PRIVACY LAW JOB LISTINGS

This page gathers privacy job listings. Please write to us if you know of privacy law job listings we should include.

NOTE: As we often don’t know when positions are filled, not all positions listed on this page are still open. Posted dates are approximations.

Check links for further details, including salary, qualifications, location, and responsibilities.

We advise you to apply even if you don’t quite meet requirements for years of experience, as employers often don’t adhere strictly to such requirements.

* * *

Asana – Lead Privacy Counsel

Responsibilities:

Provide clear and practical advice to various teams throughout Asana on privacy and data protection laws, privacy-by-design, and data governance.
Develop and implement strategies around compliance with new and developing privacy and cybersecurity laws.
Help the business achieve their goals by advising on global compliance needs for customers in regulated industries like financial services, healthcare, and government.
Support Asana’s efforts towards achieving FedRAMP.
Keep up to date with new and existing data protection regulations and regimes, including but not limited to GDPR, LGPD, state privacy laws, privacy related AI regulations, and data transfer mechanisms.
Conduct DPIAs, privacy assessments, legitimate interest assessments, and other assessments for internal data processing activities and third-party vendors.
Be an ambassador for Asana’s privacy, data governance, and regulatory compliance program by delivering training and building out documentation and other programming.
Support global incident response and mature documentation and procedures.
Contribute to Asana’s global growth by supporting global privacy, data protection, and data governance initiatives.

Posted March 01, 2025

Clarivate – Privacy Legal Counsel

Responsibilities:

Serve as privacy lead for the Academic and Government business segment of Clarivate
Serve as primary contact for privacy and data protection related inquiries from internal stakeholders and customers
Provide actionable advice and legal counsel on privacy and data protection requirements and privacy-by-design best practices to product teams
Draft and negotiate privacy related provisions in commercial agreements, including data processing agreements
Operate across a range of privacy laws and frameworks, including GDPR, COPPA, CCPA/CPRA and other U.S. state privacy laws, PIPEDA
Work collaboratively and cross-functionally with colleagues and stakeholders to drive privacy-forward solutions for long term strategic efficiency
Assist the business in improving processes and systems to meet or exceed privacy and data protection compliance requirements, with an eye toward scalable and sustainable practice
Provide employee training and raise awareness on privacy and data protection obligations
Stay abreast of global privacy and data protection laws, regulations, and enforcement actions

Posted March 01, 2025

Alliant – The Audience Company – Counsel, Privacy, Security & Data Governance

Responsibilities:

Monitor for current and emerging regulatory developments (CCPA/CPRA; other State privacy and data broker laws; FCRA, FTC marketing guidance and more) and translate legal terms into data governance and privacy business requirements, providing regular updates to leadership and stakeholders.
Establish and manage data governance rules to work cross team to operationalize to enable principles such as privacy by design; data minimization; data suppressions, consent, DPIAs etc. as required.
Oversee data lifecycle management and ensure compliance, including data ingestion, classification, retention, and disposal processes.
Define and implement processes, workflows, and training material to equip support teams with the tools needed to maintain compliance.
Assist the team to record data protection impact assessments where required, and to identify and implement privacy controls and safeguards to mitigate risks.
Draft privacy notices and review consumer-facing material, including marketing and communications campaigns, for compliance with applicable privacy and data governance and protection requirements.
Maintain and update records of processing activities and data maps for all personal data processing activities, ensuring adherence to data protection laws, regulations, and standards.
Provide counsel and oversight to ensure preparedness for managing potential data security incidents and other events in compliance with regulatory and disclosure requirements including leading incident investigations, conducting data breach analysis and response efforts, investigations and managing third-party and insider risk assessments.

Posted March 01, 2025

Medidata Solutions – Senior Counsel, Privacy & AI

Responsibilities:

Commercial Support: Partner with Medidata’s commercial team on matters relating to data privacy during contract negotiations with Medidata’s customers and partners.
Product Counseling: Advise Medidata’s R&D and Product teams on privacy-by-design best practices, including providing actionable advice on data privacy, data use, and data security requirements.
Privacy & AI Governance Program Support: Provide counsel and support to Medidata’s Privacy & AI Governance Program, including policy reviews, policy updates, assessment management, and audit support.
Cross-Functional Support: Coordinate with cross-functional partners such as our information security and global compliance teams on privacy related issue management.
Awareness: Maintain awareness of global privacy laws and regulations, and proactively advise Medidata’s business teams on the impact of developments in the law.
Regulatory Affairs: Engage and support Medidata’s leadership in privacy-focused industry groups.

Posted February 28, 2025

Lowes – Senior Corporate Counsel – Privacy, Compliance, and AI Governance

Responsibilities:

Privacy Program Development: Lead the design and implementation of a robust privacy program that aligns with business objectives and regulatory requirements, ensuring effective risk management and operational excellence.
Compliance Oversight: Monitor and ensure compliance with applicable privacy laws and regulations, including GDPR, CCPA, and other relevant frameworks. Develop policies and procedures to maintain compliance.
AI Governance: Provide legal guidance on the ethical and compliant use of AI technologies, advising on risk assessments, data usage, and regulatory considerations.
Product Counsel Participation: Collaborate with cross-functional teams, including product development, engineering, and data science, to integrate privacy-by-design principles into the product lifecycle.
Privacy Operations Management: Oversee day-to-day privacy operations, including data subject requests, privacy impact assessments, and incident response planning.
Training and Awareness: Develop and deliver training programs on privacy compliance and best practices to foster a culture of privacy within the organization.
Stakeholder Engagement: Serve as a key point of contact for privacy-related inquiries, working closely with internal stakeholders, senior management, and external partners.
Regulatory Liaison: Engage with regulatory bodies and industry groups to stay abreast of changes in privacy laws and emerging trends, representing the company’s interests.

