Privacy Law Job Listings

Background Pink

Privacy Law Job Listings - TeachPrivacy Training 01

 

PRIVACY LAW JOB LISTINGS

This page gathers privacy job listings. Check links for further details, including salary, qualifications, location, and responsibilities. We advise you to apply even if you don’t quite meet requirements for years of experience, as employers often don’t adhere strictly to such requirements. Please write to us if you know of privacy law job listings we should include.

NOTE: As we often don’t know when positions are filled, not all positions listed on this page are still open.  Posted dates are approximations.

*  *  *

Arrow Electronics – Counsel, Privacy, AI & Data Protection

Responsibilities:

  • Provide legal leadership on AI governance and responsible adoption of AI/ML/LLMs, including risk-based reviews, internal controls, documentation, and oversight mechanisms (e.g., transparency, accountability, human oversight).
  • Monitor and interpret AI legal and regulatory developments, and develop internal guidance/training aligned to best practices, frameworks, and evolving global and U.S. state automated decision-making laws.
  • Partner with AI/Data teams to implement legal, technical, and operational requirements for AI solutions as regulations and enforcement evolve globally; support development/review of Responsible AI documentation.
  • Advise on privacy and data protection laws and regulatory trends (e.g., U.S. state privacy laws, GDPR, sectoral requirements as applicable), and embed “privacy-by-design” into products and operations.
  • Lead and/or oversee privacy impact assessments and data protection impact assessments, and maintain core privacy program artifacts (e.g., records of processing, DPIAs/PIAs).
  • Partner with Marketing and digital teams on privacy requirements for cookies, pixels, SDKs, analytics/advertising technologies, and consent management practices.

Posted March 4, 2026

OpenAI – Counsel, Privacy

Responsibilities:

  • Support OpenAI research, product, engineering, privacy, and security teams in the development and release of cutting-edge AI products and services
  • Anticipate and address privacy, regulatory, product, and other legal risks
  • Develop strategies for handling legal issues in creative ways and build scalable, flexible processes to manage risk
  • Help build and improve processes for scaling our privacy program as the company grows
  • Become an expert in AI privacy matters and help propose and advance AI legal policy positions

Posted March 3, 2026

Bandwidth – Senior Privacy Counsel

Responsibilities:

  • Advise business stakeholders and support compliance as a subject matter expert on privacy and data protection requirements in connection with Bandwidth’s products, services, and operations worldwide.
  • Draft, review, and negotiate privacy terms in service, software and telecommunications agreements, including agreements with customers, vendors, and partners and/or carriers, in support of and close coordination with the Commercial Legal Team and Global Regulatory team.  Develop and contribute to templates, playbooks, and training to support the Commercial Legal with resolution before escalation.
  • Research and deepen your expertise in global privacy laws, AI legislation, and emerging tech regulations, with a special emphasis on Europe and UK (unpacking acronyms such as the GDPR, ePrivacy Directive, the EU AI Act, and the NIST AI Risk Management Framework); provide practical guidance on implementing new requirements to business stakeholders and other members of the Legal team.
  • Lead and assist in the completion of risk assessments such as privacy by design product review, PIAs, DPIAs, AI risk reviews, and transfer impact assessments on a prioritized basis to support the goals of the Bandwidth Privacy Program and new business initiatives.
  • Serve as a spirited champion for privacy and AI awareness across the company–creating and delivering training, fielding questions, and keeping teams informed and empowered.
  • Own, manage, and continuously strive to improve processes, procedures, and operational functions of the privacy program; assist in the creation and upkeep of our privacy and AI notices and disclosures, policies, and internal guidelines and resources to ensure they are clear, current, useful, and aligned with our operational objectives.
  • Lead and contribute to investigation, mitigation, and response to privacy incidents and regulatory inquiries on an as-needed basis, and assist in the development of incident response protocols.
  • Advise on cybersecurity laws and regulatory frameworks in collaboration with our Global Regulatory and Information Security teams; support implementation, monitoring, and compliance in connection with third-party and customer standards for data protection and data security, including ISO 27001/27701/42001, SOC II, NIS2, and customer audits.

Posted March 3, 2026

Ramp – Privacy Data & AI Counsel

Responsibilities:

  • Privacy & AI Governance: Advise on global privacy and AI laws (e.g. CCPA, other state privacy and marketing laws, GDPR, EU AI Act, and PIPEDA) and other international laws and frameworks), including data mapping, data subject requests (DSRs), and privacy impact assessments
  • Privacy Compliance Automation: Manage and help automate privacy program work, such as data mapping, data subject requests (DSRs), and privacy impact assessments
  • Product Counseling: Partner with Product and Engineering teams to advise on and help ship new features and products
  • Incident Management and Business Continuity: Collaborate with Information Security, Engineering, and other stakeholders to support incident management and business continuity work, including improving and maintaining policies and plans, conducting training and tabletop exercises, and helping manage the response and recovery in the event of a security incident or other business continuity event
  • Commercial Support: Draft, review, and assist with negotiation of data processing agreements (DPAs), and data, AI, and information security provisions in customer, vendor, and partner contracts
  • Regulatory Monitoring: Proactively track and analyze developments in privacy, cybersecurity, AI, and data governance regulation at the federal, state, and international levels, and translate those developments into actionable business advice
  • Training: Create and deliver privacy, AI, and information security training to internal stakeholders to build awareness and increase business partner enablement

Posted February 28, 2026

Advanced Auto Parts – Senior Counsel, Privacy, Security, AI & Data Governance

Responsibilities:

  • Counsel senior leadership on privacy, cybersecurity, and AI governance to support innovation and customer trust.
  • Shape enterprise data governance strategies that align with regulatory requirements and business goals.
  • Advise on U.S. and global privacy laws (e.g., CCPA, GDPR, HIPAA) and regulatory trends.
  • Partner with product, marketing, and technology teams to embed privacy and security into customer-facing initiatives.
  • Lead privacy impact assessments (PIAs/DPIAs) and data protection reviews.
  • Provide legal guidance for cybersecurity programs, including incident response planning and execution.
  • Support internal investigations, audits, and regulatory inquiries related to data practices.
  • Draft and negotiate data-related agreements, including data sharing, processing, and AI vendor contracts.
  • Conduct privacy and AI governance reviews of vendors and internal programs.
  • Maintain and update internal and external privacy and data governance policies.
  • Create customer-facing documentation (e.g., FAQs, data sheets) to support transparency and trust.
  • Drive internal training and awareness programs on privacy, cybersecurity, and AI governance.
  • Monitor and interpret evolving laws and best practices to ensure proactive compliance.

