Privacy Law Job Listings

Background Pink

Privacy Law Job Listings - TeachPrivacy Training 01

 

PRIVACY LAW JOB LISTINGS

This page gathers privacy job listings. Check links for further details, including salary, qualifications, location, and responsibilities. We advise you to apply even if you don’t quite meet requirements for years of experience, as employers often don’t adhere strictly to such requirements. Please write to us if you know of privacy law job listings we should include.

NOTE: As we often don’t know when positions are filled, not all positions listed on this page are still open.  Posted dates are approximations.

*  *  *

Transamerica – Senior Counsel – AI, Privacy & Security Legal (Hybrid)

Responsibilities:

  • Work on complex legal issues where analysis requires identification and evaluation of multiple factors.
  • Manage legal matters provided to a number of in-house constituents within practice area(s).
  • Exercise independent judgment regarding legal advice with limited supervision of more senior attorneys.
  • Negotiate discrete disputes within practice area(s).
  • Review and draft documents and templates within practice area(s).
  • Serve as the primary legal advisor for enterprise AI guidance and governance, counseling on responsible AI, AI risk management, and legal/regulatory compliance across the AI lifecycle (use case intake, development, procurement, deployment, monitoring, and retirement).
  • Advise on AI-related risk issues, including automated decision-making, bias/fairness, transparency/notice, explainability, human oversight, and consumer disclosures, and help establish legally appropriate guardrails.
  • Negotiate and advise on contracts and provisions related to AI, privacy, and cyber security, including AI and cloud services, software licensing, data processing agreements, and AI development contracts.
  • Develop and maintain guidance and governance documentation related to AI, privacy, and cyber security, including policies, standards, procedures, frameworks, playbooks, and approval workflows for AI and privacy use cases.
  • Conduct legal research, monitor, review and analyze proposed legislation, assess applicability and operational impacts, and assist business in understanding the requirements and impact.
  • Coordinate legal matters handled by outside counsel. May provide input into the selection of outside counsel from preselected counsel list.
  • Participate in and may lead departmental and cross-functional working groups in identified areas of legal expertise or development.
  • May manage and/or mentor junior attorneys or paralegals and help scale legal support for AI, privacy and cybersecurity legal reviews and governance.

Posted April 28, 2026

OpenAI – Counsel, AI Policy

Responsibilities:

  • Analyze proposed laws and regulations concerning AI to understand their impact on OpenAI and the broader AI community.
  • Collaborate across Legal and Global Affairs to develop policy positions.
  • Provide strategic analysis and advice to the Global Affairs team and other internal stakeholders.
  • Advise on evolving regulatory and industry standards affecting OpenAI’s business and customers.

Posted April 28, 2026

Lyra Health – Privacy and AI Counsel

Responsibilities:

  • Support Lyra’s privacy program and advise internal stakeholders on privacy concerns related to Lyra’s products and services, and the implementation of new technologies, such as AI.
  • As a core component of the role, participate extensively in AI use case reviews, including those involving generative AI and agentic AI for internal use at Lyra, and in legal reviews and assessments relating to the development by Lyra of AI-powered products, services, and tools. Drive the AI use case review process forward to meet established SLAs, ensuring the business remains agile.
  • Draft, maintain, and evolve AI governance documentation, including the Company’s Responsible AI Policy and related standards, procedures, and guidance.
  • Coordinate with internal teams to ensure corporate adherence to applicable state and federal privacy laws, including, but not limited to, CCPA and HIPAA.
  • Stay abreast of, analyze, and advise on evolving US laws and regulations relating to privacy and AI at both the state and federal level. Update the legal team and the business on relevant new regulatory requirements and feed into policy and procedural documentation.
  • Support international AI regulatory compliance by partnering with the Privacy Counsel, International on the EU AI Act and other global AI regulations, including leading horizon scanning efforts and proactively delivering insights and updates to the legal team and broader Lyra business.
  • Collaborate with commercial counsel to ensure that privacy provisions in commercial agreements and Business Associate Agreements (BAAs) appropriately manage risk and comply with privacy policies, laws, rules, regulations, and company objectives.
  • Review BAAs negotiated by commercial counsel and document data use permissions for new and existing customers.
  • Work cross-functionally to advise product and business teams on potential privacy and AI regulatory implications of Lyra’s new and existing product lines, including reviewing and approving product requirement documents (PRDs).
  • Investigate, manage, document and report privacy incidents, including breaches, in accordance with applicable law, contractual requirements and corporate strategy.
  • Participate in cross-functional teams working on AI governance and AI use case reviews.

Posted April 28, 2026

Comcast – Counsel, Privacy and Legal Information Security

Responsibilities:

  • Handle privacy and data protection-related inquiries from a wide range of groups across the company and provide actionable advice and legal counsel to facilitate privacy and data protection compliance.
  • Evaluate various Comcast programs and initiatives considering applicable privacy/data protection requirements.
  • Assist in the creation, maintenance and implementation of policies, processes, data inventories and records of processing, and associated documentation relating to processing of data.
  • Carry out Privacy Impact Assessments relating to new business initiatives involving processing of personal information.
  • Provides privacy support for various parts of the business, including advanced advertising, digital media, data science, and business intelligence.
  • Assist in the maintenance and implementation of policies, processes, and associated documentation relating to processing of data and AI, to support Comcast’s global privacy and AI governance programs.
  • Monitor and summarize relevant legislative developments, case law, regulatory guidance and enforcement actions in the U.S., UK, EU, Canada, China, Latin America, Middle East, and other international jurisdictions as needed. Consult with and supervise outside counsel to develop legal strategies and resolve issues in routine matters.
  • Review, draft and negotiate various types of agreements (e.g., vendor/service provider agreements, customer agreements, data processing, data transfer, and data usage agreements, etc.).
  • Conduct awareness and training efforts as needed and/or required to increase employee understanding of company privacy policies, data handling practices and procedures, and legal obligations.
  • Educate others about and help to implement various requirements driven by privacy, data protection, and AI laws, regulations, standards and best practices, such as the U.S. State Data Privacy Laws, U.S. State and Federal AI Laws and Regulations, General Data Protection Regulation, ePrivacy Directive, the E.U. AI Act, as well as self-regulatory organizations such as IAB, DAA, and NAI.
  • Operate with a moderate level of supervision with no direct management responsibilities.
  • Carry out/perform duties consistent with strategic plans and directives as determined by more senior level management and attorneys.
  • Consistent exercise of sound judgment and discretion in all matters.
  • Regular, consistent and punctual attendance. Must be able to work nights and weekends, variable schedule(s) as necessary.