Posted Feb. 26, 2025

Generac – Corporate Counsel – Regulatory & Data Privacy

Responsibilities:

Provide actionable, risk-based advice on global product and data privacy regulation
Develop and implement policies and processes to champion best practices and product and data privacy regulatory compliance
Direct and oversee outside counsel in matters of product regulation and data privacy
Partner with other members of the Legal Department, and business and functional team, to provide strategic, business-oriented legal guidance to aid the successful execution of initiatives
Perform other responsibilities as assigned

Posted Feb. 25, 2025

VF Corporation – Senior Counsel, Privacy & Cyber Security

Responsibilities:

Your primary responsibility as Senior Counsel, Cyber Security & Privacy, is to provide in-house privacy and cybersecurity expertise; including, support of the Cyber Security Program throughout VF and its brands, with a focus on the Americas region as well as global coordination with other VF regions. This also includes strategic direction of the Americas Privacy Operations and Compliance Program to ensure an enterprise-wide approach to consumer and employee privacy that reflects compliance with law, strong data ethics and a commitment to transparency and integrity.

Posted Feb. 20, 2025

Kerwin Associates – Associate General Counsel, Product, Privacy and AI

Responsibilities:

Be an integral member of company-wide and legal team leadership, helping scale the business and the legal function at Anaconda.
Serve as the subject matter expert for product, privacy, AI and IP matters while building out a high-impact legal team supporting the same.
Product: Lead, manage, and build out a high-impact Product Legal function alongside Product and Engineering leadership, including building out a product counseling and engineering advising processes that is scalable and strategic and deeply operational in nature.
Privacy: Build out operational and compliance related requirements regarding internal and external data usage, including managing external privacy providers and software vendors, leading process enhancements, and serving as the go-to escalation point for privacy related issues.
AI: Provide internal and external thought leadership regarding Anaconda’s AI usage among a variety of stakeholders, helping propel smart AI usage given Anaconda’s products offering that serve as the foundational platform for AI
IP: Own IP strategy, including developing a defined point of view on issues related to our open source community, our patent and trademark portfolio, and ways to communicate and operationalize the same.
Commercial: Partner closely with commercial legal to ensure product legal approach matches commercial legal approach and that data expertise on our commercial team is leveraged, integrated and organized effectively.
Partner closely with our Security and IT teams, including on all things data and data flows, risk-appropriate guidance, incident response, policies and procedures, compliance offerings, risk management, and other areas of shared interest and responsibility.

Posted Feb. 19, 2025

Barnes & Noble Education – Vice President, Associate General Counsel and Chief Privacy Officer

Responsibilities:

Advise on North American privacy and data protection laws, including CCPA, as amended, PIPEDA, HIPAA, and GDPR and other relevant laws, rules and regulations pertaining to consumer privacy, data security and emerging technologies such as artificial intelligence.
Provide legal guidance on AI-related issues, including compliance with laws regulating automated decision-making, algorithmic transparency, and the use of artificial intelligence for consumer profiling and inference generation.
Draft, review, and negotiate legal agreements with privacy and artificial intelligence implications, including data protection agreements, data protection impact assessments, technology contracts, artificial intelligence development/vendor agreements and other relevant documents
Comprise part of triage incident response team and manage responses to cybersecurity incidents, investigations, and compliance matters in collaboration with the Chief Information Officer, Chief Information Security Officer, and Information Security Team.
Monitor and analyze legal developments in privacy and artificial intelligence to identify potential risks and opportunities, ensuring the organization remains proactive in adapting to regulatory changes.
Develop and update corporate policies related to privacy, cybersecurity, records retention, the ethical use of artificial intelligence technologies, and data governance.

Posted Feb. 18, 2025

World – Deputy General Counsel, Global Privacy

Responsibilities:

Member of legal leadership, helping to build and support the strategy for the legal team in collaboration with other legal leads.
Lead and help develop our Privacy Legal team, responsible for privacy, security and AI related legal guidance, in partnership with other legal teams.
Responsible for compliance efforts with globally privacy and data protection regulations around the world, through the development and maintenance of a global privacy program, including training, auditing, reporting, and more.
Establish and maintain relationships with regulatory, governmental, industry, and peer groups on privacy and data security issues.
Oversee Privacy related regulatory investigations response work, in partnership with the Market Operations Legal and Regulatory and Litigation teams.
Work closely with legal subject matter experts to ensure privacy regulatory compliance.
Act as legal POC for the Information Security team, including on incident response matters.
Help scale the legal organization by developing innovative processes in partnership with other legal teams to support privacy initiatives in a fast-moving Engineering, Product, and Design teams.
Stay abreast of emerging legal trends and best practices in the tech industry, and provide thought leadership within the legal team and the company.
Inspire and energize the Privacy team, empowering each teammate to do the best work of their lives.