Posted February 25, 2026

LVT (LiveView Technologies) – Sr. Privacy Counsel

Responsibilities:

  • Lead Legal Guidance: Provide practical, action-oriented legal advice to internal teams on a wide range of global privacy, data protection, and data governance issues.
  • Product Development & Design: Review new products, features, and technology initiatives to ensure compliance with applicable privacy laws and internal policies from the initial design phase (“privacy-by-design”).
  • Data Protection Program Management: Maintain and continuously update LVT’s global data protection compliance program, including policies, procedures, records of processing activities (RoPA), and privacy notices.
  • Contract Drafting & Negotiation: Draft, review, and negotiate data protection agreements (DPAs), vendor agreements, and data transfer mechanisms (e.g., Standard Contractual Clauses). Incident Response: Lead the legal response to data security incidents, including managing notification obligations in various jurisdictions.
  • Training & Awareness: Develop and deliver engaging, effective privacy training and awareness programs for employees across the company.
  • Regulatory Monitoring: Monitor and analyze changes in global privacy legislation and regulatory enforcement, advising the business on necessary adjustments and implementation strategies.
  • Success Measurement: Success in this role is measured by maintaining LVT’s exemplary compliance record, the timely and efficient launch of new privacy-compliant products, and high internal stakeholder confidence in legal guidance.

Posted February 25, 2026

McDonald’s – Sr Manager, AI Legal Counsel

Responsibilities:

  • Supports legal reviews related to the development and deployment of AI products and systems.
  • Provides analysis and advice on compliance with emerging global AI regulations and standards.
  • Collaborates across Global Technology AI product developers, engineers, Enterprise Data Analytics & AI strategists, data scientists, various global business and legal teams and advise on applicable laws and ways to balance risk and reward for McDonald’s.
  • Assists in drafting AI guidance, playbooks and governance materials.
  • Supports AI contract reviews and risk assessments.
  • Participates optimally and constructively as a member of the team.
  • Is a strategic partner and trusted advisor on legal and non-legal issues.
  • Optimally communicates with and influence business clients at all levels of the organization, including senior management.
  • Establishes proactive and trustworthy relationships with clients as well as other members of the legal organization globally.
  • Works independently and efficiently under time pressures and deadlines in a dynamic, demanding environment.
  • Owns dedicated and directed learning of AI.

Posted February 21, 2026

F5 – Cybersecurity Counsel

Responsibilities:

  • Lead & operationalize incident response and data breach legal workstreams: Advise on IR readiness, privilege protocols, and crisis decisioning; run legal materiality assessments and contribute to required disclosures (including support for SEC Form 8‑K cyber incident filings), coordinating closely with the CISO and the Corporate IR Team under established playbooks.
  • Own security terms in commercial negotiations: Draft and negotiate security and data protection schedules, support customer and vendor security reviews, RFPs, and audit requests, incident‑notification clauses, vulnerability remediation commitments, secure development and testing language, and shared‑responsibility delineations; align with internal control owners and the F5 Trust Center materials.
  • Guide security compliance strategy: Interpret and operationalize frameworks and obligations (e.g., SOC 2, ISO/IEC 27001, FedRAMP, NIST SP 800‑53/CSF, DORA) with Product, Security, Compliance, and GTM teams; help design controls and evidence plans that withstand customer and regulator scrutiny.
  • Advise on global cyber regulations: Track and translate evolving laws and guidance (e.g., NIS2, DORA, EU Cyber Resilience Act, sectoral breach rules, government‑contracting security) into actionable requirements for product and cloud services, partnering with stakeholders to land scalable processes.
  • Strengthen customer trust artifacts: Partner with Security, Product, and Customer‑Facing teams on Trust Center content, and security questionnaires to clearly articulate F5 and customer control boundaries and audit posture.
  • Enable secure‑by‑design delivery: Counsel on NIST SSDF practices, third‑party risk, SBOM posture, pen‑testing and coordinated vulnerability disclosure, data segregation, and identity/access controls across multi‑cloud and hybrid deployments.
  • Drive cross‑functional alignment: Work hand‑in‑hand with the Office of General Counsel colleagues (Business, Product, Commercial, Privacy/Compliance, IP) and security leaders to embed pragmatic, risk‑based guidance into roadmaps and contracts—ensuring security frameworks map cleanly to customer commitments.
  • Continuously improve programs: Develop playbooks, templates, and training; run post‑incident retrospectives; and streamline processes to increase speed, clarity, and defensibility.

Posted February 20, 2026

Bloomberg Industry Group –  Data Privacy Counsel (INDG)

Responsibilities:

  • Updating Records of Processing Activities (ROPA): Maintain existing ROPA (and adding new entries) to ensure accuracy & currency.
  • Privacy Impact Assessments: Conduct DPIAs, LIAs, and TIAs; maintain the assessment register; track mitigations.
  • Data Subject Rights: Fulfill DSARs end-to-end, including identity verification, data retrieval, response drafting, and evidence management.
  • Data Processing Agreements (DPAs): Draft and negotiate customer and vendor DPAs (as well as contract provisions associated with privacy); escalate complex or high-risk matters.
  • Vendor Due Diligence: Conduct privacy due diligence on vendors and manage routine DPAs.
  • Incident Response: Execute incident/breach runbooks, including evidence collection, reporting, and customer/vendor communication support.
  • Privacy by Design: Participate in Privacy by Design reviews within the SDLC/PLC, documenting advice and risk assessments.
  • Training & Awareness: Assist in development and delivery of privacy trainings.
  • Regulatory Monitoring: Conduct horizon scanning of evolving privacy laws; distill requirements into actionable obligations and communicate them to control owners.

