teams, including IT, Security, Product Development, and Operations, to ensure legal and compliance considerations are seamlessly integrated into our business processes and product development lifecycles.
Contract Review & Negotiation: Draft, review, and negotiate potential new compliance terms for data processing agreements (DPAs), vendor contracts, and other relevant legal documents to ensure alignment with the DOJ China Rule and other applicable regulations.
Policy Development & Training: Develop and maintain internal policies, procedures, and guidelines related to compliance. Assist in creating and delivering training programs to educate employees on relevant legal and compliance topics, fostering a culture of compliance.
Independent Case Management & Directed Projects: Manage an assigned caseload and projects with a high degree of autonomy, while also being prepared to undertake specific assignments and initiatives under the direction of senior legal leadership.

Posted May 27, 2025

World – Deputy General Counsel, Global Privacy

Responsibilities:

Member of legal leadership, helping to build and support the strategy for the legal team in collaboration with other legal leads.
Lead and help develop our Privacy Legal team, responsible for privacy, security and AI related legal guidance, in partnership with other legal teams.
Responsible for compliance efforts with globally privacy and data protection regulations around the world, through the development and maintenance of a global privacy program, including training, auditing, reporting, and more.
Establish and maintain relationships with regulatory, governmental, industry, and peer groups on privacy and data security issues.
Oversee Privacy related regulatory investigations response work, in partnership with the Market Operations Legal and Regulatory and Litigation teams.
Work closely with legal subject matter experts to ensure privacy regulatory compliance.
Act as legal POC for the Information Security team, including on incident response matters.
Help scale the legal organization by developing innovative processes in partnership with other legal teams to support privacy initiatives in a fast-moving Engineering, Product, and Design teams.
Stay abreast of emerging legal trends and best practices in the tech industry, and provide thought leadership within the legal team and the company.

Posted May 25, 2025

FINRA – Principal Counsel & Associate Director, Enterprise Data Privacy Office

Responsibilities:

Counsels senior leaders across the organization regarding complex privacy matters, data loss events, and privacy policy violations raised to the Enterprise Data Privacy Office (EDPO) Office.
Proactively identifies areas for improvement in FINRA’s privacy policies and programs based on changing state, federal, and global legal requirements and best practices; develops recommendations based on desired outcomes; engages security and business stakeholders, senior leaders, and end users across the enterprise, as appropriate to identify potential impacts; briefs EDPO management on findings and recommendations; and leads activities relating to implementing necessary improvements.
Provides subject matter legal counsel, which may include reviewing and negotiating privacy provisions in vendor contracts, as requested by the Office of General Counsel Transactions (CTG) attorneys; providing interpretive guidance to the Office of Governmental Affairs and all FINRA departments regarding proposed federal and state legislation and potential impacts on FINRA operations; identifying appropriate changes to the existing policies and program to comply with legal requirements; and reviewing, drafting, and maintaining, as appropriate, FINRA’s internally and externally facing privacy policies, including relevant application or system privacy policies.
Leads several privacy program activities, which may include refining and implementing the privacy assessment program, identifying and establishing standard and bespoke privacy risk mitigation recommendations for projects, creating a privacy compliance/audit function, providing guidance and coaching on developing a privacy risk register, managing and enhancing the program around department level privacy leaders and department privacy policies; and conducting comprehensive investigations of potential violations of FINRA privacy policies, including interviewing relevant players, drafting summaries for case files, and working with relevant control departments to determine outcomes.
Builds strategic relationships with FINRA privacy leads across the organization to gain familiarity with the parameters and nature of each FINRA Department’s specific restricted information programs and privacy controls; provides tailored expert advice to those department leaders and exercises independent judgment in evaluation requests to privacy policy or program changes. Responsible for updating and implementing the policy guiding the privacy leads, running routine information meetings with the privacy leads and their delegates, and working with the Departments to ensure department level policies are up to date and accurately reflect expected privacy practices.

