Data Privacy Counsel

About The Position

Requirements

• Strong familiarity with relevant privacy laws, including GDPR and CCPA.
• Excellent legal analytical, problem solving, and communication skills.
• Strong organizational skills and ability to manage multiple projects.
• Capacity to prioritize risks and drive execution under tight deadlines.
• Collaborative work style with the ability to influence across functions.
• Hardworking with attention to detail and a proactive, hands-on approach to compliance execution.
• J.D. from an ABA-accredited law school and member of a state bar in good standing.
• Minimum 7-10+ years of legal experience, with at least 3 years focused on data privacy.
• Demonstrated experience in operational privacy tasks (ROPA, DPIAs/LIAs/TIAs, DSARs, vendor/customer DPAs).

Nice To Haves

• Familiarity with AI-related regulations (e.g., EU AI Act, emerging U.S. frameworks) and evolving global approaches to data governance.
• Assist with intellectual property, licensing, content, technology, or media matters as bandwidth permits.
• Support pre-litigation privacy or data protection disputes where needed.
• CIPP/E or CIPP/US certification highly desired; candidates with both are strongly preferred.

Responsibilities

• Updating Records of Processing Activities (ROPA): Maintain existing ROPA (and adding new entries) to ensure accuracy & currency.
• Privacy Impact Assessments: Conduct DPIAs, LIAs, and TIAs; maintain the assessment register; track mitigations.
• Data Subject Rights: Fulfill DSARs end-to-end, including identity verification, data retrieval, response drafting, and evidence management.
• Data Processing Agreements (DPAs): Draft and negotiate customer and vendor DPAs (as well as contract provisions associated with privacy); escalate complex or high-risk matters.
• Vendor Due Diligence: Conduct privacy due diligence on vendors and manage routine DPAs.
• Incident Response: Execute incident/breach runbooks, including evidence collection, reporting, and customer/vendor communication support.
• Privacy by Design: Participate in Privacy by Design reviews within the SDLC/PLC, documenting advice and risk assessments.
• Training & Awareness: Assist in development and delivery of privacy trainings.
• Regulatory Monitoring: Conduct horizon scanning of evolving privacy laws; distill requirements into actionable obligations and communicate them to control owners.