Data Privacy, Cybersecurity & AI Attorney

About The Position

Requirements

• J.D. from an accredited law school, and in good standing with the California State Bar.
• 3+ years of legal experience, including substantive data privacy experience and an in-depth knowledge of U.S. and EU privacy and AI laws.
• Prior law firm experience.
• Strong professional judgment, excellent communication skills, a willingness to self-educate, and the ability to manage multiple tasks and supervise junior attorneys to ensure deadlines are met.
• A practical problem‑solver with a demonstrated ability to counsel sophisticated businesses on complex privacy, data and AI issues with superior writing and communication skills.
• Comfortable navigating regulatory ambiguity, and translating legal requirements into actionable advice.
• Have a working knowledge of the CCPA, the various other state comprehensive privacy laws, CIPA, HIPAA, FCRA, GLBA, TCPA, CAN-SPAM, COPPA, ROSCA, and GDPR.
• Familiar with the inner workings of the Internet, online tracking technologies, opt-in and opt-out standards, and have experience advising companies on “cookie” compliance based on their business model, intended uses and contractual foundations.
• Knowledgeable about privacy and AI regulatory compliance programs, and have a proven record of starting or iterating such programs.
• Inquisitive and looking to work in a fast-paced environment where you learn about new technologies and new laws every day.

Nice To Haves

• Sector-specific experience in financial services, children’s privacy (e.g., AADC, age verification), telecom, biometrics, consumer health data, genetics or digital advertising.
• IAPP CIPP certification (U.S. and EU) strongly preferred; AIGP a plus.

Responsibilities

• Assisting companies with building or scaling privacy programs, as well as providing compliance guidance in relation to prevailing U.S. federal and state privacy laws, and the GDPR and other global privacy standards and regulations.
• Drafting and revising privacy notices, terms of service, incident response plans, information security policies and other data protection policies.
• Providing strategic advice in relation to the use of tracking technologies and advising on CIPA demands.
• Preparing DPIAs, and providing product counseling.
• Negotiating and drafting professional services agreements, vendor/service provider agreements, data processing agreements, cross-border transfer agreements, and other types of commercial agreements involving data sharing.
• Developing and refining AI governance programs, including through drafting internal/external AI policies; advising on clients’ use of AI with their customers (e.g., teleconference note-takers, GenAI, call recordings); performing AI risk assessments; advising on automated decision-making and profiling; and researching and advising on AI legal developments.
• Responding to regulatory requests and formal investigations (e.g., FTC, CalPrivacy, state AG, ICO, OPC) in relation to privacy compliance and data breaches.
• Performing, leading and negotiating all phases of privacy and security-related due diligence in mergers & acquisitions and similar fundamental corporate transactions.
• Driving data breach preparation, risk mitigation, coordination and responses.

Benefits

• competitive compensation
• excellent benefits package
• discretionary bonus
• health insurance with an optional HSA
• short term disability
• long term disability
• dental insurance
• vision care
• life insurance
• Healthcare and Dependent Care Flexible Spending Accounts
• 401K
• vacation
• sick time
• employee assistance program
• voluntary accident insurance
• voluntary life
• voluntary disability
• voluntary critical illness and cancer insurance
• pet insurance
• Commuter and Transit programs