Posted April 24, 2026

TD – Counsel – U.S. Privacy and Cybersecurity (AI Focus)

Responsibilities:

  • Provides consistent and sound legal advice in a clear, concise and responsive manner by taking initiative to develop legal knowledge and skill; knowing relevant substantive law, identifying legal issues; knowing the business and its products, operations, strategy, risk appetite and regulatory environment; owning the role of interpreting legal requirements through a balanced understanding of the law and business context to formulate relevant legal theories; and identifying business issues and policies related to the legal requirements, describing legal issues and options to the client
  • Identifies conflict situations and brings more senior lawyers into the decision-making process as appropriate by identifying situations when actions that the business unit wants to take conflicts with TD’s risk appetite and discusses with client how particular actions might be inconsistent
  • Effectively contributes to and/or leads negotiations and conflict resolutions by gathering supportive information in preparation for the negotiation, understanding the dynamics of the process and displaying an effective combination of firmness, tact, patience and respect in dealing with all parties involved

Posted April 24, 2026

Sanofi – Patient Privacy Officer & Counsel

Responsibilities:

  • As the business partner for several R&D and/or Medical departments, you will have end-to-end accountability to drive all privacy activities within your area, from driving privacy-by-Design of new projects to the effective monitoring and reporting of the risk management strategies to senior R&D leaders.
  • As a Subject Matter Expert of patient data, you will drive transversal privacy initiatives to foster responsible use of patient data, informed by patient perspectives, ethical and regulatory standards, and cross-functional alignment to protect patient rights and maintain trust while enabling innovation
  • You will monitor privacy risks in your area
  • You will partner with the local Privacy Officers and Legal teams in ensuring the Global Patients initiatives you support are compliant with local practices and regulations, and offering local resolutions,
  • You will co-author internal position papers with Legal, R&D and Government Affairs, representing Sanofi in industry advocacy efforts with Trade associations, Patient Associations Groups and Data Protection Regulators;
  • You will oversee patients rights requests coming from your respective areas, ensuring patients’ rights are upheld in line with regulatory requirements and Sanofi’s commitments to privacy;
  • You will drive the effective closure of action plans originating from regulatory inspections and internal audits

Posted April 22, 2026

Cisco – Senior Corporate Counsel: Regulatory Affairs, Cyber and National Security

Responsibilities:

  • Act as the subject-matter expert and resource across a range of regulatory issues, including cyber and national security regulations around the world.
  • Counsel your legal colleagues, product engineering, go-to-market teams, and other business teams on global cyber and national security regulations and develop Cisco policies and implementation plans to meet our compliance obligations and customer expectations on these topics.
  • Assist with responses to regulatory inquiries and investigations.
  • Develop and implement Cisco’s strategy with respect to evolving laws and regulations and Cisco’s commitments related to them.
  • Support Cisco’s regional Government Affairs leads on their work related to emerging regulatory trends and frameworks that impact Cisco’s business.

Posted April 22, 2026

lululemon – Senior Legal Counsel, Data Governance & AI

Responsibilities:

  • Identify and advise cross-functional partners on legal obligations relating to data disclosures and governance, platform/system safety and integrity, emerging technologies (including artificial intelligence (“AI”)), and applicable compliance requirements
  • Lead the development, implementation, and improvement of a comprehensive AI governance framework to support ethical and responsible AI use across the organization.
  • Collaborate and coordinate with cross-functional partners, to ensure the seamless integration of AI and data governance compliance programs.
  • Provide strategic guidance on emerging technologies, use of those technologies, and services including the implementation of new products and services relating to data governance and AI compliance legal risks.
  • Complete thorough risk assessments to identify potential legal and regulatory compliance issues and developing mitigation strategies.
  • Monitor and evaluate the effectiveness of AI governance framework, making adjustments based on evolving technologies, business needs, and regulatory landscapes.
  • Maintain company-wide policies, guidelines and practices on applicable AI and data governance legal matters.
  • Explain complex information to business partners in a straightforward and comprehensive manner
  • Review, monitor, and provide guidance on regulatory developments around data governance and AI.
  • Draft commercial contracts clauses and obligations related to emerging technology, including AI.
  • Develop and implement education curriculum and training plans for the larger legal team and cross functional business partners related to AI developments, impacts and potential risks to the organization.

Posted April 21, 2026

Charles Schwab – Director, Legal Counsel, Data Privacy and Cybersecurity

Responsibilities:

  • Regulatory Compliance and Risk Advisor: Provide legal guidance on U.S. and global privacy and cybersecurity laws, regulations, and enforcement trends. Interpret evolving regulatory guidance and translate supervisory expectations into actionable legal advice. Monitor emerging issues including AI governance, data ethics, digital identity, and advanced cyber threats. Advise on privacy-by-design and security-by-design, data minimization and retention, cross-border data transfers, access controls, and other data-related issues.
  • Incident Response and Cyber Events: Lead the legal response to privacy and cybersecurity incidents, including investigation, legal risk assessment, and regulatory and contractual analysis. Coordinate closely with internal stakeholders and external forensic firms, outside counsel, and crisis management advisors. Advise on notification obligations, litigation risk, and regulatory engagement arising from cyber events.
  • Commercial Transactions and Technology Enablement: Advise on privacy and cybersecurity issues across commercial transactions, including vendor engagements, cloud services, SaaS platforms, fintech partnerships, strategic investments, and M&A. Draft, negotiate, and approve data protection and information security provisions in customer, vendor, and partner agreements.
  • Emerging Technology and Innovation: Advise on privacy, data protection, and cybersecurity considerations related to the design, development, and deployment of artificial intelligence, advanced analytics, and other data-driven products and business models.
  • Litigation and Investigations: Support the company’s management of privacy- and cybersecurity-related litigation, regulatory enforcement matters, inquiries, and internal investigations.
  • Education and Enablement: Educate legal, technology, and business teams on privacy and cybersecurity requirements in a pragmatic, business-focused manner. Identify and support efforts to scale consistent, risk-based legal guidance across the enterprise.