Posted Feb. 18, 2025

Snap Inc. – Counsel, Privacy & Cybersecurity

Responsibilities:

Partner closely with Snap’s Engineering Security team to provide legal and strategic advice on a range of matters, including vendor due diligence and third party privacy and security assessments, governance, risk and compliance, and privacy and security incident response
Collaborate with stakeholders to help create, improve, and enforce Snap’s data security policies, standards, and practices, assuring they meet global legal requirements
Ensure Snap’s data processing globally complies with all applicable privacy laws, including the EU General Data Protection Regulation (GDPR) and state and federal consumer protection and privacy laws
Partner with Product Counsel on complex issues as they emerge in the development of new products and technologies, including privacy, data security, and encryption
Help continue to improve over time Snap’s privacy-by-design requirements, working closely with Snap’s Privacy Engineering team
Analyze potential legal risks and regulatory requirements for new products and technologies
Conduct privacy due diligence reviews, privacy impact assessments, and integration plans for potential acquisitions and partnerships
Help draft public-facing descriptions of new products and technologies
Track and analyze proposed, pending and new domestic and global privacy, data security, and consumer legislation that could impact the business and recommend any potential or necessary modifications to practices, as well as advise Policy team on lobbying priorities
Conduct periodic privacy and security trainings across the company

Posted Feb. 15, 2025

Department of Justice – Commissioner for Data Protection

Responsibilities:

The mission of the Data Protection Commission (“the DPC”) is “Safeguarding data protection rights by driving compliance through guidance, supervision and enforcement”. The DPC is the national independent authority in Ireland responsible for upholding the fundamental right of individuals in the European Economic Area (EEA) to have their personal data protected. Accordingly, the DPC is the Irish supervisory authority responsible for monitoring the application of the General Data Protection Regulation (GDPR), which has applied from the 25th of May 2018. The GDPR provides for higher standards of data protection for individuals and imposes more detailed obligations on bodies in the public and private sectors that process personal data.

There are currently two Commissioners for Data Protection, who were appointed by Government with effect from 20 February 2024. It is intended to appoint one further Commissioner, on the conclusion of this competition. The successful candidate will be appointed as Commissioner for Data Protection for a 5-year term in accordance with the governing legislation.

Posted Feb. 14, 2025

SpaceX – Counsel, Data Protection & Privacy

Responsibilities:

Advise on and manage compliance with data protection laws in markets where we operate around the world
Drive initiatives to meet data protection best practices and regulatory requirements, in partnership with other attorneys, and the customer success, IT, and security teams
Maintain subject matter expertise in multiple areas of privacy, evaluating the impact of relevant global requirements and regulatory guidance
Respond to inquiries from data protection regulators
Negotiate data privacy and security provisions with suppliers, partners, and enterprise customers
Assist with incident response and related regulatory engagement
Communicate, educate, and train employees on data protection and privacy issues

Posted Feb. 14, 2025

CLEAR – Privacy Counsel

Responsibilities:

Own privacy and data protection-related inquiries from external stakeholders, senior leadership, and across the company, providing strategic and practical advice on legal requirements and compliance
Provide counsel on regulatory developments, including the ongoing monitoring and tracking of trends in privacy and security laws, enforcement, regulations, and public policy
Design, implement and enhance the company’s privacy framework, including policies, processes and procedures, and conduct awareness and training efforts to enhance team members’ understanding of data privacy obligations and compliance, data privacy policies, data handling practices and procedures
Scope international privacy compliance requirements to support our expanding business, and collaborate with technology and product stakeholders to ensure that CLEAR meets those requirements
Own implementation of compliant solutions to existing and new legislative and regulatory developments to ensure ongoing compliance
Oversee drafting, review, and negotiation of data protection templates and assist as needed with other privacy-related contractual terms with vendors, partners, and customers

Posted Feb. 14, 2025

KAYAK – Senior Privacy and Security Counsel

Responsibilities:

Lead and enforce a global privacy program, aligning with senior partners and global cross-functional teams.
Partner with Commercial, Partnerships, Engineering, Product, and Security teams to provide guidance on privacy laws and global regulations (e.g., GDPR, CPRA, FTC).
Counsel on product, privacy, and regulatory matters, serving as an expert on global privacy, data, product design, and information security.
Identify and mitigate risks in product, regulatory, privacy, and AI spaces while building scalable innovation processes.
Draft and negotiate detailed privacy agreements, including those with AI components or integration partnerships.
Write public-facing product and privacy disclosures, disclaimers, and terms of use.
Maintain expertise in global privacy and consumer protection laws relevant to our brands

Posted Feb. 11, 2025

Mastercard – Senior Counsel

Responsibilities:

Engage with business and legal stakeholders to conduct privacy by design reviews for new features of the Dynamic Yield personalization platform and decision engine, and accelerate Mastercard’s initiatives related to digital commerce.
Support synergies between personalization platform and other Mastercard technology such as loyalty products and services while: (i) ensuring compliance with corporate standards and privacy and data protection laws including GDPR, GLBA, HIPAA and CCPA, (ii) coordinating with regional counsel to ensure compliance with other laws, and (iii) engaging with outside counsel when needed.
Draft and negotiate data processing terms and agreements with vendors and customers, including in relation to international data transfers, consent and notice representations and other liabilities.
Review privacy policies and documentation practices, and overall data practices.
Identify business requirements resulting from new and evolving privacy laws and regulations and provide guidance and thought leadership on topics relevant to the Services organization, including but not limited to cookie regulations and artificial intelligence.
Educate the business on legal developments and controls for the further development of products and services within the Services organization.
Document and update a range of stakeholders including executives on identified privacy compliance gaps and recommended remedial measures.