Posted February 18, 2026

Georgia Institute of Technology –  Assistant General Counsel II – Privacy

Responsibilities:

  • Provide advice and counsel to Institute management, executive leadership and stakeholders on privacy matters. Independently determine the potential impact to campus and d recommend actions.
  • Monitor analyze, report and advise on emerging and any, proposed, or pending changes to existing global and U.S federal and state privacy laws, including FERPA, HIPAA, GDPR and PIPL and AI regulations such as the EU AI Act.
  • Independently manage targeted privacy projects and perform legal work on privacy matters in coordination and communication with affected stakeholders, including support of those negotiating data privacy documents, such as DPAs, SCCs and other documents. Maintain and update a comprehensive privacy policy and standards that adhere to privacy principles, University System Office mandates, and applicable regulatory requirements.
  • Coordinate and support, responses to internal or external queries and audits by regulators, government agencies, other authorities or external parties.
  • Work collaboratively with Cybersecurity team to establish data incident management protocols, perform scenario exercises, and advise on data incidents with external legal counsel input, as appropriate.
  • Interact with external counsel and representatives of the state Attorney General office and Board of Regents legal staff as appropriate on pending privacy matters and issues, particularly regulator queries, major data incidents or matters that pose conflicting regulatory requirements or significant risk or business complexities to the Institute.
  • Partner with other Data Privacy Office members to , develop and facilitate campus-wide and role specific education and data privacy training and supporting tools, processes, FAQs, etc.

Posted February 17, 2026

Toyota Tsusho America –  Legal Counsel, Privacy, Cybersecurity & Data Governance Manager

Responsibilities:

  • Operates Privacy Office for TAI and affiliates.
  • Operates the Information Governance program for TAI and affiliates.
  • Develops and maintains current knowledge of applicable cyber security and data privacy laws and standards.
  • Assists in the design, development, and implementation of policies and programs to assure compliance with such laws and standards.
  • Advises business divisions and corporate departments on managing cyber security, information governance, and data privacy legal risks.
  • Helps develop and deliver training and exercises.
  • Supports response team on incident preparedness and management.

Posted February 15, 2026

Arrive –  Global Data Privacy Counsel

Responsibilities:

  • Serve as a trusted strategic legal advisor to executive leadership, business unit and function heads, and the governance committees on global privacy, data protection, and cybersecurity risks, as well as opportunities aligned with rapid business growth and innovation.
  • Design, lead, and continuously evolve the global privacy and data protection program, ensuring it not only meets regulatory requirements but also supports scalable growth and competitive advantage in a fast-paced, high-growth environment.
  • Partner closely with product, technology, payments, data, software and hardware sales, marketing, and strategy teams to embed privacy-by-design and data governance principles into all data-driven and payment-related initiatives.
  • Advise on privacy, data protection, cross-border data processing, and emerging technologies (AI and machine learning), in connection with parking, public transport and other urban mobility technologies and data services (B2B, B2C), to help the company navigate these complex regulatory environments while accelerating innovation.
  • Balance risk management with enabling agility—help business units achieve their ambitious growth objectives without compromising compliance or customer trust.

Posted February 13, 2026

Leidos –  Assistant General Counsel- Data Privacy

Responsibilities:

  • Handling privacy and data protection-related inquiries from a wide range of stakeholders across the company and providing actionable advice and legal counsel
  • Reviewing, drafting and updating policies, procedures, and notices addressing the handling of personal information
  • Reviewing, drafting and negotiating privacy and data protection terms in various types of agreements (e.g., vendor/service provider agreements, customer agreements, data processing and data usage agreements, Business Associate Agreements)
  • Interpreting complex contractual privacy requirements, including flow-down obligations and risk allocation provisions common in government and prime–subcontractor relationships.
  • Advising in mission-critical, highly regulated environments where privacy compliance is foundational to trust, ethics, and contract performance. Providing advice on the development and implementation of the organization’s privacy program
  • Developing guidelines, training, and tools to support accountability and compliance across the organization
  • Monitoring relevant legislative developments, regulatory guidance, and enforcement actions relating to privacy and data protection in the jurisdictions in which the company operates
  • Advising on privacy considerations related to emerging technologies including artificial intelligence, data governance initiatives, and evolving regulatory frameworks, consistent with Leidos’ mission-critical and regulated operations.

Posted February 11, 2026

Arrow Electronics –  Counsel, Privacy, AI & Data Protection

Responsibilities:

  • Provide legal leadership on AI governance and responsible adoption of AI/ML/LLMs, including risk-based reviews, internal controls, documentation, and oversight mechanisms (e.g., transparency, accountability, human oversight).
  • Monitor and interpret AI legal and regulatory developments, and develop internal guidance/training aligned to best practices, frameworks, and evolving global and U.S. state automated decision-making laws.
  • Partner with AI/Data teams to implement legal, technical, and operational requirements for AI solutions as regulations and enforcement evolve globally; support development/review of Responsible AI documentation.
  • Advise on privacy and data protection laws and regulatory trends (e.g., U.S. state privacy laws, GDPR, sectoral requirements as applicable), and embed “privacy-by-design” into products and operations.
  • Lead and/or oversee privacy impact assessments and data protection impact assessments, and maintain core privacy program artifacts (e.g., records of processing, DPIAs/PIAs).
  • Partner with Marketing and digital teams on privacy requirements for cookies, pixels, SDKs, analytics/advertising technologies, and consent management practices.