Posted April 18, 2026

City of Columbus – Attorney – Information Technology & Cybersecurity

Responsibilities:

  • Drafts policies, procedures, assessments, and frameworks related to efficient and effective governance of cybersecurity operations;
  • Reviews and negotiates information technology agreements;
  • Reviews, improves, and approves as to form city information technology legislation and policy;
  • Assists the Department of Technology in coordinating the city’s efforts to protect information technology infrastructure and data, develop and exercise a cyber-response plan, establish uniform reporting standards;
  • Independently conducts research, formulates correspondence, complex reports & memoranda on cybersecurity strategy, operations, and governance;
  • Participates in development of cybersecurity strategy and operations across city departments;
  • Confers with City officials concerning the legal aspects of pending matters, including requests for public records;
  • Works with consultants and outside counsel to provide legal services for city administration

Posted April 10, 2026

Dynatrace – Senior Legal Privacy Counsel

Responsibilities:

  • Serve as primary privacy legal advisor for North America and Latam, partnering closely with North America corporate functions.
  • Own FTC compliance posture and advise on privacy risk decisions and operational execution.
  • Advise on HIPAA-related privacy requirements where applicable, ensuring appropriate interpretation and application within scoped use cases.
  • Help build and scale the program’s operational backbone, contributing to documented playbooks for core workflows, defining meaningful privacy metrics, and establishing a reporting cadence that delivers actionable visibility to leadership.
  • LATAM Support
  • Lead LGPD/LATAM privacy support by coordinating outside counsel and translating requirements into pragmatic internal guidance.
  • Adtech & Marketing
  • Own and lead the advisory function for adtech and martech issues, including cookie/consent compliance and privacy reviews related to marketing activities.
  • M&A integration support
  • Own and lead post-acquisition privacy work, including due diligence support and post-acquisition privacy integration for NA and LATAM-relevant targets.
  • Commercial support and data transfers
  • Draft, review and negotiate privacy terms in commercial agreements (e.g., DPAs) in customer, partner/vendor agreements to enable business while managing risk.
  • Partner with Procurement to strengthen vendor privacy due diligence, high-risk reviews and transfer impact approaches, where applicable.
  • Regulatory monitoring
  • Monitor and interpret regulatory developments and enforcement trends; translate them into clear business requirements and pragmatic execution plans.
  • Develop and deliver privacy training and awareness to build durable compliance behaviors across North America.

Posted April 10, 2026

Hyundai Capital America – Senior Counsel, Privacy and Advisory

Responsibilities:

  • Act as the Company’s primary privacy SME, providing legal and strategic guidance to business, technology, product, and operations teams to ensure compliance with applicable privacy, data protection, information security and consumer protection/advertising laws. Oversee legal review of all external communications to consumers, customers and dealers.
  • Own, implement, and maintain the Company’s enterprise privacy framework, including privacy policies, standards, procedures, governance models, and internal guidance. Lead updates to the privacy framework in response to regulatory developments, enforcement trends, and evolving business practices. Oversee privacy related documentation, recordkeeping, and reporting.
  • Act as primary liaison with Company’s affiliates in various data sharing, privacy, and marketing-related initiatives. Support new and existing third-party contract negotiations to identify and address privacy, data protection, information security and records management requirements.
  • Lead, mentor, and develop team members by providing direction, performance feedback, and support to ensure effective collaboration, professional growth, and achievement of organizational and personal goals.

Posted April 10, 2026

The Johns Hopkins University – Associate General Counsel & Privacy Officer (Office of Sr. Vice President & General Counsel)

Responsibilities:

  • Advise the university on legal issues related to applicable consumer and education-related privacy obligations, including but not limited to FERPA, HIPAA, GDPR, MODPA, CCPA, and other privacy and data regulations.
  • Collaborate with Johns Hopkins University Health System (“JHHS”) counsel and privacy officials on privacy matters that affect both JHU and JHHS.
  • Serve as the primary point of contact for non-clinical data privacy compliance for the university.
  • Revise and/or develop appropriate policies to implement safeguards to protect non-clinical records and data.
  • Develop contractual addendums, terms and conditions, and standard clauses for compliance with evolving domestic and global privacy regulations.
  • Engage with data governance programs on data handling best practices.
  • Manage and provide advice for practices around the data governance and protection impact assessment process, data use agreements, and data management plans.
  • Manage the data subject access request process.
  • Coordinate with university IT, the University Registrar, and other offices, and serve as the point of contact for the supervisory authority, if issues arise.
  • Partner with the Chief Risk Officer and Deputy Chief Risk Officer to lead the university’s Incident Response Team through process development and coordination of incident and breach response, including interfacing with data security experts, outside counsel, and in-house counsel when required.