Posted May 24, 2025

State of Missouri – Assistant General Counsel HIPAA Privacy Officer

Responsibilities:

The Missouri Department of Mental Health is seeking to fill a vacancy for an Assistant General Counsel position that will also serve as the HIPAA Privacy Officer. Options to office at existing DMH Office of General Counsel locations in Kansas City, Jefferson City, or St. Louis, Missouri. This is a highly responsible position, reporting to the Department General Counsel. The Assistant General Counsel is responsible for a variety of administrative areas including: HIPAA, rulemaking, department operating regulations, and fiscal notes, as well as participation in standing committees. This position works closely with the DMH Security Officer regarding data issues, HIPAA BAAs, and Hi-Tech Certification. In addition, the Assistant General Counsel assists the General Counsel with all legal matters affecting the Department, which includes research, review, and drafting of various documents, contracts, policies and advisory opinions relating to the Department. Periodic travel may be required.

Posted May 22, 2025

Regeneron – Director, Privacy Counsel

Responsibilities:

Providing advice and counseling on a wide range of privacy and related issues such as advising on sensitive data, digital advertising, and use of emerging technologies/AI.
Strategically assess potential privacy risks on new projects, including risk-mitigation counseling and advising on appropriate controls.
Monitoring emerging regulations and supporting the operationalization of compliance with evolving laws.
Upkeep and development of internal policies, procedures, and guidance documents; educating business clients through training and awareness programs; Improving and counseling on privacy program operations.
Leading Regeneron’s Privacy Steward Council to drive initiatives that enhance data privacy across the organization.
Collaborating with our Government Affairs division on opportunities to influence legislation.
Assisting contracting teams in drafting, maintaining, and negotiating data processing agreements.
Participating in industry group meetings to stay updated on best practices and emerging trends.

Posted May 22, 2025

Oliver James – AVP, Legal Counsel – Data Privacy & Cybersecurity

Responsibilities:

Formulate and implement strategies for handling legal issues concerning data privacy and information security.
Negotiate, draft, and advise on agreements involving data processing activities and transnational data flows, ensuring compliance with global data protection regulations.
Conduct risk assessments and audits pertaining to data privacy and cybersecurity, cooperatively engaging with other departments to fortify data protection measures.
Lead the response team during data breaches or cybersecurity incidents, also coordinating with external counsel when necessary.
Educate employees on compliance policies concerning data protection laws, and staying updated with emerging trends and regulations in privacy and cybersecurity law.

Posted May 21, 2025

Omnissa – Privacy Counsel

Responsibilities:

Lead the development, implementation, and continuous improvement of our global privacy compliance program
Own the drafting, maintenance and management of internal policies, processes and procedures, as well as external privacy documentation, including privacy notices
Partner with engineering, product, security, marketing, HR and other business functions to assess privacy risks and develop practical, creative and scalable solutions to minimize privacy risks while enabling business goals
Oversee privacy impact assessments (PIAs), transfer impact assessments (TIAs), trustworthy AI assessments, and vendor due diligence
Lead or support responses to regulatory inquiries, audits, and investigations
In coordination with our Cybersecurity Counsel and other appropriate staff, lead the investigation of privacy breaches and other privacy-related violations
Contribute to privacy training and awareness initiatives across the organization; conduct privacy trainings
Draft, negotiate, and close privacy and data protection agreements with customers, vendors and partners; continue to develop template and playbook materials for contracting and advise/train members of the legal department on handling privacy-related language in contracts
Oversee company responses to individual rights requests
Stay current with applicable and emerging global data privacy and security laws, including CCPA, GDPR, and other U.S. and international privacy laws

Posted May 21, 2025

Epic Games – Senior Product Counsel, Children’s Privacy & Design

Responsibilities:

Advise on law and upcoming changes to law relevant to children’s privacy and design
Provide practical advice on risks and risk mitigation strategies informed by law, industry best practice, and emerging research
Provide legal support for updates to child-facing privacy and safety features, parental controls and consents, and child-and-parent facing communications
Provide legal support for identity systems and other core backend services
Act as legal support in investigation and escalations related to child privacy and design
Collaborate with the policy team and legal regulatory team on forthcoming regulatory obligations and regulatory developments
Collaborate cross-functionally within legal teams, including other subject matter experts, to ensure fulsome advice
Engage in conversations with the business at all levels, including senior leadership, about risks and compliant opportunities for core services, and in matters related to children’s privacy and design