Posted February 11, 2026

UnitedHealth Group –  Sr. Associate General Counsel, Cyber Security and Privacy – Remote

Responsibilities:

  • Analyze and advise on legal obligations related to UnitedHealth Group’s handling of personal and confidential information, including HIPAA, state privacy laws, U.S. federal privacy/security laws, and emerging global privacy regulations
  • Support compliance efforts related to cybersecurity, privacy, and data security frameworks and regulations (e.g., NYDFS)
  • Stay apprised of changing state/federal laws and requirements and develop practical recommendations on privacy/security requirements for business operations, vendor engagements, and product development
  • Assist with drafting, updating, and operationalizing privacy, cybersecurity, and data protection policies, procedures, standards, and guidelines
  • Lead and run a cyber event and investigation from discovery through investigation/forensics to fulfillment of state and federal notice requirements
  • Support the DGC in cyber incident preparedness and response, including participating in tabletop exercises and reviewing incident assessments
  • Assist in evaluating incidents involving personal or confidential data, privacy/security investigations, and regulatory reporting obligations
  • Monitor, interpret, and assist with implementation of new and emerging privacy, cybersecurity, and data protection laws
  • Review and advise on IT development, acquisition, and data architecture matters (e.g., data localization, cross border transfers)
  • Support legal analysis for insider risk and Red Flags program requirements
  • Partner with ESRO teams, Technology, Corporate Security, Communications, and other legal partners to deliver coordinated, well reasoned guidance
  • Assist business leaders in understanding privacy and cybersecurity risks and recommended mitigations
  • Provide consultative legal support to help business teams operate in compliance with privacy and cybersecurity expectations

Posted February 8, 2026

Exelixis –  Privacy Counsel

Responsibilities:

  • Provide practical, expert legal advice on US and global privacy and data protection laws (e.g., GDPR, CCPA/CPRA, HIPAA, etc.).
  • Review new business processes and initiatives to embed data security and privacy by design at conception and through implementation.
  • Contribute to team and resource development by participating in drafting sessions, sharing solutions, and contributing to the ongoing build out and refinement of playbooks and templates.
  • Lead discussions with business teams, deftly translating data protection requirements into business processes, policies, and compliance controls.
  • Review, draft, and when necessary, negotiate DPAs, SCCs, and other privacy terms when escalated by contracting teams.
  • Lead privacy impact assessments (PIAs), data mapping exercises, and risk mitigation strategies.
  • Enable compliance with cross-border data transfer requirements, by conducting and documenting transfer impact assessments (TIAs) to support SCCs, UK IDTA, and other mechanisms.
  • Monitor regulatory developments, assess and communicate timely to stakeholders the impact on business operations.
  • Support incident response and breach notification processes.
  • Develop and deliver privacy training and awareness programs.
  • Advise on AI, biometrics, and emerging technologies from a privacy perspective.
  • Identify and assess privacy and risks, translating complex legal concepts into clear, accessible language that enables business teams to make informed decisions.
  • Drive the development and continuous improvement of privacy program elements, including data protection playbooks, forms, contract templates, and resources.

Posted February 7, 2026

Dealer Tire –  Corporate Counsel, Privacy & Technology

Responsibilities:

  • Draft, review, and negotiate a broad array of information technology contracts—such as SaaS agreements, cloud hosting terms, data processing addenda, business associate agreements, professional service agreements, software licenses, and related statements of work;
  • Advise on domestic and global privacy and data protection laws, regulations, and standards (e.g., CCPA/CPRA, GLBA, HIPAA, state breach notification laws, GDPR, etc.), evolving legislative and regulatory frameworks, and emerging legal trends;
  • Advise IT and security teams on the legal implications of acquiring and developing new technologies, digital transformation initiatives, and strategic partnerships with technology providers;
  • Advise on privacy considerations related to emerging technologies, including artificial intelligence and data governance initiatives;
  • Draft, maintain, and continuously improve contract templates and commercial contracting playbooks, setting and reinforcing consistent application of approved negotiation positions while exercising judgment to allow for appropriate risk-based flexibility and escalation;
  • Evaluate and improve contracting processes and workflows, leveraging technology, automation, contract lifecycle management, and AI-enabled tools to drive efficiency, consistency, and scalability;
  • Collaborate with IT and security teams to develop policies and protocols for safeguarding confidential information, personal data, and critical systems, and advise on incident response plans, breach notification procedures, and risk mitigation strategies;
  • Support litigation investigations and discovery requests in privacy-related litigation

Posted February 6, 2026

Deltek – Associate Corporate Counsel, Privacy and Security

Responsibilities:

  • Monitoring and researching relevant privacy, data protection, data security, artificial intelligence, and cybersecurity laws, regulations, and risk management frameworks across multiple jurisdictions to ensure compliance.
  • Designing and reviewing internal policies, procedures, and standards relating to data protection, data security, cybersecurity, artificial intelligence, and data management.
  • Drafting and reviewing data-related clauses in contracts (Software and SaaS agreements, SOW’s, Professional Services agreements, RFP’s) and privacy and data security related questionnaires with clients, partners, and suppliers.
  • Coordinating advice with cross-functional stakeholders, including product, engineering, security, and other internal legal counsel.
  • Improving legal processes and facilitating collaboration.

Posted February 5, 2026

Harvey –  Privacy and AI Counsel

Responsibilities:

  • Assist in drafting, reviewing, and negotiating Data Processing Agreements with our customers, subprocessors, service providers, and third-parties.
  • Help develop, maintain, and scale global privacy programs. This includes preparing Data Protection Impact Assessments to identify and mitigate privacy risks and Records of Processing in accordance with regulatory requirements.
  • Work cross functionally with talented product and engineering teams in evaluating the impact of privacy and data protection laws and regulatory guidance on exciting product developments.
  • Monitor and respond to changes in privacy laws and regulations, including AI regulations.
  • Support implementation and ongoing compliance with AI-specific regulation, including the CCPA governance framework, and related guidance.
  • Assist in classification of AI systems, assessment of risk obligations, and development of internal AI governance controls, documentation, and processes.
  • Partner with legal, product, and compliance stakeholders on AI principles such as transparency, accountability, and human-oversight.

Posted February 4, 2026

Mapbox –  Head of Privacy / Lead Privacy Lawyer

Responsibilities:

  • Partner with our head of policy and engineering, product management, and infosec teams as the lead legal point of contact with regard to privacy and security through the product development lifecycle.
  • Partner with our head of policy and engineers and product teams to review new products and features to ensure compliance with applicable data protection laws.
  • Advise teams on legal issues related to management and use of data collected and processed by Mapbox products/services.
  • Review and edit DPAs and data privacy and security provisions in customer agreements and vendor questionnaires/RFPs. Strong drafting skills required.
  • Work with engineering and product teams to ensure that privacy-by-design is embedded into Mapbox products/services, including working with engineering and product teams on various technical and operational means to minimize and pseudonymize personal data.
  • Work with colleagues across the organization to continually improve compliance programs for privacy and data security, including GDPR and CCPA
  • Conduct general and role-specific privacy training.
  • Be the resident legal expert on sub processors’ activities, including data processing and data transfers, to advise relevant teams on privacy impact
  • Stay informed about, and advise on, regulatory and industry developments, including monitoring trends in privacy and security laws and regulations.
  • Develop customer collateral and resources, such as notes to customers, notices, disclosures, and privacy data sheets, to help customers and users assess the privacy impact of using Mapbox services and data transfer risks.