Posted April 9, 2026

Genentech – Senior Counsel Specialist, Assistant General Counsel, Privacy Law

Responsibilities:

  • Act as a key internal point-of-contact and subject matter expert on privacy and data protection, providing practical, timely, strategic, and high-quality legal advice on data privacy and security matters.
  • Influence strategic implementation of privacy legal and compliance requirements across the organization.
  • Drive privacy strategy and implementation based on continuous monitoring of new and evolving privacy laws, enforcement, and litigation across jurisdictions.
  • Draft, update, and implement internal privacy policies, procedures, and guidances, and external privacy notices and consent language, to reflect evolving legal requirements and industry best practices.
  • Develop standards, templates, playbooks, and training for drafting and negotiation of data processing agreements.
  • Provide legal support for the strategic reviewing, drafting, and negotiating of privacy and data security terms in contracts with business partners and vendors, including data processing agreements and data protection terms in clinical research agreements.
  • Provide advice, education, training, and legal direction on data protection laws impacting business operations and contractual relationships.
  • Advise on data privacy, legal risk identification and mitigation efforts, as well as data privacy compliance efforts.
  • Develop content for privacy training materials and other communications to increase employee understanding of company privacy policies, data handling practices and procedures and legal obligations, as well as to ensure awareness of “best practices” on privacy and data security issues.
  • Review Privacy Impact Assessments (PIAs) and advise on the management of complex privacy matters involving systems and data processing activities.
  • Provide legal counsel on investigations involving reports of inappropriate or unauthorized access, loss or disclosure of personal data, including advising on potential liability, identifying legal obligations, and supporting incident response efforts.
  • Collaborate with External Affairs colleagues on opportunities to influence privacy and data security legislation.
  • Participate in industry group meetings to stay updated on best practices and emerging trends.
  • Partner and align with global colleagues on development and implementation of compliance and training programs.

Posted April 8, 2026

AMD – Assistant General Counsel – Privacy

Responsibilities:

  • Lead and oversee AMD’s global privacy program, including governance, policies, and operational alignment across regions.
  • Serve as the primary legal advisor on global privacy and data protection requirements, including GDPR, U.S. privacy laws, and other international regulatory frameworks applicable to AMD operations.
  • Act as the senior point of escalation for complex privacy issues, providing clear, pragmatic guidance to executive leadership and business teams on compliance obligations and risk mitigation.
  • Advise on privacy by design and privacy by default considerations for products, services, AI‑enabled technologies, and global business initiatives.
  • Oversee Data Protection Impact Assessments (DPIAs), privacy risk assessments, and related reviews for processing activities across jurisdictions.
  • Champion global privacy governance by drafting, reviewing, and maintaining privacy policies, internal guidance, procedures, and training materials.
  • Partner with information security and incident response teams to oversee data incident preparedness and response, including breach assessment and notification obligations.
  • Advise on international data transfers, including the use of Standard Contractual Clauses, Transfer Impact Assessments, and other lawful transfer mechanisms.
  • Review, draft, and negotiate complex privacy and data protection provisions in commercial agreements, including vendor, customer, cloud, and technology agreements.
  • Monitor and assess legislative, regulatory, and enforcement developments globally and communicate relevant impacts to internal stakeholders.

Posted April 8, 2026

Blue Cross Blue Shield of Vermont – Assistant General Counsel & Privacy Officer

Responsibilities:

  • Oversee day-to-day administration of the organization’s privacy operations including oversight of permitted access, use, and disclosure of information.
  • Serve as incident Response Coordinator and lead privacy incident investigations and perform risk assessments, including coordination with IT, Compliance, and executive stakeholders.
  • Develop and enhance privacy policies, procedures, and training programs.
  • Interpret state and federal statutes and regulations that impact the Corporation, including those pertaining to federal and state legal and regulatory requirements applicable to the Corporation.
  • Support regulatory audits, filings, and examinations while proactively assisting Compliance and operational teams in addressing regulatory risk.
  • Draft, review, and negotiate vendor agreements, non-disclosure agreements (NDAs), business associate agreements (BAAs), and related commercial contracts.

Posted April 5, 2026

Superhuman – Privacy Counsel

Responsibilities:

  • Advise product, engineering, and business teams on data privacy, security, and compliance requirements across the product lifecycle
  • Provide practical and actionable legal guidance regarding risks and obligations under global laws related to data protection, biometrics, children’s privacy, marketing/advertising, and regulatory engagement (including GDPR, CCPA, COPPA, HIPAA and U.S. state laws)
  • Oversee privacy impact assessments and proactively identify and address potential privacy risks
  • Develop and maintain privacy policies, internal guidelines, and compliance frameworks
  • Monitor, interpret, and implement requirements from global privacy laws and regulations (GDPR, CCPA, etc.)
  • Respond to customer questions and data subject requests working in partnership with Security and Support
  • Draft, review, and negotiate privacy-related agreements, including DPAs, customer and vendor contracts, and privacy terms
  • Design and deliver privacy and data protection training for internal teams
  • Support, advise on, and drive cross-functional technical implementation for horizontal privacy compliance work, including related to retention, deletion, anonymization, pseudonymization, etc.
  • Advise on and support implementation of an AI governance program
  • Support privacy M&A integration
  • Track industry developments and best practices related to privacy in SaaS, AI, and cloud technologies

Posted April 3, 2026

Okta – Senior Corporate Counsel – Cybersecurity

Responsibilities:

  • Lead a team of talented, high-performing cybersecurity legal professionals and serve as a point of escalation to provide cybersecurity legal expertise and guidance to executives, cross functional leaders and other stakeholders throughout the organization.
  • Advise, draft and negotiate cybersecurity and privacy terms associated with outbound cloud service Master Subscription Agreements, Information Security Exhibits, Data Processing Addendums and other documentation related to sales transactions, while partnering closely with Okta’s Commercial Legal team.
  • Provide day-to-day legal support surrounding cybersecurity and privacy-related contract requests and respond promptly and effectively to legal requests from internal clients with pragmatic and business-oriented guidance.
  • Provide advice and guidance to Okta Security, Engineering, Product, executives, and other stakeholders on compliance with applicable security and privacy laws and regulations, such as the General Data Protection Regulation, United States’ federal and state regulations, security/privacy by design, frameworks and industry certifications.
  • Support the investigation of potential security and privacy incidents, including analyzing relevant legal and regulatory responsibilities, and providing guidance to internal clients on mitigation, remediation and resolution efforts.
  • Develop, implement and maintain standards, processes, runbooks and guidance surrounding cybersecurity and privacy-related issues for Go-to-Market transactions, and partnering closely with members of the Legal, Security, Compliance and Engineering teams, among other key stakeholders.
  • Build critical relationships in order to effectively provide practical and strategic advice to assist the business in meeting its objectives, while ensuring information security and privacy compliance. Advise on recommended courses of action and legal risk, with the ability to judge when to escalate identified issues as appropriate.