Posted Feb. 07, 2025

Medidata Solutions – Senior Counsel, Privacy & AI

Responsibilities:

Commercial Support: Partner with Medidata’s commercial team on matters relating to data privacy during contract negotiations with Medidata’s customers and partners.
Product Counseling: Advise Medidata’s R&D and Product teams on privacy-by-design best practices, including providing actionable advice on data privacy, data use, and data security requirements.
Privacy & AI Governance Program Support: Provide counsel and support to Medidata’s Privacy & AI Governance Program, including policy reviews, policy updates, assessment management, and audit support.
Cross-Functional Support: Coordinate with cross-functional partners such as our information security and global compliance teams on privacy related issue management.
Awareness: Maintain awareness of global privacy laws and regulations, and proactively advise Medidata’s business teams on the impact of developments in the law.
Regulatory Affairs: Engage and support Medidata’s leadership in privacy-focused industry groups.

Posted Feb. 07, 2025

Lenovo – Senior Counsel, Legal, Privacy

Responsibilities:

Conduct privacy impact assessments to products and services offered by the PC business division before launches.
Monitor, analyze, and report on privacy and data protection legal, regulatory and policy developments related to PC products and advise on requirements and standards that may affect the PC business division, customer relationships, and its supply chain globally.
Lead and/or support important projects to design and execute Lenovo’s privacy and data protection policies and data governance strategies to meet global legal requirements, industry standards, and customer requirements, especially in the areas of emerging technologies, products, and services.
Provide advice and counsel on privacy and data protection incident investigations and response and mitigation workstreams in partnership with Lenovo’s security teams and other stakeholders.
Provide advice and counsel for customer, supplier, and partner agreements.
Design and provide privacy and data protection education and awareness trainings to ensure privacy by design in development of PC products.
Collaborate with regional privacy counsels for local compliance of products that are launched globally.

Posted Feb. 05, 2025

Aramark – VP and Assistant General Counsel, Privacy and Technology

Responsibilities:

Manage and collaborate with attorneys and other legal and compliance professionals working on privacy, data security and IT legal matters. Provide professional development and growth opportunities and promote employee engagement related to privacy protocols, data security best practices and IT contracting.
Ensure implementation of an efficient contracting process and other systems to interface between the IT group, Aramark’s businesses, and the privacy, data security and IT legal team.
Draft and negotiate technology contracts, including cloud computing agreements, software licenses, data protection agreements, and other IT contracts and vendor agreements.
Provide legal support on cybersecurity and incident response investigations to Aramark’s Chief Information Officer, Chief Information Security Officer and Cyber Security Incident Response Team.
Provide legal support to business units and corporate functions on all aspects of global privacy and security requirements, including consumer privacy, PCI-DSS compliance and other industry standards, international and inter-affiliate transfers of personal data, CCPA and other state privacy law compliance, GDPR compliance, “big data” use, marketing, records retention and data protection, and mobile privacy.
Review and draft language for RFPs, contracts and other legal documents related to privacy and data security requirements; negotiate arrangements related to the use and collection of personal information.
Review corporate initiatives involving international and inter-affiliate transfers of personal data to ensure compliance with applicable law.
Assess and monitor organizational risk; create policies, procedures and training to promote awareness of privacy, security and records management requirements.
Collaborate with stakeholders to deliver a comprehensive approach for Information Governance.

Posted Feb. 05, 2025

Dentsply Sirona – Director, Americas Privacy & Global Cybersecurity Counsel

Responsibilities:

Helps set privacy vision and strategy for the global privacy compliance program overall to align with business objectives and regulatory requirements.
Establishes and communicates priorities for Dentsply Sirona’s Americas privacy compliance program on a quarterly and annual basis, as well as monitors and reports on progress toward those goals.
Creates and maintains rationalized framework for privacy and cybersecurity compliance including tracking and analysing new privacy and cybersecurity regulations applicable to Dentsply Sirona’s Americas operations.
Maintains and updates policies and procedures in response to new regulations, annually or more frequently as required, in partnership with the DPO.
Working closely with Information Security, Procurement and Legal, develops and implements policies and procedures to effectively manage third party risk, including creating and maintaining contract template language, negotiation playbooks, serving as a point of escalation for privacy and cybersecurity questions, and advising on privacy and cybersecurity requirements for third-party audits and assessments.
Sets training and awareness strategy and cadence for the Americas region based on regulatory requirements and compliance priorities, including leading the privacy strategy and content development for internal web pages and resources, creating and managing a privacy coordinator network for the Americas region, and hosting and presenting materials for regular engagement with the Americas privacy coordinator network.
Designs and delivers privacy compliance training to the Americas region as well as globally as appropriate.
Manages incident response process and events in the Americas region, including ensuring that procedures exist within the Americas region to promptly report data incidents to the privacy team, reviewing the Dentsply Sirona cybersecurity response plan and procedures to ensure that regional regulatory requirements are addressed appropriately, annually reviewing and refreshing incident response procedures and related documentation, maintaining breach notification requirements, and engaging in other incident response readiness activities.

