Privacy Counsel job description

Job brief

We are looking for an experienced Privacy Counsel to join our legal team and lead our global data protection strategy. You will serve as the primary legal partner for our data science and product teams, translating complex regulatory requirements into actionable compliance roadmaps. In this role, you will have the autonomy to shape our internal governance policies and manage high-stakes privacy matters across our international portfolio. If you are a proactive legal professional passionate about emerging privacy technologies and data rights, we want to hear from you.

What is a Privacy Counsel?

A Privacy Counsel is a specialized legal advisor tasked with building robust data governance frameworks to ensure global regulatory compliance. By aligning business objectives with evolving mandates like GDPR, CCPA, and LGPD, a Privacy Counsel mitigates risk associated with data processing and cross-border transfers. Their work integrates deep legal expertise with technical understanding of privacy-by-design principles, serving as the bridge between product engineering teams and executive leadership to uphold data integrity.

What does a Privacy Counsel do?

A Privacy Counsel spends their day drafting data processing agreements, conducting Privacy Impact Assessments (PIAs), and advising on the implementation of privacy-enhancing technologies. They coordinate with IT security teams to resolve data subject access requests (DSARs) and respond to inquiries from regulatory bodies or audit agencies. Additionally, they proactively monitor legislative developments to update corporate privacy policies, ensuring internal practices remain legally sound while supporting scalable business growth.

Key responsibilities

• Draft and negotiate complex data processing agreements, privacy notices, and vendor contracts involving sensitive personal information.
• Conduct thorough Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs) for new product feature releases.
• Develop and maintain comprehensive internal data privacy policies in alignment with GDPR, CCPA, CPRA, and evolving global legislation.
• Partner with Information Security teams to manage data breach response plans and coordinate mandatory regulatory notifications.
• Create and deliver cross-departmental training programs to instill a 'privacy-by-design' culture across engineering and marketing teams.
• Monitor global privacy legal developments and provide concise risk mitigation advice to the executive leadership and board members.
• Manage and streamline the intake process for Data Subject Access Requests (DSARs) to ensure timely and legally accurate responses.
• Represent the organization in external privacy audits and engage with regulatory authorities to advocate for the company's compliance posture.

Requirements and skills

• Juris Doctor (JD) degree from an accredited law school and active admission to at least one state bar association.
• Minimum of 4+ years of focused experience working as a Privacy Counsel or in a dedicated data protection legal role.
• Certified Information Privacy Professional (CIPP/E, CIPP/US, or CIPP/T) designation from the IAPP is strongly preferred.
• Expertise in interpreting and applying GDPR, CCPA, ePrivacy Directive, and other international data protection frameworks.
• Deep understanding of technical data privacy concepts including encryption, anonymization, cookie management, and consent architecture.
• Proven track record of communicating complex legal risks to non-technical stakeholders in product, marketing, and engineering.
• Experience managing outside counsel for specialized international privacy matters or litigation support.
• Exceptional legal drafting abilities with a focus on precision, clarity, and the ability to simplify complex regulatory legalese.

FAQs