Posted May 19, 2025

Cencora – Senior Counsel – Data Governance, Privacy, and Cybersecurity

Responsibilities:

Advise clients on complex legal, regulatory, and policy questions in the areas of data privacy and protection (including federal and state laws and regulations in the general privacy and healthcare arena, particularly focusing on HIPAA, state privacy laws, Canadian provincial laws, etc.), cybersecurity (e.g., CMMC, NIST cybersecurity frameworks, ISO 27001, HITRUST, etc.), and artificial intelligence (including the NIST RMF, the growing body of state and local AI laws, etc.).
Draft, review, and/or negotiate various contracts, including healthcare- and HIPAA-related agreements and contract provisions dealing with privacy, cybersecurity, AI, and other data protection and operational continuity issues. This work also envisions creating template agreements and associated playbooks to expedite contracting issue management in privacy, cyber, and AI law arenas.
Assess and help mitigate harms associated with privacy and cybersecurity incidents through clear communication, disciplined issue escalation, and partnership with other privacy, cybersecurity, and business stakeholders.
Conduct reviews of new customer- and/or vendor- related technology proposals entailing privacy, cyber, and/or AI risks and offer pragmatic, creative solutions reflecting privacy and security by design concepts.

Posted May 17, 2025

Foundation Medicine – Director, Privacy Counsel

Responsibilities:

Serve as a privacy subject matter expert to FMI for all privacy-related matters, with only limited need for consultation with outside counsel.
Maintain current knowledge of applicable privacy laws in the US (state and federal) and ex-US (e.g., European Union and foreign national laws), including in the areas of health information privacy, consumer privacy, genetic testing, DNA analysis, and human subjects research.
Advise FMI on matters related to informed consent, HIPAA authorization, and research protocols.
Advise FMI on de-identification, pseudonymization, and anonymization standards and requirements.
Support investigation, analysis, remediation, and notification of privacy and security incidents.
Support legal colleagues in drafting, reviewing, and negotiating data use and data protection terms in commercial agreements, vendor agreements, data sharing agreements, research agreements, clinical trial agreements, and other collaboration agreements.
Work in strong partnership and collaboration with other members of the privacy team, and the broader legal and compliance department, to continually advance and maintain an effective and dynamic privacy program, including assisting with the development of policies and procedures, privacy training, and awareness activities.
Participate in certain internal FMI committees as a standing team member.
Prepare materials and make presentations, as necessary or requested.
Independently triage workflow, set clear priorities and expectations with stakeholders, and efficiently deliver results.
Manage and coordinate with outside privacy counsel, as needed on a case-by-case basis.

Posted May 15, 2025

Robinhood – Director and Associate General Counsel, Privacy & Data Protection

Responsibilities:

Serve as lead attorney on domestic and international privacy and data security within the legal and compliance team
Manage, empower, and develop a team of attorneys and program managers
Develop and be responsible for implementation of privacy strategies and policies in compliance with international, federal and state privacy and consumer protection laws (e.g., GDPR, CCPA/CPRA, GLBA), and ensure that our policies and practices keep pace with regulatory changes and industry standard processes
In collaboration with Robinhood’s litigation and regulatory enforcement team, establish regulatory response strategies for privacy and data protection
Collaborate with legal and compliance colleagues, the Chief Privacy Officer, and technical and operational teams to develop, enhance and implement Robinhood’s privacy program and data protection policies and procedures globally
Assist product teams in evaluating the impact of privacy and data protection laws, regulatory guidance and enforcement actions, and other related guidelines on product features
Partner cross-functionally with marketing, product, and government affairs teams on key growth and strategic privacy initiatives
Partner with the commercial and employment legal teams to ensure appropriate data protection provisions are incorporated into vendor, partner and employee agreements
Draft and supervise the development and management of Robinhood’s terms and data policies; draft and update privacy policies, template agreements and other foundational resources to promote compliance with evolving regulatory requirements in the US and international markets as Robinhood expands globally