Posted Feb. 01, 2025

Credit Karma – Privacy Counsel

Responsibilities:

Help to ensure Credit Karma’s compliance with state and federal privacy laws, such as the California Consumer Privacy Act and Gramm Leach Bliley Act, through program and process development and management
Review and provide feedback on privacy and security terms in commercial agreements, in partnership with Credit Karma’s commercial counsel
Proactively assess how evolving privacy and data security requirements apply to new and innovative financial services products and other technologies
Provide actionable, business-savvy counseling to business stakeholders related to privacy and data security
Assist with consumer and regulatory inquiries and escalations related to privacy and security, and conduct Data Privacy Impact Assessments (DPIA)
Assist with complex cross-functional efforts related to privacy and cybersecurity, including site and security incident response
Help to manage, develop, and mature a privacy program across the entire company, including developing and implementing processes and policies
Educate stakeholders in a simple, easy to understand way about privacy and data security issues and innovating on ways to continue fostering a culture of learning
Stay up-to-date on new and evolving regulatory requirements related to privacy and data security

Posted Jan. 31, 2025

AXIS – Privacy Counsel

Responsibilities:

Provide legal advice and guidance to the DPO, senior management, business units and support functions regarding AXIS’s obligations under global data privacy and cybersecurity laws and regulations
Prepare privacy notices and review, advise on, draft, amend and negotiate privacy clauses in a variety of contracts
Investigate and advise on privacy incidents, breaches and data subject requests and maintain and update a list of global regulatory notification requirements
Assist the DPO to identify and mitigate privacy risks and develop and maintain compliance strategies
Monitor data protection, privacy, and cybersecurity laws and regulations across the global jurisdictions in which AXIS conducts business
Assist with development and delivery of data privacy and protection awareness and training materials to AXIS staff
Coordinate with outside counsel as needed to ensure those services are used in most effective way
Provide and/or coordinate legal services to the Vendor Management Office

Posted Jan. 28, 2025

Zscaler – Privacy Counsel

Responsibilities:

Serve as a subject matter expert on privacy, data protection, and related AI issues, addressing questions from customers and internal stakeholders.
Provide practical, business-focused guidance on data privacy, data protection, and AI-related compliance matters.
Review and negotiate Data Processing Agreements (DPAs) with customers and vendors, and advise legal team members on managing privacy, data protection, and AI-related issues in customer and vendor engagements.
Stay up to date with global privacy, data protection, and AI regulations.

Posted Jan. 29, 2025

Priceline – Counsel, Privacy & AI

Responsibilities:

Maintain up-to-date, deep fluency on privacy and AI laws, regulations, requirements and industry best practices.
Work directly with the company’s security team, participating in incident response, governance initiatives, and common data protection issues.
Advise the business on legal, regulatory, and business standards.
Own key elements of the company’s privacy management program, working directly with technology and business colleagues to ensure their processes meet applicable legal requirements.
Manage internal data protection investigations.
Ensure internal and external assessments, audits and monitoring activities are compliant and managed with appropriate legal guidance.
Own the DPA process: working directly with commercial legal colleagues and business stakeholders, ensure DPAs are appropriate, compliant and efficiently negotiated.
Draft a wide variety of governance documents, internal and external communications, and contractual documents.
Identify and communicate potential risks areas with leadership and propose compliant mitigation solutions.

Posted Jan. 26, 2025

Morgan, Lewis, & Blockius – Privacy Counsel

Responsibilities:

Draft, review and negotiate third party vendor agreements to include privacy terms and controls including data processing, data transfer, business associate and other agreements
Improve and maintain the firm’s standard privacy agreements and legal processes
Proactively work with internal clients to improve privacy aspects of the contract negotiation process
Advise internal teams to minimize risk while balancing business interests
Collaborate with other business functions, including Information Security and Procurement Services, in managing vendor contracts and performing associated due diligence
Conduct privacy impact and other risk assessments as well as monitor risk mitigation measures
Support the GCPO with global privacy projects
Maintain up to date knowledge of applicable and emerging global data privacy and security laws such as HIPAA, CCPA, GDPR and other U.S./international privacy laws

Posted Jan. 23, 2025

Walmart – Counsel, Cybersecurity Legal

Responsibilities:

Keep the ethical use of data and responsible use of technology at the forefront of your legal work, with an eye toward promoting fairness, good digital citizenship, and cybersecurity. At Walmart, the customer is #1!
Provide legal advice to the company clients that emphasizes the client’s legal rights, obligations, and risks and promotes informed decisions.
Collaborate with senior executives on significant risks; seeking authority and obtaining informed consent to proceed with legal matters.
Proactively collaborate with technical engineers, developers, and product managers to build creative solutions to challenges impacting the security of services.
Partner with Compliance and Business leaders to define best practices and policies to ensure compliance with state & federal laws and regulations to mitigate corporate risk.
Direct highly sensitive investigations and assessments.
Identifying the need for, and effectively overseeing, outside legal support for business transactions and projects.
Consult with outside resources and experts to facilitate the responsible and effective implementation of high priority business initiatives.
Maintain expertise in the rapidly changing policy positions and legal requirements impacting data security; providing legal support to Public Policy associates on matters related to information security.
Leverage technology to streamline processes, communication, and workflows.

Posted Jan. 22, 2025

American Express – VP & Senior Counsel, Privacy – U.S. Products & Services

Responsibilities:

Provide thoughtful leadership to the PDLG lawyers supporting U.S. products and services, e.g., Consumer cards, B2B products, Resy, TLS, etc.;
Proactively deliver pragmatic advice to senior executives at AXP on the wide range of novel privacy issues arising under U.S. state or federal privacy/data laws;
Assist with our M&A activities to provide privacy support;
Advise on strategic contractual negotiations for a wide range of commercial agreements;
Partner with our global privacy team to elevate our regulatory strategy and enhance our customer facing disclosures, etc.;
Develop fulsome processes to advise on privacy and data related legislative developments in the U.S.;
Advocate on behalf of Amex in our trade associations and other external forums;
Support the design and delivery of continuing legal education programs on privacy-related issues.

