Senior Counsel, Privacy and Compliance

Recursion•Salt Lake, UT

1d•Hybrid

About The Position

Recursion is seeking a Counsel role specializing in data privacy and compliance to support the expansion of its clinical trials and compliance infrastructure. This role will maintain and shape a privacy-by-design infrastructure through vendor onboarding, data mapping, policy development, and negotiating privacy terms in transactions. It will also support the growth of the compliance function within the Legal department by providing guidance, implementation, and training, and fostering partnerships across functions. The ideal candidate is business-minded, collaborative, and adept at translating privacy and regulatory requirements into actionable guidance. Fluency in international data privacy regulations and familiarity with corporate compliance in biotech or pharmaceutical companies are essential. The role will collaborate with various groups, including Clin Tech, Clinical Operations, and Human Resources, employing a practical, solutions-focused approach to accelerate company goals through compliance.

Requirements

At least four years of experience in data privacy counseling in the biotech or pharmaceutical industry, at a law firm or preferably in-house.
Strong working knowledge of privacy and data protection laws, including U.S. state privacy laws, GDPR, CCPA/CPRA, and related regulatory frameworks.
Experience reviewing and negotiating privacy, security, and data protection provisions in commercial agreements.
Ability to provide clear, practical advice in a fast-moving business environment.
Strong judgment, attention to detail, and ability to manage multiple projects independently.
Excellent written and verbal communication skills.
Admitted to practice in at least one state and eligible to practice law in Utah as in-house counsel.

Nice To Haves

IPP/US, CIPP/E, CIPM, or similar privacy certification preferred.
Experience building or scaling privacy and compliance programs in-house preferred.

Responsibilities

Develop and maintain infrastructure to comply with varying data privacy regulations in Europe and new countries in support of clinical trial plans.
Review and negotiate data protection terms, DPAs, vendor agreements, customer agreements, security addenda, and other contracts from a privacy standpoint.
Monitor and advise on privacy and compliance developments, including U.S. state privacy laws, GDPR, CCPA/CPRA, sector-specific privacy rules, and emerging AI and cybersecurity requirements.
Support incident response, data subject rights requests, privacy impact assessments, transfer impact assessments, and regulatory inquiries.
Support vendor onboarding and maintenance for vendors processing personal data.
Maintain the company’s Record of Processing Activity.
Counsel on privacy-by-design reviews, data mapping, vendor onboarding, AI/data use cases, and new geographical expansions.
Draft policies and perform trainings to support data protection compliance.
Assist the Legal team in drafting and implementing corporate compliance policies, training, and follow-up.
Partner closely with Human Resources and other functions to identify needs for policies or guidance.
Collaborate closely with internal stakeholders on creating a “right size” compliance function that enables business growth while protecting against risk.