Posted February 3, 2026

Fanatics –  Sr Counsel – Privacy

Responsibilities:

  • Regulatory Compliance: Advise on compliance with U.S. and international privacy laws such as the CCPA/CPRA, GLBA, FCRA, CAN-SPAM, TCPA, and other state and federal privacy regulations.
  • Financial Privacy: Serve as subject matter expert on financial privacy laws including GLBA, Reg P, and applicable SEC and CFPB guidance for financial services or fintech-related operations.
  • Product & Data Counseling: Partner with product, engineering, and marketing teams to ensure privacy-by-design principles are embedded into products and services.
  • Policy & Program Development: Help design, implement, and maintain privacy policies, internal protocols, and training initiatives across the organization.
  • Contract Negotiation & Review: Draft and negotiate data protection agreements (DPAs), vendor agreements, and terms involving data sharing, retention, and security obligations.
  • Incident Response Support: Provide legal counsel on data breach and incident response activities, including notification obligations and coordination with regulators.
  • Regulatory Monitoring & Risk Assessment: Stay abreast of developments in U.S. privacy law and proactively assess their impact on the business. Recommend changes to mitigate legal and reputational risk.
  • Strategic Legal Support: Educate internal teams on legal risks and best practices in marketing and brand strategy.

Posted February 2, 2026

Flock –  Senior Counsel, Privacy & AI

Responsibilities:

  • Maintaining expertise on current and new data protection and AI laws and providing strategic counsel to stakeholders, translating complex legal requirements into clear and actionable guidance.
  • Serving as a trusted and strategic advisor to cross functional teams (e.g., product, engineering, security, marketing) to embed privacy by design into the product development lifecycle, operational workflows, and other company-wide initiatives.
  • The development, implementation, and continuous improvement of Flock’s privacy and AI compliance program including the creation and maintenance of data protection policies and standards, and data privacy risk assessments.
  • Drafting, negotiating, and advising on commercial terms related to privacy or AI, actively enabling and accelerating deals while appropriately managing risk.
  • Collaborating with Flock’s Privacy Engineering team to manage data subject requests and cookie compliance consistent with legal requirements and industry best practices.
  • Managing Flock’s privacy incident response program in collaboration with Information Security and senior leadership to review and triage potential privacy incidents, communicate effectively with internal and external stakeholders, and meet regulatory reporting requirements.
  • Supporting interactions with external counsel, auditors, and regulators to anticipate, influence, and respond to evolving privacy, data protection, cybersecurity, or AI regulations and issues.

Posted January 31, 2026

Shipt – Corporate Counsel, Privacy & AI

Responsibilities:

  • As a Corporate Counsel, Privacy & AI located in San Francisco, CA, Minneapolis MN or Birmingham, AL you will be responsible for supporting Privacy, Cybersecurity, and Artificial Intelligence initiatives in a highly collaborative, product-driven environment. You will serve as an individual contributor working day-to-day with Product, Engineering, Security, and Data teams to ensure compliance and thoughtfulness in building and deploying features.
  • While no two days are the same, you will spend a meaningful portion of your time on core privacy works such as product reviews, data use questions, and vendor assessments—while enabling responsible AI adoption. You will advise on privacy by design for new features, manage Privacy Impact Assessments (PIAs), and support incident response and breach analysis. You will collaborate cross-functionally with Security teams on risk assessments and partner with Product and Data teams to support the development of AI-enabled features and governance frameworks.

Posted January 27, 2026

Robert Half – Data Privacy Counsel

Responsibilities:

  • Monitor and understand existing and new privacy laws, regulations and other mandates related to the protection, use, collection, sharing and storage of data (including personal), including the impact of such laws, regulations, and mandates on the Company’s businesses. Accountable for researching, knowing and interpreting data privacy laws (including employment privacy laws) in North America and South America. Partner with the Company Global Privacy Office and Corporate Legal Department to assess the impact of changes to laws and regulations in the North America and South America region and to oversee the implementation of legal and regulatory changes to the Company’s processes.
  • Deliver high quality and timely data privacy related advice to internal stakeholders and offer pragmatic actionable guidance and solutions on the application, impact and implementation of applicable local privacy and data protection laws, working collaboratively across multiple teams and jurisdictions.
  • Investigate, identify issues, and make recommendations for resolutions in relation to issues of non-compliance with data privacy and local employment privacy laws and regulations in North America and South America.
  • Provide privacy advice, investigation, and remediation activities in relation to data subject rights, privacy related complaints, and communications with data protection authorities in North America and South America and provide support in relation to these matters in other jurisdictions.
  • Serve on global privacy committees and provide legal and strategic guidance on privacy activities and initiatives for the Company in North America and South America.
  • Counsel and assist with the development, review and resolution of privacy assessments and related ongoing compliance monitoring activities such as DPIAs/PIAs in North America and South America. Counsel and assist with the development and review of internal and external-facing privacy policies and program documents for the company in North America and South America.
  • Participate in the development, implementation, and ongoing compliance monitoring of the Company’s third-party providers to ensure privacy concerns, requirements, and responsibilities are addressed.