Posted Jan. 22, 2025

eBay – Privacy Counsel Program Manager

Responsibilities:

Build and manage privacy program for eBay subsidiary
Advise new eBay subsidiary on privacy requirements and support implementation of privacy program
Perform enterprise privacy assessments, identify gaps, develop remediation plans in implement remediations
Work cross-functionally with legal, business, product, and engineering teams to support the completion of Privacy Risk Assessments (PIA, DPIA, LIA)
Implement new privacy laws
Work with internal and external stakeholders as needed to improve risk assessment questionnaires and processes
Support the implementation of new laws in the United States, Canada and Latin America
Collaborate with various departments – IT, Engineering, Product, etc. – to ensure privacy considerations are integrated into product development, data management, and business processes
Monitor changes in privacy laws, regulations, and standards, and support updating the privacy program as necessary
Support Business Units (BUs) with timely and effective triaging of incoming data processing agreement (DPA) review requests
Act as lead point in facilitating, tracking, and enhancing prompt and timely communication with BUs throughout DPA reviews

Posted Jan. 22, 2025

Quantum Health – Associate General Counsel – Data Privacy and Cybersecurity

Responsibilities:

Provide legal guidance to support compliance with applicable privacy and cybersecurity laws, regulations, and industry standards (e.g., GDPR, CCPA, HIPAA, SOX, NIST).
Reduce compliance-related incidents by implementing proactive legal frameworks and risk assessments in partnership with cross-functional teams.
Establish a system for real-time privacy and cybersecurity compliance monitoring and reporting in partnership with cross-functional teams, ensuring timely updates to leadership.
Support corporate transactional work based on prior experience and expertise including, but not limited to, website development, product development and oversight of organizational privacy practices and accessibility requirements.
Manage and participate in required organizational audits related to privacy and security initiatives (SOC 2).
Support organizational and corporate governance initiatives, including whistleblower policies, ethics and transactional activities.
Review and negotiate subcontractor and vendor agreements to reduce legal risk while accelerating time-to-close.
Ensure all vendor agreements include security, compliance, and privacy safeguards to mitigate third-party risks.
Review and negotiate client-facing data protection and processing agreements, business associate agreements and assist with client inquiries
Represent legal in the review, approval and documentation of third-party integration requests.
Act as a strategic advisor to executive leadership, ensuring legal strategies align with business objectives.
Partner with product, security, and compliance teams to embed legal requirements into processes without disrupting innovation.
Improve internal compliance workflows to reduce legal bottlenecks and enhance operational efficiency.
Support other areas of business, as needed, based on areas of expertise or assigned new areas of development tied to strategic initiatives.

Posted Jan. 22, 2025

Sigma Computing – Corporate Counsel – Privacy

Responsibilities:

Assist with integrating privacy, risk, and compliance into our business processes, operations, and product development.
Assist with creating and maintaining privacy documentation like notices, data retention schedules, impact assessments, and more.
Support our sales and procurement teams by drafting, reviewing, and negotiating privacy-focused agreements (e.g. DPA’s, and BAA’s).
Assist the GRC team with managing vendor relationships and subprocessors, creating policies and processes to protect sensitive data.
Support response to data incidents, including identifying legal obligations, and preparing incident notices and other communications.
Stay current on evolving privacy laws like HIPAA, CCPA, GDPR, and provide practical guidance to internal teams.
Provide sound, practical advice and guidance on legal and business-related issues to internal clients.

Posted Jan. 21, 2025

Larson Maddox – Senior Privacy Counsel

Responsibilities:

Serve as privacy SME, advising on data security, governance, and compliance.
Collaborate with internal teams to identify and mitigate legal risks.
Lead data protection initiatives and manage responses to data incidents.
Draft and negotiate privacy-related agreements and ensure third-party vendor compliance.
Develop, maintain, and implement privacy policies and help provide training throughout the organization

Posted Jan. 13, 2025

Lenovo – Senior Counsel, Privacy

Responsibilities:

Conduct privacy impact assessments to products and services offered by the PC business division before launches.
Monitor, analyze, and report on privacy and data protection legal, regulatory and policy developments related to PC products and advise on requirements and standards that may affect the PC business division, customer relationships, and its supply chain globally.
Lead and/or support important projects to design and execute Lenovo’s privacy and data protection policies and data governance strategies to meet global legal requirements, industry standards, and customer requirements, especially in the areas of emerging technologies, products, and services.
Provide advice and counsel on privacy and data protection incident investigations and response and mitigation workstreams in partnership with Lenovo’s security teams and other stakeholders.
Provide advice and counsel for customer, supplier, and partner agreements.
Design and provide privacy and data protection education and awareness trainings to ensure privacy by design in development of PC products.
Collaborate with regional privacy counsels for local compliance of products that are launched globally.

Posted Jan. 13, 2025

Exponent – Corporate/Privacy Attorney

Responsibilities:

Privacy and Data Protection: Lead and manage the legal aspects of the company’s privacy and data protection initiatives, working closely with Information Security to ensure compliance with relevant laws and regulations for both corporate activities and client project work.
Corporate Governance and Securities: Assist with corporate governance matters, including board and committee support, and ensure compliance with securities laws and regulations.
Compliance: Assist in developing, implementing, and overseeing compliance programs and policies to ensure adherence to legal and regulatory requirements.
Employment Law: Provide legal advice and support on employment-related matters, including employee relations, policies, and procedures.
Litigation: Support litigation and dispute resolution processes, working closely with General Counsel and external counsel as needed.
Risk Management: Identify and mitigate legal risks across the organization, providing strategic advice to senior leadership.
General Legal Support: Provide legal support on a variety of other matters as needed, including contract review and negotiation, intellectual property, brand protection/marketing, and mergers and acquisitions.
Training and Awareness: Coordinate (and, as needed, conduct) legal training and workshops for employees to foster compliance with various legal regulations, including privacy laws and compliance protocols. Support Legal Department efforts around messaging for compliance and risk awareness.
Legal Developments & Continuous Learning: Keep abreast of legal developments affecting our business, particularly in areas of privacy, corporate law, and compliance. Provide related updates and guidance to the department and practice groups, as needed. Collaborate with others in the department to innovate processes and/or implement ways of working to address compliance areas.