Posted April 1, 2026

UnitedHealth Group – Associate General Counsel, Privacy – Remote

Responsibilities:

  • Serve as a trusted privacy advisor to OBC, with deep focus on HIPAA and state privacy law compliance
  • Advise on regulatory change management and support implementation of emerging federal and state privacy requirements
  • Design and operationalize provider specific privacy programs, including training, communications, policies and procedures, and Notices of Privacy Practices
  • Provide privacy support for business associate agreements and contracting in collaboration with segment legal and contracting teams
  • Manage a team of individuals who assist in providing OBC privacy support, manage incidents and maintain the overall program
  • Counsel the incident management team and lead responses to regulatory inquiries, including OCR investigations, HHS reporting, and state attorney general matters
  • Support HIPAA individual rights processes across OBC
  • Deliver clear, actionable privacy updates and reporting to business and privacy leadership on a regular cadence
  • Collaborate with internal partners on privacy due diligence for acquisitions and integration activities
  • Draft and coordinate responses to government requests for comment on proposed privacy regulations
  • Conduct and advise on privacy assessments, audits, and compliance reviews
  • Monitor the evolving privacy landscape and translate legal and industry developments into practical guidance
  • Partner closely with Privacy, Compliance, and cross functional stakeholders across Optum Health Care Delivery

Posted March 31, 2026

GEICO – Counsel, Privacy & Information Law – HYBRID

Responsibilities:

  • Conduct legal research and draft legal guidance.
  • Work with internal clients and others in the legal department to provide advice related to data-protection & privacy compliance; cybersecurity; data and information use related matters and associated technology considerations.
  • Assist the privacy and the cybersecurity teams with responding to privacy incidents, cyber incidents, and data breaches.
  • Assist in the development and implementation of privacy, cyber and information use policies, procedures, and training programs.
  • Collaborate with cross-functional teams to evaluate potential privacy and infosec risks and provide practical solutions.
  • Identify data-protection issues for new products, processes, and technologies; assist the privacy, cybersecurity, and product teams in addressing those risks.
  • Monitor and provide substantive comments on relevant privacy and data-protection, cyber and other information law legislative and regulatory changes, including through trade association and other industry fora; analyze and advise on potential impact to the organization.
  • Support Supplier Management with privacy, cyber and information use aspects of vendor onboarding and management.

Posted March 31, 2026

Netcracker Technology – Corporate Counsel, Information Security & Privacy

Responsibilities:

  • Negotiate and advise on information security, data protection, and compliance provisions in customer contracts, including MSAs, DPAs, Support and Maintenance agreements, and security annexes.
  • Act as a legal liaison between commercial legal, information security, sales, compliance, and other corporate and internal stakeholders.
  • Serve as a customer-facing legal contact for security, privacy, data protection, and related compliance discussions during contract negotiations and the project lifetime.
  • Support contracting for Telco/ISP software and professional services, including AI/SaaS/cloud and managed services offerings.
  • Advise internal teams on regulatory, contractual, and customer-specific requirements related to data protection, cybersecurity, and related compliance.
  • Ensure contractual commitments align with internal security controls, policies, and related compliance frameworks.
  • Track and interpret relevant global laws, regulations, and industry standards impacting telecom customers.
  • Contribute to the development and maintenance of standard contractual language, negotiation playbooks, and internal guidance.

Posted March 27, 2026

Highmark Health – Counsel – Privacy

Responsibilities:

  • Provide regular legal support for one or more discrete units of the Corporation; demonstrate significant knowledge of the Corporation’s business, while retaining the discipline of legal analysis; provide timely and accurate legal advice and prepare effective documents based upon knowledge of federal, state and other applicable law and the regulatory environment in which the Corporation functions; apply sound business judgment to the provision of legal advice; have advanced expertise in areas of legal practice that are necessary to effectively provide legal counsel; provide results of analysis to other attorneys in the Law Department (“Department”) or, under the direction of a managing attorney, directly to appropriate management and staff of the Corporation; provide legal advice to management and staff of the Department.
  • Maintain positive and effective relationships with other members of the Department, as well as management and other staff of the Corporation, and outside counsel; maintain and foster productive relationships between the Corporation and external parties.
  • Manage litigation, transactions or other matters and/or assist and work cooperatively with and/or supervise outside legal counsel from approved law firms used by the Corporation in support of one or more projects in the lawyer’s area of practice for the Corporation; may direct such work of outside legal counsel or facilitate such work of outside counsel to address issues effectively and efficiently, including minimizing outside legal counsel fees and expenses, as appropriate.
  • Have well-developed skills in preparing legal memoranda, contracts, pleadings, analyses, correspondence and other relevant documents, while continuing to strengthen one or more other skills; perform legal research and investigate facts.
  • Should have strong decision-making capability and should be proficient in being able to make business-oriented yet legally compliant recommendations. Investigate both straightforward and complex situations and present well-reasoned and creative solutions and alternatives based upon independent legal research and analysis of the facts and the law.

Posted March 27, 2026

Crowdstrike – Privacy Counsel (Remote)

Responsibilities:

  • Customer-Facing Privacy & Contract Negotiation
  • Review, draft, and negotiate Data Processing Agreements (DPAs) with customers.
  • Clearly articulate CrowdStrike’s role as a cybersecurity platform provider.
  • Support customer negotiations relating to international data transfers (SCCs, transfer impact assessments, localization requirements), sub-processor governance and transparency, security measures and audit rights, AI-related privacy and regulatory questions.
  • Support responding to customer privacy questionnaires and due diligence requests.
  • Partner with Commercial Legal and Sales to enable efficient deal closure while maintaining compliance integrity.
  • Vendor Onboarding & Sub-Processor Governance
  • Conduct privacy-focused vendor onboarding reviews and structured risk assessments.
  • Identify whether vendors qualify as subprocessors.
  • Review and negotiate vendor-side DPAs and privacy clauses.
  • Lead structured information gathering to ensure legally compliant onboarding.
  • Assess privacy implications of AI tools used internally by vendors or embedded in products.
  • Conduct and document DPIAs and related risk documentation.
  • Privacy Risk Assessment & Compliance Documentation
  • Identify and assess data protection risks in customer and vendor constellations.
  • Develop sensible mitigation strategies in collaboration with internal stakeholders and vendors.
  • Maintain and enhance our register of processing activities (RoPA) and other documentation.
  • Support ongoing monitoring of global privacy compliance obligations.
  • Process Optimization, Automation & Program Development

