Privacy Counsel

About The Position

Requirements

• JD degree required with 4 years of relevant experience; or
• Must be admitted to practice, preferably in California.
• CIPP/US, CIPP/E, CIPM or similar certification preferred
• Equivalent combination of education and relevant experience
• Minimum of 6 years of legal experience, including no less than 5 years focused on global privacy and data protection.
• Strong understanding of global privacy frameworks and regulatory trends.
• Proven ability to help business teams operationalize privacy legal requirements and create sustainable compliance processes.
• Demonstrated success implementing privacy compliance measures, including conducting PIA/DPIAs, TIAs, data mapping, etc. in a matrixed organization.
• Excellent interpersonal communication, collaboration, and stakeholder management skills.
• Able to develop and deliver clear and concise presentations, to influence and collaborate effectively at all levels of the organization.
• Applies strong strategic thinking and problem-solving abilities to novel questions, with a data-driven approach to decision-making.
• Ability to devise creative business solutions for complex problems and implement organizational or team objectives.
• Effectively manages ambiguity, handling multiple tasks simultaneously and adjusting priorities quickly.
• Must be efficient, meticulous and have strong organizational skills.
• Anticipates complications and plans accordingly to meet specific deadlines.
• Works well independently and in a team environment.
• Must have good judgment, acting responsibly and conscientiously.
• Dedicated to quality, reliability, and highest professional standards in all work tasks.
• Must be an initiative-taker and quick learner.
• Requires strong computer skills (e.g., Microsoft Office Suite (Word, Excel, PowerPoint, etc.) document comparison programs, and Internet).

Nice To Haves

• Thought leadership in privacy and data ethics.
• Experience in a technology, healthcare, or data-driven organization a plus.
• Experience in ad/mar tech, digital media, AI and data governance a plus.

Responsibilities

• Provide practical, expert legal advice on US and global privacy and data protection laws (e.g., GDPR, CCPA/CPRA, HIPAA, etc.).
• Review new business processes and initiatives to embed data security and privacy by design at conception and through implementation.
• Contribute to team and resource development by participating in drafting sessions, sharing solutions, and contributing to the ongoing build out and refinement of playbooks and templates.
• Lead discussions with business teams, deftly translating data protection requirements into business processes, policies, and compliance controls.
• Review, draft, and when necessary, negotiate DPAs, SCCs, and other privacy terms when escalated by contracting teams.
• Lead privacy impact assessments (PIAs), data mapping exercises, and risk mitigation strategies.
• Enable compliance with cross-border data transfer requirements, by conducting and documenting transfer impact assessments (TIAs) to support SCCs, UK IDTA, and other mechanisms.
• Monitor regulatory developments, assess and communicate timely to stakeholders the impact on business operations.
• Support incident response and breach notification processes.
• Develop and deliver privacy training and awareness programs.
• Advise on AI, biometrics, and emerging technologies from a privacy perspective.
• Identify and assess privacy and risks, translating complex legal concepts into clear, accessible language that enables business teams to make informed decisions.
• Drive the development and continuous improvement of privacy program elements, including data protection playbooks, forms, contract templates, and resources.
• Partner cross-functionally to embed privacy by design.
• Serve as a primary liaison between Legal and various business functions on privacy matters, translating a complex matrix of laws and regulations into actionable requirements.
• Build strong, collaborative relationships with key stakeholders across the organization to ensure alignment on vision, priorities, and outcomes of business initiatives and projects.
• Represent the Legal team in working groups, committees, and cross-departmental initiatives that have a privacy impact.

Benefits

• comprehensive employee benefits package, including a 401k plan with generous company contributions, group medical, dental and vision coverage, life and disability insurance, and flexible spending accounts
• Employees are also eligible for a discretionary annual bonus program, or if field sales staff, a sales-based incentive plan.
• Exelixis also offers employees the opportunity to purchase company stock, and receive long-term incentives, 15 accrued vacation days in their first year, 17 paid holidays including a company-wide winter shutdown in December, and up to 10 sick days throughout the calendar year.