Posted Jan. 13, 2025

Postman – Privacy Counsel

Responsibilities:

Provide expert guidance on privacy compliance for marketing campaigns and operations, including email campaigns, digital advertising, and data analytics.
Counsel marketing and sales teams on the collection, use, and sharing of customer data, ensuring compliance with GDPR, CCPA, and other global privacy laws.
Work with engineering and operations teams to develop and implement privacy processes and controls for marketing, sales, and product initiatives.
Monitor and interpret emerging privacy regulations and provide actionable advice to internal teams.
Collaborate with cross-functional teams to ensure privacy-by-design principles are integrated into marketing tools and systems.
Support the review of Data Processing Agreements (DPAs) and assist in developing privacy-related playbooks for marketing and operational initiatives.
Partner with product, engineering, and security teams to integrate privacy best practices across company processes.
Work with the legal team to support security compliance, incident response capabilities, and business continuity planning.

Posted Jan. 13, 2025

Generac – Corporate Counsel – Regulatory & Data Privacy

Responsibilities:

Provide actionable, risk-based advice on global product and data privacy regulation
Develop and implement policies and processes to champion best practices and product and data privacy regulatory compliance
Direct and oversee outside counsel in matters of product regulation and data privacy
Partner with other members of the Legal Department, and business and functional team, to provide strategic, business-oriented legal guidance to aid the successful execution of initiatives
Perform other responsibilities as assigned

Posted Jan. 10, 2025

TeleTracking – Sr. Counsel for Privacy & Technology

Responsibilities:

Draft and negotiate software technology and services agreements with various deployment models (on-prem, manage service, SaaS, public +/or private cloud)
Draft, negotiate and resolve privacy issues arising in our global commercial agreements, including standardized Business Associate Agreements and Data Protection Agreements globally.
Elevate our processes, build contracting templates and create toolkits to address privacy, data and AI related risks in a strategic way, including but not limited to developing privacy frameworks, privacy risk assessments, privacy impact assessments, and processes to facilitate “Privacy by Design” for the product development and engineering teams.
Advise internal clients on how to enhance our global privacy, data management and AI governance programs and processes.
Provide guidance on data protection, privacy, security, HIPAA, GDPR, state privacy laws and issues related to exploitation of data.
Provide accurate legal guidance to management on matters that affect the Company and ensure that the Company is complying with all current business process laws and regulations.
Assist on M&A activities, business development, partnership, joint venture and corporate transactions, including commercial and vendor contracting, IT contracts, due diligence and post-close integrations.
Participate in Business Continuity/Disaster Recovery tabletop exercises, as well as be an essential partner to the Information Security team for certifications and recertifications for ISO 27001.
Monitor and advise on global developments in privacy, data governance and AI, and interface directly with DPO’s affiliated with the Company’s businesses.
Provide training and education from time to time to internal colleagues on evolving matters relating to Privacy, Data Governance and Artificial Intelligence.

Posted Jan. 08, 2025

JW Michaels & Co. – Sr. Counsel – Privacy

Responsibilities:

Analyze existing privacy processes and proposed new processes to ensure compliance with applicable laws and modify/improve processes to conform to existing law;
Collaborate with IT and other internal stakeholders to implement new and revised privacy processes (e.g., re privacy rights requests, opt outs, etc.) with respect to consumers, employees and vendors;
Be able to answer internal and external privacy-related questions and inquiries;
Assume responsibility for managing and updating our PI data catalog;
Review existing contracts, and draft and negotiate new contracts, for privacy compliance;
Monitor and summarize new and evolving privacy laws, both in the U.S. and Canada;
Manage and update internal and external privacy policies, notices, and procedures;
Provide expert legal advice on privacy, cybersecurity, data use, and technology matters
Advise on data, cyber, and privacy-related issues in M&A transactions;
Conduct privacy impact assessments for proposed rules or systems;
Provide privacy trainings, as needed;
Understand adtech, cookies, online trackers, etc.;
Assess potential privacy/cybersecurity risks;
Be familiar with data breach laws.

Posted Jan. 08, 2025

Vertex Pharmaceuticals – Privacy Counsel

Responsibilities:

Performing regular privacy assessments of new and existing business processes (including through data inventories and data protection impact assessments), providing practical and timely advice to internal clients to design business processes in compliance with applicable data protection requirements, including those relating to data transfers, while addressing risks and protecting the company’s integrity and reputation.
Acting as subject matter expert and internal escalation point for data protection issues in contracting, including data processing agreements, research collaborations, and transactional agreements; continue to develop template materials for contracting and advise/train members of the legal department on handling privacy-related language in contracts.
Working closely with our contracting teams to improve and streamline contracting processes and procedures related to data protection and security.
Drafting privacy notices and consents for business processes across the organization, and maintaining the organization’s privacy and cookie notices on company websites
Developing and reviewing content for privacy training materials and other communications to increase employee understanding of company privacy policies, data handling practices and procedures and legal obligations, as well as to ensure awareness of “best practices” on privacy and data security issues.
Evaluating and responding to data subject requests (e.g., request for information, clarifications, rectification, or deletion of personal data) and reports of potential data incidents. Supporting the monitoring
Supporting the monitoring/auditing plan for compliance with internal data protection policies and processes and working with Internal Audit function, Office of Business Integrity and Ethics or external auditors in carrying out audit plans.
Keeping abreast of privacy developments affecting the company (e.g., evolving guidance out of the European Union, California Privacy Act, discussions of US privacy laws, CAN-SPAM, e-privacy and developments in Artificial Intelligence) and anticipating potential changes needed to global privacy program to meet new regulatory requirements.
Participating in various Legal & Compliance Department projects and initiatives