Posted March 26, 2026

Gordon Rees Scully Mansukhani – Cyber, Privacy & Data Security Litigation Attorney

Responsibilities:

Ideal candidates will have knowledge of state-level privacy laws, including the CCPA/CPRA, and experience with data breach and cybersecurity class action litigation and technology/errors and omissions litigation. Candidates must possess an excellent academic background, with strong writing, research and communication skills, and be a self-starter who is able to handle matters from inception with minimal supervision A commitment to superior client service is essential.

Posted March 23, 2026

AirWallex – Senior Counsel, Data Privacy

Responsibilities:

  • Serve as lead data and privacy counsel for the US and Americas region, providing risk‑based, business‑oriented advice on US, Canada, and South American, data protection, AI and cybersecurity issues (including cross‑border access and national‑security‑adjacent topics), grounded in global data protection regulation and frameworks.
  • Spearhead AI governance development and implementation globally, providing guidance on relevant global and US AI frameworks and executing a fit-for-purpose AI governance approach at Airwallex, including developing and implementing AI policies, procedures, privacy-related AI mitigations, and accountability frameworks.
  • Develop and help execute privacy and data protection compliance programs for the Americas, specifically focused on compliance with US federal and state consumer financial privacy frameworks (GLBA, FCRA, CalFIPA) compliance, Executive Order 14117, and comprehensive state privacy compliance.
  • Partner closely with Product, Engineering, Information Security, Regulatory Legal, Regulatory Compliance, Commercial Legal and Risk to embed privacy‑ and security‑by‑design in product development, technical architecture, UX, and go‑to‑market, including by spearheading DPIAs/PIAs, AI risk assessments, and other privacy impact assessments.
  • Draft, review, and negotiate complex data protection and data‑sharing terms (including DPAs, cross‑border transfer terms, and AI‑related clauses) with customers, vendors, financial partners, and other third parties, acting as an escalation point for high‑risk matters.
  • Coordinate and oversee international data flows touching the Americas, ensuring appropriate transfer tools and governance (e.g. SCCs or equivalent), and supporting initiatives on data localisation, storage, and access controls.
  • Co‑lead the privacy and data‑protection workstream for security and data incidents related to the Americas with Information Security and other stakeholders, including triage, investigation, regulatory and customer notifications, remediation, and lessons learned.

Posted March 20, 2026

LPL Financial – VP, Assistant General Counsel, Cybersecurity

Responsibilities:

  • Advise on legal and regulatory obligations applicable to cybersecurity incidents, including materiality assessments, regulatory notifications, disclosure requirements, and client/advisor communications.
  • Serve as the primary legal advisor for incident response, working closely with Information Security, Technology, Communications, Compliance, and executive leadership during cyber and data events.
  • Monitor and interpret evolving cybersecurity regulations (e.g., NYDFS Cybersecurity Rules, state breach laws, privacy laws, SEC/FINRA expectations) and assess their impact on business operations.
  • Support crisis management activities and provide legal guidance on escalation, response coordination, and regulatory engagement during high-priority events.
  • Draft, review, and update cybersecurity and incident response policies, standards, procedures, and playbooks, including enhancements to the firm’s incident response program and governance model.
  • Provide legal input into cyber tabletop exercises, readiness assessments, and cross-functional simulations to strengthen operational resilience.
  • Advise on cybersecurity requirements applicable to third-party service providers, vendor oversight, and technology integrations, including contractual terms, diligence, and supervisory expectations.
  • Partner with Information Security to evaluate cybersecurity controls and governance frameworks, including processes related to logging, monitoring, identity and access management, endpoint protection, and vulnerability management.
  • Support regulatory examinations, supervisory inquiries, remediation activities, and documentation efforts related to cybersecurity matters.
  • Collaborate cross-functionally with Technology, Risk, Compliance, Data Governance, and business teams to support cybersecurity regulatory compliance and operational alignment.
  • Educate internal stakeholders on cybersecurity legal risks, regulatory expectations, and best practices to promote a culture of cybersecurity awareness and accountability.

Posted March 20, 2026

Nordstrom – Senior Corporate Counsel, Privacy

Responsibilities:

  • Serve as the primary legal advisor on U.S. state privacy laws, including CCPA/CPRA, and the growing patchwork of state comprehensive privacy statutes (Virginia, Texas, Colorado, etc.)
  • Lead and maintain the company’s U.S. privacy compliance program, including privacy notices, consent mechanisms, opt-out frameworks, and data subject rights processes
  • Monitor legislative and regulatory developments in U.S. privacy law and advise on required compliance changes in the context of rapidly evolving business processes
  • Monitor and assess emerging AI legislation, regulatory guidance, and enforcement trends across federal, state, and international jurisdictions, and advise on their practical implications for Nordstrom’s use of AI and automated decision-making

Posted March 18, 2026

Petco – Privacy Counsel II

Responsibilities:

The Privacy Counsel will perform critical legal work to support Petco’s U.S. privacy compliance program, with the ultimate goal of continuing to improve and mature Petco’s overall compliance position. The Privacy Counsel will maintain, evolve, and update Petco’s Standard Operating Procedures for privacy compliance, Data Processing Addenda, Privacy Impact Assessments, vendor privacy requirements and guidelines, and similar privacy compliance materials. The Privacy Counsel will assist with developing, improving, and delivering employee trainings and reference materials on common privacy issues in retail, with the goal of furthering a privacy-forward culture within the organization. This role will also partner with Petco’s Privacy Paralegal and Privacy Analyst to assess, track, report on, and further develop Petco’s processes for granting data subject requests, its internal data maps, and its use of third-party privacy software.

