Sr Counsel - Privacy & Technology

Description & Requirements

Join our dynamic legal team as a Senior Counsel - Privacy and Technology, where you'll play a pivotal role in shaping and leading enterprise-wide privacy compliance strategies.

In this highly visible position, you'll serve as a subject matter expert on state consumer privacy laws, guiding data governance programs, advising senior leadership, and embedding privacy-by-design principles across the business.

You'll also take ownership of drafting and negotiating complex contracts with a focus on privacy and data protection, managing privacy impact assessments and global data transfers, and ensuring our policies and statements remain current with evolving regulations.

This is a strategic opportunity for an experienced attorney to make a direct impact on how we manage data responsibly, partner with stakeholders across the enterprise, and navigate the rapidly evolving privacy landscape.

Essential Duties and Responsibilities:
- State Consumer Privacy Rights Program Management: Serve as a subject matter expert on state consumer privacy laws, shaping enterprise-wide data governance and compliance strategies.

Lead the implementation and ongoing management of the corporate state consumer privacy rights program, including policy development and cross-functional coordination.

Collaborate with internal stakeholders to design and maintain technological and administrative solutions that support privacy compliance.

Monitor regulatory developments and proactively advise senior leadership to ensure program alignment with evolving state-specific privacy laws (e.g., CCPA/CPRA, VCDPA, CPA, etc.).
- Contractual and Transactional Support: Independently review and negotiate complex contracts, subcontracts, licensing agreements, and other legal documents.

Identify privacy and data protection requirements, assess risks, and recommend strategic contract mitigations.

Provide strategic, enterprise-level legal guidance on technology transactions and vendor engagements involving personal data.
- Privacy Impact Assessments, Transfer Impact Assessments, Records of Processing Activities: Lead and oversee Privacy Impact Assessments (PIAs) and Transfer Impact Assessments (TIAs).

Maintain and update Records of Processing Activities (RoPAs) in accordance with global privacy regulations.

Partner with the global privacy operations team to manage cross-border data transfers, ensuring compliance with UK GDPR, SCCs, and other international frameworks.

Collaborate with other functional areas, including IT, Security, Procurement, Contracts, and Compliance to embed privacy-by-design principles in enterprise systems and processes.

Serve as a strategic advisor and provide training and guidance to internal teams on privacy and data protection issues.
- Draft and Manage Website Privacy Statements: Draft and manage website privacy statements and policies as required by federal or state law.

Independently monitor legal developments and update public-facing statements ...