Posted Jan. 07, 2025

Exact Sciences – Sr Assistant General Counsel, Privacy

Responsibilities:

Serve as a subject matter expert in areas of data use and protection laws (including U.S. state and federal consumer protection and privacy laws) and provide practical advice that achieves business objectives.
Demonstrate subject matter expertise by providing guidance using relevant data protection laws and regulations to support enterprise research in the U.S. and International markets.
Support colleagues across the legal department in structuring, drafting, and negotiating transactional documents to respond to and support enterprise objectives.
Provide legal advice to the Chief Privacy Officer and other members of the Global Privacy Office to streamline global privacy operations.
Provide legal support and advice to the Chief Information Security Officer with respect to health information security matters, including cybersecurity incidents.
Work closely with product counsel and product teams to guide product development and evaluate the impact of privacy laws, regulatory guidance, and enforcement actions.
Drive high-profile and high-impact projects involving privacy analysis and compliance with cross-functional stakeholders across the business.
Support members of the legal and business teams on privacy legal matters, including areas related to partnerships, acquisitions, integrations, and other business development opportunities.
Help to develop and conduct general and role-specific privacy training across Exact Sciences as requested by the Global Privacy Office.

Posted Jan. 07, 2025

VinFast US – Privacy Counsel

Responsibilities:

Serve as the lead data privacy subject matter expert for the company’s United States entities, providing accurate and timely counsel to business departments and management.
Analyse and control advice on the compliance of the activities of personal data information processing projects within the framework of Data Protection Impact Assessments / Privacy Impact Assessments and propose remedial measures.
Review and analyze legal, regulatory, and commercial developments in the privacy arena to ensure an up-to-date data privacy operational framework, manage risks, and develop forward-thinking advice on market-leading approaches to privacy compliance.
Identify discrepancies or lack of conformity for processing activities and suggest remedies.
Identify the risks generated by a data processing activity and apply effective risk management techniques.
Negotiate and draft data privacy and security provisions in contracts, including data privacy addendums (DPAs), licensing agreements, sourcing and procurement agreements, technology agreements, partnership and joint venture agreements, terms of use, and other agreements with B2B partners and vendors.
Spearhead drafting and updating U.S. cybersecurity, data protection compliance, and privacy policies as well as guidelines, training tools, and practices across the company to develop scalable frameworks and approaches to assist the organization in achieving its strategic objectives while complying with privacy regulations.
Provide guidance and develop written policies to address inquiries from various teams across the company based on the issues presented.
Ensure compliance with policy requirements and integrate privacy by design principles into all aspects of the vehicle manufacturing and distribution processes.

Posted Jan. 07, 2025

Hiscox – Corporate Counsel – Privacy

Responsibilities:

Reporting to the Head of Legal, the Corporate Counsel, Privacy serves as a key member of the legal team and will own and run data privacy operations for Hiscox US. The right candidate has a proven background advising, owning, and operating a data privacy framework, and experience in developing, implementing, and managing the business processes and practices necessary to drive compliant privacy transformation initiatives and BAU operations simultaneously. This role will partner with the Group DPO and Privacy global team to ensure the US business maintains an effective program that is compliant with US privacy and data security laws and regulation and is responsible for keeping abreast of all emerging laws, regulations and communicating expected impact and recommending solutions to the business and management. This role will serve as the point person for US customer queries and will ensure all necessary and relevant privacy trainings and tools are effectively delivered to the US business. Additionally, the individual will collaborate closely with key stakeholders in Data, Risk, Claims, Operations, and Marketing to drive compliance and best practices. This role is suited to an experienced privacy professional who is comfortable taking decisions and operating as part of an embedded legal function and simultaneously part of a global privacy team.

Posted Jan. 04, 2025

Accenture Federal Services – Cybersecurity Senior Legal Counsel Senior Manager

Responsibilities:

Principal counsel for cybersecurity compliance, risk and mitigation.
Lead a team that is responsible for cybersecurity incident analysis & response, supply chain risk management, Artificial Intelligence, and intellectual property
Design and help implement policies, procedures, and tools related to cybersecurity
Support contracting teams to understand and mitigate contractual and delivery risk related to cybersecurity requirements
Advise the business on the application of cybersecurity considerations to emerging technologies like AI and blockchain
Provide strong collaboration with CIO & CISO to anticipate and address cyber threats, risk, and compliance with existing and forthcoming rules and regulations
Develop and deliver cybersecurity training to targeted audiences

Posted Jan. 02, 2025

* * *

Looking for an older job listing? In an effort to keep this page as up-to-date as possible, we have moved Job Listings older than the date above to our Condensed Job Listings page. We hope this comprehensive list will allow you to see the many different career opportunities that exist in Privacy and Data Security Law.

Privacy Law Job Listings

PRIVACY LAW JOB LISTINGS