Posted January 27, 2026

Waymo – Privacy Counsel

Responsibilities:

  • Serve as a primary day-to-day privacy legal counsel for Waymo product, engineering and AI/ML research teams, driving “Privacy by Design” reviews for complex sensor data, computer vision, and model training initiatives from ideation to launch.
  • Collaborate with internal stakeholders, including across Legal, Rider Support, Engineering, Product, Security, People, and Research, to ensure privacy considerations and customer needs are integrated into business initiatives and roadmaps.
  • Advise on the impact of emerging U.S. and foreign privacy laws and regulations, and help develop practical solutions and compliance frameworks to address new requirements.
  • Collaborate closely with the InfoSec and Engineering Security teams to manage incident response, data governance, and third-party security assessments.
  • Draft and negotiate complex data protection terms in strategic partnerships, vendor agreements, and supply chain contracts to support business operations, market expansion, and product development.

Posted January 27, 2026

Lucid Motors – Sr. Counsel, Privacy

Responsibilities:

  • Serve as a privacy subject matter expert to the organization and provide practical, timely counsel in response to business concerns and requests
  • Partner closely with our HR, IT, compliance, engineering, procurement and other business teams on privacy and data protection-related matters to deliver practical and business-minded legal advice
  • Provide legal support to work streams and processes relating to the rollout and maintenance of privacy compliance programs
  • Advise operational and governance teams on regulatory requirements across existing and developing local market privacy programs including in Asia, EU, and the Kingdom of Saudi Arabia
  • Evaluate and internally report on the impact of U.S., European, and international legislative, regulatory, legal developments and industry guidelines involving privacy and drive compliance strategies
  • Track, evaluate, and internally report on the impact of and developments relating to new and pending international and US privacy and data protection, and translate that into practical, effective advice; and support compliance efforts related to these laws
  • Drive privacy-by-design and default through the product development process
  • Counsel the organization in support of new business models or new technology offerings
  • Engage and manage outside counsel as necessary
  • Assist in the preparation and submission of reporting and applications to the appropriate data processing authorities
  • Review, revise, and negotiate privacy and security provisions within contractual agreements

Posted January 25, 2026

Taxwell – Privacy & AI Legal Counsel

Responsibilities:

  • Advise on operational privacy matters and U.S. state consumer privacy laws, including CCPA/CPRA, GLBA, Internal Revenue Code Section 7216, and other applicable regulations.
  • Draft, review, and negotiate data protection agreements, vendor agreements, and technology-related commercial contracts.
  • Partner with GRC and compliance teams to support governance frameworks, risk and privacy assessments, and internal audit activities.
  • Support AI governance efforts, including vendor diligence and review of generative AI and LLM tools to ensure responsible use and compliance.
  • Collaborate closely with IT, cybersecurity, product, development, and marketing teams on privacy and AI implementation issues.
  • Monitor and interpret evolving AI and privacy regulations and translate requirements into practical internal guidance, policies, and training.
  • Advise on privacy and data protection considerations related to cookies, pixels, SDKs, and other online tracking technologies used for analytics, marketing, and advertising, including consent management solutions.

Posted January 24, 2026

Beacon Hill –  Assistant General Counsel – Data Privacy

Responsibilities:

  • Advise on U.S. data privacy compliance and risk management
  • Monitor and implement responses to emerging privacy laws and guidance
  • Draft and negotiate data protection and commercial agreement terms
  • Support privacy impact assessments, incident response, and data subject requests
  • Collaborate with cross-functional teams and outside counsel

Posted January 21, 2026

Gates Foundation –  Principal Counsel, Data & Privacy

Responsibilities:

  • Support a global data privacy program, including global compliance, policy and guidance, notice and legal bases, data subject requests, agreements, records of processing activities, data impact assessments, and transfer impact assessments.
  • Continuously identify and implement process and tooling improvements to enhance data privacy program maturity and efficiency.
  • Provide legal guidance regarding a variety of enterprise data privacy issues.
  • Provide tactical and strategic legal guidance regarding the processing of personal data, including compliance, data classification, data protection, lifecycle management, and data governance.
  • Translate legal requirements into plain language policies, processes, and guidance that are risk-based, practical, and scalable.
  • Review, draft, and negotiate data-related agreements and terms, and develop related templates, playbooks, guidance, and processes.
  • Develop and deliver effective training across all functions, offices, and levels of the foundation and its subsidiaries.
  • Collaborate with technical, operational, and programmatic teams to translate privacy principles and responsible AI principles into pragmatic solutions.
  • Work with colleagues, outside counsel, and third parties across jurisdictions, cultures, time zones, and collaboration tools.
  • Integrate AI/ML tools into daily work to streamline research, drafting, and collaboration.

Posted January 21, 2026

Snowflake –  Corporate Counsel 2 – Privacy & Data Compliance

Responsibilities:

  • Provide practical legal guidance on privacy and data compliance requirements for new and emerging technologies.
  • Partner cross-functionally with Product, Engineering, Security, Compliance and Go-To-Market teams to embed privacy-by-design into products and processes.
  • Support and help scale Snowflake’s global privacy and data compliance programs, including GDPR and other evolving regulatory frameworks.
  • Translate complex legal and regulatory requirements into clear, actionable guidance for technical and business stakeholders.
  • Identify, assess and mitigate privacy and data protection risks while enabling business objectives.
  • Contribute to global privacy reporting, documentation, and regulatory readiness efforts.
  • Collaborate closely with Legal and Privacy team members, sharing knowledge and supporting a culture of teamwork and continuous improvement.
  • Develop and automate processes to scale efficiencies and compliance controls
  • Develop and iterate on privacy-related notices, policies, procedures, and guidelines.
  • Assist corporate, product, and marketing teams with developing marketing collateral to tell our privacy and data compliance story.
  • Research and evaluate the applicability and impact of global privacy and data compliance laws, legislation and regulatory guidance.