Posted March 14, 2026

Sanofi – Privacy Officer and Counsel

Responsibilities:

  • Serve as internal Privacy Counsel for the US market and lead on privacy compliance related to mergers and acquisitions, corporate integrations, and innovation projects
  • Serve as the main point of contact for privacy integration roadmaps for acquired companies
  • Serve as a subject matter expert on privacy diligence assessments and gap analyses
  • Expert knowledge of data protection, information security, breach notification, data privacy policies and procedures, in compliance with GDPR, HIPAA, current State Privacy Laws in the US.
  • Conduct data privacy impact assessments for projects/products within scope.
  • Manage privacy and breach requirements including investigation, reporting, and remediation in accordance with regulatory requirements.
  • Ensure documentation and records of data processing activities are maintained accurately for audit purposes

Posted March 14, 2026

Care Access – Counsel, Health Data and Privacy

Responsibilities:

  • Privacy Law Expertise: Provide strategic and practical legal advice on global privacy and data protection laws, including GDPR, HIPAA, CCPA/CPRA, and other U.S. state and federal privacy laws. Experience with GDPR and HIPAA mandatory.
  • AI & Emerging Technologies: Advise on privacy and data protection implications of AI-enabled tools, machine learning systems, and other emerging technologies involving health and personal data. Conduct and draft legal risk assessments addressing automated processing, training data use, model outputs, human-in-the-loop safeguards, cross-border considerations, and evolving regulatory frameworks.
  • Clinical Support: Partner with clinical and operations teams to advise on privacy and data protection matters related to clinical research activities, including cross-border data transfers, site operations, and subject data rights.
  • Contracting & Transactions: Draft, review, and negotiate data processing agreements, data transfer agreements, data sections of clinical trial agreements, licensing deals, and other contracts involving company, personal or sensitive data.
  • Cross-Functional Partnership: Act as a trusted legal advisor to teams across the company to develop practical, risk-adjusted solutions that support compliance and responsible business growth.

Posted March 13, 2026

Baxter International – Corporate Counsel, Privacy

Responsibilities:

  • Act as an advisor and subject matter expert for Baxter’s business divisions and support the initiatives, projects, and products assessments providing practical, timely, strategic, and high-quality legal advice on data privacy and implementation under applicable privacy laws.
  • Support Baxter contracting/procurement teams and commercial teams regarding data privacy legal questions, contract reviews, and negotiations, including, but not limited to, drafting and negotiating Business Associate Agreements and/or Data Processing Agreements, as applicable, with Baxter’s vendors and customers.
  • Advise marketing and digital teams to lead privacy compliance on websites with a focus on privacy notices, cookie banners, opt-out mechanisms, and tracking technologies and controls consistent with applicable privacy laws.
  • Monitor developments in US privacy laws (e.g., HIPAA, CCPA/CPRA, state laws) and related legislation and industry practices and support operationalization of compliance.
  • Develop and perform trainings, as needed, following the Baxter Privacy Office Curriculum and functional needs.
  • Be able to act independently and provide expert legal advice and counsel to Baxter on privacy compliance matters.
  • Partner and interact closely with business and/or functional leaders and/or teams in the identification of privacy related issues and support in the efficient resolution.
  • Identify areas of vulnerability and risk and undertake corrective plans to resolve the issues.
  • Conduct or support internal investigations of allegations of potential data breaches.
  • Lead data subject requests as per privacy laws.
  • Conduct privacy assessments, including Data Protection Impact Assessments (DPIAs), as required in the geographies under the supervision of Baxter Privacy Office.
  • Maintain up to date privacy expertise, skills, and competency regarding evolving laws, regulations, guidance, and directives impacting Baxter.

Posted March 12, 2026

Roblox – Privacy and Security Counsel

Responsibilities:

  • SME on Law: Provide subject-matter expertise and guidance on the evolving global security and privacy legal landscape, including legislation, regulations, enforcement actions, and best practices, translating analysis into clear, concise, and actionable guidance to both legal and security teams.
  • Incident Response Engagement: Engage with the Detection and Response and Global Security teams during incidents. Provide legal guidance throughout the incident, including during verification, triage, containment, remediation, post-mortem, table-top exercises, counseling internal stakeholders throughout the incident lifecycle, reporting to regulators, and notifying customers to meet our global obligations.
  • Security Compliance Support: Own and deliver complex, cross-functional cybersecurity legal initiatives end-to-end (e.g., new regulatory regimes, major incident response improvements), with clear milestones, stakeholder alignment, and measurable outcomes. Continuously improve incident response policies and playbooks that meet the standards of applicable global data privacy and security laws.
  • Security Team Support: Embed within security pods as a trusted partner and go-to legal resource for regular expertise, insights, guidance, and support to different security teams, including Application Security, GRC, Privacy Engineering, Global Security, and Infrastructure/Platform teams, developing a working understanding of Roblox’s architecture, data flows, and operational constraints.
  • Cross-Functional Legal Advice: Provide subject matter expertise in privacy and security and support to cross-functional legal advocacy teams, including corporate, employment, compliance, policy, regulatory, product, privacy, and commercial.