Posted May 14, 2025

Grammarly – Privacy Counsel

Responsibilities:

Support Grammarly’s ability to deliver on its company objectives through a best-in-class privacy program.
Collaborate with leadership to integrate privacy by design and as a value-add in business roadmaps, systems, and initiatives.
Communicate privacy requirements and offer guidance to other teams, including Engineering, Trust, Data, Communications, Product, and other teams within the Legal department.
Simplify and distill complex global privacy requirements into practical next steps.
Serve as a key escalation point for Legal in response to privacy incidents.
Drive updates to Grammarly’s internal and external privacy documentation.
Assist with customer and vendor contract escalations, business partnerships, and corporate matters through a privacy lens.
Support scaling of the function by supporting implementation of process improvement, automation, legal technology, and new working methods.
Engage with regulatory, governmental, industry, and peer groups on privacy legal issues as needed.

Posted May 13, 2025

Atlassian – Senior Privacy Counsel – Incident Response

Responsibilities:

Partner with business teams to investigate and manage legal obligations arising during incidents.
Offer compliant business-focused solutions, balancing risk and Atlassian’s values when making recommendations.
Identify areas for improvement in our incident response capability, and work with partner teams to uplift our processes and tooling.
Review and advise on external communications, including customer notices, during incidents.
Build relationships which strengthen the connection between legal and partner teams.

Posted May 13, 2025

Vimeo – Senior Privacy Counsel

Responsibilities:

Develop, implement, and oversee Vimeo’s privacy program, ensuring compliance with global data protection laws including GDPR, CCPA, and other relevant regulations.
Provide expert legal guidance on privacy and data protection matters related to product development, marketing, and third-party partnerships.
Draft, update, and enforce internal and external privacy policies, data protection agreements, and other legal documentation to reflect evolving legal requirements and industry best practices. Collaborate with product, engineering, and security teams to ensure privacy-by-design principles are embedded into product development and business operations.Develop and lead privacy training programs to promote a strong culture of data protection.
Partner with security and compliance teams to manage data breaches and security incidents, ensuring regulatory compliance and risk mitigation.
Stay up-to-date with global privacy laws and regulations and offer proactive guidance to internal stakeholders on potential implications.Engage with regulators when necessary and advocate for Vimeo’s interests in privacy matters.
Supervise and provide guidance to the Privacy Program Manager, ensuring successful execution of privacy initiatives.

Posted May 13, 2025

Unum – AVP, Legal Counsel – Data Privacy & Cybersecurity

Responsibilities:

Enforces and defends Company’s interests in litigation and disputed matters related to data privacy and cybersecurity; selects, assists and supervises outside counsel.
Handles legal aspects of insurance regulatory matters pertaining to data privacy and cybersecurity, including breach response.
Provides legal support to designated business units, manages workflow from and relationships with all levels of management of each unit.
Prepares legally binding documents; drafts, negotiates and develops complex contracts and forms; may be responsible for state filings, approvals of contracts, rates and marketing materials, and systems implementation.
Monitors and keeps legal management team apprised of and solicits their input as appropriate on significant legal issues.
Analyzes and formulates company’s position on legislation/regulations.
Serves as a legal advisor to business units responsible for litigation, product development, claims, underwriting, sales, distribution, corporate, and marketing initiatives (etc.) for all product lines offered by all domestic (U.S.) companies.
Incorporates insurance, privacy, cybersecurity and artificial intelligence relevant laws and regulations to business plans and objectives.

Posted May 9, 2025

LinkedIn – Counsel – Privacy

Responsibilities:

Documentation and data governance: Work across the team to complete Data Protection Impact Assessments and Legitimate Interest Analysis and work closely with engineering teams to develop policies that can be coded into LinkedIn’s internal data management system to assist with compliance.
AI/GAI: Advise product counsel on privacy requirements regarding the use and development of cutting-edge Generative AI models and features.
Regulatory: (i) Support engagement with data protection regulators in the Americas and Asia; (ii) help drive resolution of escalated member requests for data access and deletion when a regulator is involved; and (iii) review privacy incidents to determine if breach notification may be warranted.
Transparency: Work with product counsel to develop clear and transparent disclosures for members to explain our data processing practices and their rights.
Privacy product consultation: Support privacy by design by analyzing and addressing the privacy impact of new products and features and advising product counsel on the same.