Posted January 21, 2026

Electronic Arts (EA) –  Counsel, Privacy

Responsibilities:

  • Partner with the Privacy Team to design, implement, and continuously enhance a comprehensive global privacy program focused on risk assessment, control design, compliance monitoring, and long-term program evolution.
  • Advise on complex or high-risk privacy issues in game development, deployment, live services, marketing/ad-tech, marketplace/commerce tools, and player engagement features.
  • Act as the primary legal partner for central technology and engineering organizations, embedding privacy-by-design from concept through launch across shared platforms, back-end systems, cross-game infrastructure, and enterprise-wide internal tools.
  • Shape and refine internal privacy and data governance policies, playbooks, and practical guidance.
  • Deliver legal research and actionable advice on emerging global privacy regulations, while building subject-matter expertise on key laws and issues.
  • Guide vendor and partner privacy diligence, including third-party integrations such as SDKs, ad-tech, analytics, and cloud providers.
  • Contribute to incident response readiness and execution, including data breach investigations, regulator notifications, and player- and employee-facing communications.
  • Support responses to regulator inquiries, audits, and investigations, in collaboration with cross-functional partners.
  • Develop targeted training and awareness programs for studios, engineers, and business partners to reinforce privacy and data protection best practices.
  • Track organizational processes and internal controls, conduct effectiveness reviews, and complete documentation (such as PIAs/DPIAs, and RoPAs) to demonstrate compliance and drive continuous improvement.

Posted January 18, 2026

Sage –  Legal Counsel – Privacy

Responsibilities:

  • In this role, your day-to-day activities involve leveraging your expert knowledge of North American data protection laws, including CCPA, CPRA, PIPEDA etc, to provide high-quality, commercially focused and timely legal advice to stakeholders across Sage.
  • You will collaborate closely with regional legal privacy colleagues on cross-border legal and business initiatives, fully contributing to a consistent approach to legal delivery globally, ensuring effective execution of strategic outcomes at scale.
  • You will contribute to maintaining Sage’s data privacy compliance framework, including policy review and development, while supporting the creation of external-facing materials such as privacy notices and consent notices.
  • You will build and maintain a strong network of business and functional colleagues to ensure collaborative, effective execution of outcome focussed legal privacy advice.
  • Your role also entails identifying and mitigating privacy risks, providing expert input on data protection compliance activities, and supporting product and engineering teams in implementing privacy by design principles.
  • Furthermore, for the Sage businesses in North America you will lead advisory efforts on cookies, similar technologies, and digital advertising, contribute to the management of the data privacy operating model, act as a key contact for North American local legal and data privacy matters, and develop and deliver training materials to colleagues across Sage.

Posted January 17, 2026

Drake Software –  Privacy & AI Legal Counsel

Responsibilities:

  • Advise on operational privacy matters, state consumer privacy laws, GLBA, Internal Revenue Code Section 7216, and other applicable regulations.
  • Draft, review, and negotiate data protection agreements, vendor contracts, and technology-related contracts.
  • Partner with GRC to strengthen governance frameworks and conduct risk and privacy assessments and internal audit functions.
  • Support AI governance and vendor diligence, ensuring responsible adoption of generative AI and LLM technologies.
  • Collaborate cross-functionally with IT, cybersecurity, product, development and marketing teams on AI adoption and data privacy matters.
  • Monitor and interpret AI and consumer privacy regulations to ensure compliance with applicable laws when implementing AI tools and other technologies and develop internal guidance and training on relevant topics.
  • Advise on privacy and data protection issues related to cookies, pixels, SDKs, and other tracking technologies used for analytics, marketing, and advertising, including oversight of analytics tools and consent management solutions.

Posted January 16, 2026

Exelixis –  Privacy Counsel

Responsibilities:

  • Provide practical, expert legal advice on US and global privacy and data protection laws (e.g., GDPR, CCPA/CPRA, HIPAA, etc.).
  • Review new business processes and initiatives to embed data security and privacy by design at conception and through implementation.
  • Contribute to team and resource development by participating in drafting sessions, sharing solutions, and contributing to the ongoing build out and refinement of playbooks and templates.
  • Lead discussions with business teams, deftly translating data protection requirements into business processes, policies, and compliance controls.
  • Review, draft, and when necessary, negotiate DPAs, SCCs, and other privacy terms when escalated by contracting teams.
  • Lead privacy impact assessments (PIAs), data mapping exercises, and risk mitigation strategies.
  • Enable compliance with cross-border data transfer requirements, by conducting and documenting transfer impact assessments (TIAs) to support SCCs, UK IDTA, and other mechanisms.
  • Monitor regulatory developments, assess and communicate timely to stakeholders the impact on business operations.
  • Support incident response and breach notification processes.
  • Develop and deliver privacy training and awareness programs.
  • Advise on AI, biometrics, and emerging technologies from a privacy perspective.
  • Identify and assess privacy and risks, translating complex legal concepts into clear, accessible language that enables business teams to make informed decisions.
  • Drive the development and continuous improvement of privacy program elements, including data protection playbooks, forms, contract templates, and resources.

Posted January 14, 2026

The Johns Hopkins University – Associate General Counsel & Privacy Officer

Responsibilities:

  • Advise the university on legal issues related to applicable consumer and education-related privacy obligations, including but not limited to FERPA, HIPAA, GDPR, MODPA, CCPA, and other privacy and data regulations.
  • Collaborate with Johns Hopkins University Health System (“JHHS”) counsel and privacy officials on privacy matters that affect both JHU and JHHS.
  • Serve as the primary point of contact for non-clinical data privacy compliance for the university.
  • Revise and/or develop appropriate policies to implement safeguards to protect non-clinical records and data.
  • Develop contractual addendums, terms and conditions, and standard clauses for compliance with evolving domestic and global privacy regulations.
  • Engage with data governance programs on data handling best practices.
  • Manage and provide advice for practices around the data governance and protection impact assessment process, data use agreements, and data management plans.
  • Manage the data subject access request process.
  • Coordinate with university IT, the University Registrar, and other offices, and serve as the point of contact for the supervisory authority, if issues arise.
  • Partner with the Chief Risk Officer and Deputy Chief Risk Officer to lead the university’s Incident Response Team through process development and coordination of incident and breach response, including interfacing with data security experts, outside counsel, and in-house counsel when required.

Posted January 13, 2026

Zillow – Senior Counsel, Privacy & Data

Responsibilities:

  • Advise product, engineering, and data teams on privacy, data protection, and responsible data use in connection with new features, products, and initiatives.
  • Partner with teams throughout the product lifecycle to implement Privacy by Design and Responsible Data Use principles.
  • Counsel on issues related to data collection, sharing, retention, analytics, and AI/ML model training, including de-identification and synthetic data.
  • Review customer-facing services, disclosures, and terms to ensure transparency and compliance with applicable data and privacy laws.
  • Counsel transactional teams on data use rights, cross-border transfers, information security obligations, and vendor risk management.