Posted March 11, 2026

Superhuman – Privacy Counsel

Responsibilities:

  • Advise product, engineering, and business teams on data privacy, security, and compliance requirements across the product lifecycle
  • Provide practical and actionable legal guidance regarding risks and obligations under global laws related to data protection, biometrics, children’s privacy, marketing/advertising, and regulatory engagement (including GDPR, CCPA, COPPA, HIPAA and U.S. state laws)
  • Oversee privacy impact assessments and proactively identify and address potential privacy risks
  • Develop and maintain privacy policies, internal guidelines, and compliance frameworks
  • Monitor, interpret, and implement requirements from global privacy laws and regulations (GDPR, CCPA, etc.)
  • Respond to customer questions and data subject requests working in partnership with Security and Support
  • Draft, review, and negotiate privacy-related agreements, including DPAs, customer and vendor contracts, and privacy terms
  • Design and deliver privacy and data protection training for internal teams
  • Support, advise on, and drive cross-functional technical implementation for horizontal privacy compliance work, including related to retention, deletion, anonymization, pseudonymization, etc.
  • Advise on and support implementation of an AI governance program
  • Support privacy M&A integration
  • Track industry developments and best practices related to privacy in SaaS, AI, and cloud technologies

Posted March 10, 2026

The Standard – Attorney – Privacy

Responsibilities:

  • Advise business partners on privacy and data protection matters, including the collection, use, sharing, retention, and security of personal information.
  • Conduct risk assessments related to privacy incidents and data security events and recommend remediation and notification actions.
  • Provide legal guidance on new technologies, products, and processes that impact company data, with a focus on risk mitigation and compliance.
  • Draft, review, and negotiate privacy‑related provisions in commercial contracts and vendor agreements.
  • Monitor, research, and advise on legal and regulatory developments affecting privacy and data protection, particularly in the insurance and financial services sectors.
  • Partner with cross‑functional teams (including compliance, security, IT, and product) to develop and improve privacy workflows, policies, and processes.
  • Support legislative and regulatory engagement efforts related to privacy in coordination with government relations and trade associations.
  • Engage and manage outside counsel or alternative legal service providers to deliver high‑quality, cost‑effective legal services.

Posted March 11, 2026

The Walt Disney Company – Senior Counsel – Privacy

Responsibilities:

  • Draft, negotiate, and advise on privacy and data protection terms in vendor technology, advertising, and distribution partner agreements.
  • Advise on legal and business initiatives as they relate to privacy compliance, policy, and process, while providing practical guidance that will help Disney develop and implement solutions to complex issues.
  • Maintain documentation of privacy requirements and advice for global product launches and initiatives, including data protection impact assessments and other compliance documentation.
  • Establish and enforce data governance policies and procedures.
  • Support enterprise-wide and targeted training initiatives and outreach.
  • Share our team’s drive and enthusiasm for staying on top of the latest developments in this dynamic space.
  • Work directly with business and legal colleagues throughout the enterprise.

Posted March 6, 2026

Arrow Electronics – Counsel, Privacy, AI & Data Protection

Responsibilities:

  • Provide legal leadership on AI governance and responsible adoption of AI/ML/LLMs, including risk-based reviews, internal controls, documentation, and oversight mechanisms (e.g., transparency, accountability, human oversight).
  • Monitor and interpret AI legal and regulatory developments, and develop internal guidance/training aligned to best practices, frameworks, and evolving global and U.S. state automated decision-making laws.
  • Partner with AI/Data teams to implement legal, technical, and operational requirements for AI solutions as regulations and enforcement evolve globally; support development/review of Responsible AI documentation.
  • Advise on privacy and data protection laws and regulatory trends (e.g., U.S. state privacy laws, GDPR, sectoral requirements as applicable), and embed “privacy-by-design” into products and operations.
  • Lead and/or oversee privacy impact assessments and data protection impact assessments, and maintain core privacy program artifacts (e.g., records of processing, DPIAs/PIAs).
  • Partner with Marketing and digital teams on privacy requirements for cookies, pixels, SDKs, analytics/advertising technologies, and consent management practices.

Posted March 4, 2026

OpenAI – Counsel, Privacy

Responsibilities:

  • Support OpenAI research, product, engineering, privacy, and security teams in the development and release of cutting-edge AI products and services
  • Anticipate and address privacy, regulatory, product, and other legal risks
  • Develop strategies for handling legal issues in creative ways and build scalable, flexible processes to manage risk
  • Help build and improve processes for scaling our privacy program as the company grows
  • Become an expert in AI privacy matters and help propose and advance AI legal policy positions

Posted March 3, 2026

Bandwidth – Senior Privacy Counsel

Responsibilities:

  • Advise business stakeholders and support compliance as a subject matter expert on privacy and data protection requirements in connection with Bandwidth’s products, services, and operations worldwide.
  • Draft, review, and negotiate privacy terms in service, software and telecommunications agreements, including agreements with customers, vendors, and partners and/or carriers, in support of and close coordination with the Commercial Legal Team and Global Regulatory team.  Develop and contribute to templates, playbooks, and training to support the Commercial Legal with resolution before escalation.
  • Research and deepen your expertise in global privacy laws, AI legislation, and emerging tech regulations, with a special emphasis on Europe and UK (unpacking acronyms such as the GDPR, ePrivacy Directive, the EU AI Act, and the NIST AI Risk Management Framework); provide practical guidance on implementing new requirements to business stakeholders and other members of the Legal team.
  • Lead and assist in the completion of risk assessments such as privacy by design product review, PIAs, DPIAs, AI risk reviews, and transfer impact assessments on a prioritized basis to support the goals of the Bandwidth Privacy Program and new business initiatives.
  • Serve as a spirited champion for privacy and AI awareness across the company–creating and delivering training, fielding questions, and keeping teams informed and empowered.
  • Own, manage, and continuously strive to improve processes, procedures, and operational functions of the privacy program; assist in the creation and upkeep of our privacy and AI notices and disclosures, policies, and internal guidelines and resources to ensure they are clear, current, useful, and aligned with our operational objectives.
  • Lead and contribute to investigation, mitigation, and response to privacy incidents and regulatory inquiries on an as-needed basis, and assist in the development of incident response protocols.
  • Advise on cybersecurity laws and regulatory frameworks in collaboration with our Global Regulatory and Information Security teams; support implementation, monitoring, and compliance in connection with third-party and customer standards for data protection and data security, including ISO 27001/27701/42001, SOC II, NIS2, and customer audits.

Posted March 3, 2026

*  *  *

Looking for an older job listing? In an effort to keep this page as up-to-date as possible, we have moved Job Listings older than the date above to our Condensed Job Listings page. We hope this comprehensive list will allow you to see the many different career opportunities that exist in Privacy and Data Security Law.