Posted May 7, 2025

Regeneron – Sr. Director, Assistant General Counsel, Privacy

Responsibilities:

Providing advice and counseling on a wide range of privacy and related issues including in the areas of patient support programs, market research, marketing campaigns, digital advertising, data analytics, and AI.
Strategically assessing potential privacy risks on new projects, including counseling on appropriate controls.
Supporting the operationalization of compliance with privacy laws globally.
Privacy governance including support of our governance bodies, and upkeep and development of policies, procedures, and guidance documents.
Leading and managing Privacy Office resources including external counsel, consultants, and certain internal resources.
Educating business clients through training and awareness programs.
Collaborating with our Government Affairs division on opportunities to influence legislation.

Posted May 7, 2025

National Basketball Association (NBA) – Senior Associate Counsel, Privacy

Responsibilities:

Support the development and implementation of the NBA’s privacy compliance program and provide legal advice related to the NBA’s data governance framework, including implementing appropriate data protection measures.
Work with senior leadership and other internal constituents across the organization regarding the management and/or use of data and helping to develop and implement privacy-related policies in compliance with applicable laws and regulations.
Negotiate and draft data processing, services, technology, and operator agreements with third-party providers.
Assist other members of the Legal Department to negotiate and draft data-related provisions of commercial and other agreements.
Support the NBA’s Marketing Department by drafting and negotiating agreements and advising on initiatives related to the promotion of the NBA and its affiliated leagues.
Perform special projects and other assignments as requested by the Legal Department’s senior leadership team.

Posted May 6, 2025

BioSpace – Director Privacy Counsel

Responsibilities:

Providing advice and counseling on a wide range of privacy and related issues such as advising on sensitive data, digital advertising, and use of emerging technologies/AI.
Strategically assess potential privacy risks on new projects, including risk-mitigation counseling and advising on appropriate controls.
Monitoring emerging regulations and supporting the operationalization of compliance with evolving laws.
Upkeep and development of internal policies, procedures, and guidance documents; educating business clients through training and awareness programs; Improving and counseling on privacy program operations.
Leading Regenerons Privacy Steward Council to drive initiatives that enhance data privacy across the organization.
Collaborating with our Government Affairs division on opportunities to influence legislation.
Assisting contracting teams in drafting, maintaining, and negotiating data processing agreements.
Participating in industry group meetings to stay updated on best practices and emerging trends.

Posted May 3, 2025

Samsung Electronics America – Senior Legal Counsel, Privacy Management

Responsibilities:

Counsel and support Samsung businesses on all privacy matters, ensuring compliance with CCPA, COPPA and other relevant state and federal privacy laws and regulations
Track and advise on legal, regulatory, and policy developments relating to data collection and use, online privacy, healthcare, tracking and analytics, advanced advertising, and related issues
Develop and implement comprehensive privacy policies and procedures
Conduct privacy impact assessments and other analyses of personal data usage
Collaborate with various departments to integrate privacy considerations into business processes and projects
Stay abreast of regulatory developments and enforcement actions related to privacy and data protection
Manage data breach response and notification processes
Provide training and raise awareness on privacy and data protection issues among employees
Represent the company in privacy-related matters and liaise with regulatory authorities
Drafting and negotiating vendor and customer contracts and counseling the business concerning privacy and information security issues

Posted May 3, 2025

Lensa – Associate General Counsel, Privacy – Remote

Responsibilities:

