Privacy Counsel

Role Summary

The Privacy Counsel will serve as a point person with business stakeholders and translate complex legal requirements into actionable, scalable solutions to foster a data security and privacy by design culture. This role shapes and executes global privacy strategy, implements compliance measures, and enables business innovation in collaboration with various teams and external counsel.

Responsibilities

• Provide practical, expert legal advice on US and global privacy and data protection laws (e.g., GDPR, CCPA/CPRA, HIPAA, etc.).
• Review new business processes and initiatives to embed data security and privacy by design at conception and through implementation.
• Contribute to team and resource development by participating in drafting sessions, sharing solutions, and refining playbooks and templates.
• Lead discussions with business teams, translating data protection requirements into business processes, policies, and compliance controls.
• Review, draft, and negotiate DPAs, SCCs, and other privacy terms when escalated by contracting teams.
• Lead privacy impact assessments (PIAs), data mapping exercises, and risk mitigation strategies.
• Enable compliance with cross-border data transfer requirements by conducting TIAs to support SCCs, UK IDTA, and other mechanisms.
• Monitor regulatory developments and communicate impacts on business operations.
• Support incident response and breach notification processes.
• Develop and deliver privacy training and awareness programs.
• Advise on AI, biometrics, and emerging technologies from a privacy perspective.
• Identify and assess privacy risks, translating complex legal concepts into clear language for business use.
• Drive development and continuous improvement of privacy program elements, including playbooks, forms, templates, and resources.

Qualifications

• Required: JD degree with 4 years of relevant experience; or admitted to practice, preferably in California.
• Preferred: CIPP/US, CIPP/E, CIPM or similar certification.
• Equivalent combination of education and relevant experience.
• Minimum of 6 years of legal experience, including at least 5 years focused on global privacy and data protection.
• Strong understanding of global privacy frameworks and regulatory trends.
• Proven ability to operationalize privacy requirements and create sustainable compliance processes.
• Experience conducting PIAs/DPIAs, TIAs, data mapping, and implementing privacy measures in a matrixed organization.
• Thought leadership in privacy and data ethics.
• Experience in technology, healthcare, or data-driven organizations is a plus; experience in ad/mar tech, digital media, AI, and data governance is a plus.

Skills

• Excellent interpersonal communication, collaboration, and stakeholder management skills.
• Ability to develop and deliver clear, concise presentations and influence at all levels.
• Strategic thinking and data-driven problem-solving abilities.
• Ability to devise creative solutions for complex problems and implement objectives.
• Ability to manage ambiguity and handle multiple tasks with changing priorities.
• Efficient, meticulous, and strong organizational skills.
• Judgment, responsibility, and conscientious work ethic.
• Commitment to quality, reliability, and professional standards.
• Initiative-taking and quick learning.
• Strong computer skills (Word, Excel, PowerPoint, document comparison programs, Internet).

Education

• JD degree required with 4 years of relevant experience; or admitted to practice, preferably in California.
• CIPP/US, CIPP/E, CIPM or similar certification preferred.