Posted January 13, 2026

Genmab – Associate Director Global Privacy, Data & Digital Counsel

Responsibilities:

  • Advise on global privacy and data protection matters across jurisdictions (GDPR, CCPA/CPRA, APPI, PIPL, etc.), ensuring compliance in Genmab’s scientific, digital, and operational activities.
  • Support the implementation and evolution of Genmab’s Global Privacy Program, including Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs).
  • Support the development of templates and negotiation playbooks for the Legal, Procurement and other relevant business teams to draft, review, and negotiate data processing agreements (DPAs), standard contractual clauses (SCCs), and other privacy-related contractual terms. Provide support for any privacy and data protection contract related escalations.
  • Provide legal input into data governance, cross-border data transfers, and privacy-by-design initiatives within Genmab’s R&D and digital ecosystems.
  • Support investigation and/or management of any privacy or data protection related incidents and, if applicable, support the Global Data Protection Officer and regional Data Protection Officer(s) with any required reporting obligations arising from such incidents.

Posted January 9, 2026

Waymo – Privacy Counsel

Responsibilities:

  • Serve as a primary day-to-day privacy legal counsel for Waymo product, engineering and AI/ML research teams, driving “Privacy by Design” reviews for complex sensor data, computer vision, and model training initiatives from ideation to launch.
  • Collaborate with internal stakeholders, including across Legal, Rider Support, Engineering, Product, Security, People, and Research, to ensure privacy considerations and customer needs are integrated into business initiatives and roadmaps.
  • Advise on the impact of emerging U.S. and foreign privacy laws and regulations, and help develop practical solutions and compliance frameworks to address new requirements.
  • Collaborate closely with the InfoSec and Engineering Security teams to manage incident response, data governance, and third-party security assessments.
  • Draft and negotiate complex data protection terms in strategic partnerships, vendor agreements, and supply chain contracts to support business operations, market expansion, and product development.
  • Experience with understanding cross-functional perspectives and navigating ambiguity. Ability to identify and create streamlined processes to support a growing company.

Posted January 6, 2026

Hyundai Motor Company – Counsel, Privacy & Cybersecurity

Responsibilities:

  • Partner in the implementation, maintenance and adherence to the company’s privacy strategy and program.
  • Assist in the implementation and maintenance of the California Consumer Privacy Act, California Privacy Rights Act, Virginia Consumer Data Protection Act, and other state and federal privacy legislation/regulation.
  • Analyze Privacy Impact Assessments.
  • Serve as privacy subject matter expert to the Company for all departments and appropriate entities.
  • Support the company’s internal privacy awareness program.
  • Contribute towards the development, implementation, maintenance, and adherence to the company’s privacy strategy and program. Ensure that privacy practices are in place and compliant with applicable laws and industry-specific regulations.
  • Maintain current knowledge of applicable federal and state privacy and cybersecurity legislation and regulation and monitor industry trends and advancements to ensure company adaptation and compliance.
  • Assist with the analysis and coordinated response to legal process.
  • Counsel business units, parent company, and affiliates on data privacy and cybersecurity legal requirements for HMA products and services, including Internet of Things (IoT) efforts such as vehicle telematics, mobile apps, and wearables.
  • Provide cybersecurity legal and regulatory counsel to the company in order to mitigate risks associated with a cybersecurity or privacy breach.
  • Monitor HMA’s & GMA’s data usage including vehicle technologies, data usage rights, data ownership with partners, vendors and affiliates, online behavioral advertising, mobile device usage, social media, etc. Create data maps and support updates to same.
  • Assist in corporate alignment to industry privacy and cybersecurity frameworks (ISO, NIST, including, without limitation, ISO 27001 & 27701 and CIS 18.

Posted January 3, 2026

Toyota Tsusho America –  Legal Counsel, Privacy, Cybersecurity & Data Governance Manager

Responsibilities:

  • Operates Privacy Office for TAI and affiliates.
  • Operates the Information Governance program for TAI and affiliates.
  • Develops and maintains current knowledge of applicable cyber security and data privacy laws and standards.
  • Assists in the design, development, and implementation of policies and programs to assure compliance with such laws and standards.
  • Advises business divisions and corporate departments on managing cyber security, information governance, and data privacy legal risks.
  • Helps develop and deliver training and exercises.
  • Supports response team on incident preparedness and management.

Posted January 3, 2026

Solventum –  Senior Managing Counsel, Privacy & Cybersecurity (Americas)

Responsibilities:

  • Provide expert legal counsel to Privacy and Cybersecurity teams to ensure compliance with contractual commitments and regulatory obligations related to data privacy and security.
  • Conduct privacy and data protection impact assessments to ensure sensitive health data is used in compliance with privacy regulations and contractual rights.
  • Advise cybersecurity teams on incident response and investigations, ensuring proper documentation to minimize risks, protect privacy, and fulfill legal obligations during and after security incidents.
  • Collaborate with Procurement and business contracting teams to draft, negotiate, and maintain privacy/data protection terms in contracts and agreements.
  • Lead the company’s legal response to product vulnerabilities, information security breaches, and cyber events, including advising on regulatory notifications at federal, state, and international levels.
  • Counsel IT operations, security teams, and business units on developing and implementing cybersecurity plans, incident response strategies, and compliance with industry standards and regulations.
  • Work closely with Cybersecurity, Procurement, and Legal teams to manage third-party risks, including creating contract templates, negotiation frameworks, and advising on third-party audits and assessments.
  • Advise on the de-identification, pseudonymization, and anonymization of sensitive health data.
  • Provide guidance to business and product teams on data handling requirements based on sensitivity and compliance standards.
  • Implement “privacy by design” principles in product development processes and contribute to product risk assessments.

Posted January 1, 2026

*  *  *

Looking for an older job listing? In an effort to keep this page as up-to-date as possible, we have moved Job Listings older than the date above to our Condensed Job Listings page. We hope this comprehensive list will allow you to see the many different career opportunities that exist in Privacy and Data Security Law.