Assist the Privacy Senior Associate General Counsel supporting UnitedHealthcare and other privacy professional colleagues on a wide variety of privacy legal risk projects
Provide strategic privacy legal guidance and risk mitigation strategies to business leaders and cross-functional teams
Work closely and collaborate with business, legal, compliance and regulatory affairs colleagues across UnitedHealthcare to ensure regulatory and contractual obligations are met
Counsel and guide internal stakeholders on the development and implementation of policies, procedures, structures and processes to meet regulatory and contractual requirements
Assist in responding to inquiries from state and federal regulators, customers, policy makers, and other external stakeholders
Ensure new or amended privacy and security laws are reviewed for applicability and timely implemented
Develop and lead training and education on privacy and data security related topics
Establish and maintain key relationships with a variety of legal, compliance and regulatory affairs experts across all areas of UnitedHealthcare

Posted May 3, 2025

Morgan Stanley – Cyber & Privacy Counsel

Responsibilities:

Provide legal support and advice on cybersecurity, privacy, fraud and operational resilience matters impacting Morgan Stanley’s Wealth Management (WM), Institutional Securities Group (ISG), and Investment Management (IM) divisions, as well as enterprise-level business functions such as Human Resources, Operational Risk, Central Privacy Compliance (CPC), Firmwide Marketing, Firmwide AI, and Cyber, Data, Risk & Resilience.
Serve as a collaborative subject matter expert to other lawyers within the Legal and Compliance Division and provide advice to functional areas and regional business units on privacy and cybersecurity laws and requirements.
Partner closely with lead cyber & privacy counsel for WM, ISG, and IM divisions, as well as international data protection counsel, to provide strategic direction to Morgan Stanley’s business units and enterprise functions as they navigate complicated privacy and cybersecurity issues.
Advise on requirements and restrictions on the collection, use, storage and sharing of sensitive client, consumer and employee information, including with respect to Morgan Stanley’s use of artificial intelligence and machine learning technologies.
Assist in the maintenance and improvement the Firm’s cybersecurity and privacy law program, coordinating privacy, fraud, and cybersecurity legal requirements.
Work cross-functionally with Morgan Stanley’s CPC team and business unit-specific Risk Management teams to support maintenance notices, policies and procedures for privacy and information security, consistent with applicable international, federal and state laws, rules and guidance.
Partner with Morgan Stanley’s CPC Privacy Operations team to advise on Privacy Impact Assessments and data subject access rights requests.
Participate in projects addressing Morgan Stanley’s continued utilization of and leadership in artificial intelligence and machine learning.
Maintain current knowledge of applicable state, federal and international cybersecurity, privacy, fraud and system resilience laws and regulations, and work with internal stakeholders, law enforcement, and regulators to respond to and remediate incidents.
Maintain and disseminate monthly, enterprise-level communications to business, legal, risk, and compliance partners on emerging national and international trends and issues in cybersecurity and privacy law.

Posted May 1, 2025

GE Appliances – Senior Counsel – Data Privacy and Cybersecurity

Responsibilities:

Develop and implement a global privacy strategy that aligns with Company’s objectives, relevant laws and regulations, and industry best practices.
Lead the Company’s Privacy Committee and Executive Privacy Council.
Provide legal advice on privacy-related matters, including compliance with global privacy laws and regulations (e.g., GDPR, CCPA, HIPAA).
Draft and review privacy policies, procedures, internal and external facing privacy notices to ensure compliance with privacy and cybersecurity laws.
Serve as a point of contact for privacy and security-related customer and regulatory inquiries and investigations.
Develop data governance and classification standards with Company’s information technology team.
Collaborate with internal teams, such as legal, information technology, engineering, and business units, to resolve complex privacy and risk management issues and to assess cybersecurity measures and response protocols.
Stay informed of changes and developments in privacy laws, regulations, standards, and guidance, and communicate these changes effectively to relevant stakeholders.
Educate and train employees in data privacy and cybersecurity to foster a culture of security and privacy.
Facilitate Privacy Impact Assessments (PIAs) for new products, programs, agreements, and initiatives, and update risk assessments to identify and mitigate data protection risks.

Posted May 2, 2025

* * *

Looking for an older job listing? In an effort to keep this page as up-to-date as possible, we have moved Job Listings older than the date above to our Condensed Job Listings page. We hope this comprehensive list will allow you to see the many different career opportunities that exist in Privacy and Data Security Law.

Privacy Law Job Listings

PRIVACY LAW JOB LISTINGS