Join our gene pool.
Legal and Regulatory Affairs
Mountain View, California, United States
23andMe is focused on maintaining a trusted position with regard to genetic information and data stewardship, including health data contributed by customers. We believe that the customer data we hold belongs to them - our customers, and those we must act as a responsible steward of that data. Our goal is that every 23andMe customer trusts us with their data.
With a thorough understanding of 23andMe’s business strategies and strategic priorities, you will identify the implications of product, marketing, business development and research initiatives on privacy and data use, technology architecture and standards and data governance, to ensure 23andMe implements sound decision-making and maintains its focus on transparency and mindfulness of privacy and data protection matters. You will be responsible for ensuring that 23andMe has adopted a comprehensive and effective privacy program, and will conduct privacy education and training at all levels of the company. You will lead on privacy strategies, be an integral cross-functional team player, work closely with internal and external parties on related compliance, policy and governmental affairs matters and manage all internal and external privacy and data protection programs and policies, in the US and abroad.Who we are
Since 2006, 23andMe’s mission has been to help people access, understand, and benefit from the human genome. We are a group of passionate individuals pushing the boundaries of what’s possible to help turn genetic insight into better health and personal understanding.
What you'll do
- Serve as Privacy Officer for 23andMe.
- Manage and provide leadership for the privacy function and staff.
- Represent the organization’s privacy and data protection interests with external parties.
- Develop, implement, oversee and monitor 23andMe’s privacy and data protection policies and procedures to ensure that business activities are consistent with them.
- Assess how current and proposed regulations impact business processes, reporting functions, record keeping, or other activities. Assess needs for introduction of new business processes and for consultations or training.
- Conduct critical analysis and articulate how the external environment influences privacy and data laws, regulations, and best practices that impact 23andMe’s businesses.
- Drive complex projects and lead cross-functional teams in setting and managing milestones and deliverables to achieve stated outcomes.
- Proactively ensure 23andMe privacy policies and practices are included in development of product offerings and business processes including, marketing, market research, customer support, and other operational mechanisms and performance measures.
- Ensure that 23andMe’s policies and procedures regarding the privacy and confidentiality of health information are kept up to date and are tailored to 23andMe’s business model.
- Develop strategies, tools, resources and frameworks enabling data use innovation throughout the company while ensuring operational privacy compliance.
- Apply innovation and process improvement skills to implement effective and efficient solutions to privacy and data.
- In collaboration with IT and Security, conduct privacy and data protection risk assessments/audits and monitoring to identify opportunities, issues and risks and develop appropriate mitigation plans in support of 23andMe Risk Management and Internal Audit deliverables.
- Serve as Privacy lead on data incident response and resolution teams; work across the organization to assess privacy events or potential data breaches and determine appropriate response.
Who you are
- JD with excellent academic credentials.
- Member of the California bar.
- +8 years of privacy experience in a law firm, in-house or other legal environment with a track record of providing practical business-friendly advice and management of other attorneys and staff.
- CIPP certification required.
- Expert knowledge of data protection and information security laws, rules and regulations in the US and globally, including EU GDPR, as well as industry leading-practices and standards, US federal and state privacy laws and regulations including the Genetic Information Nondiscrimination Act (GINA), Fair Credit Reporting Act (FCRA), Health Information Portability and Accountability Act (HIPAA), California Online Privacy Protection Act, Children’s Online Privacy Protection Act (COPPA), and relevant rules and regulatory guidance related to mobile applications.
- Knowledge of online and offline advertising and marketing rules and regulations, such as state consumer protection statutes, CAN-SPAM, Telephone Consumer Protection Act (TCPA), Telemarketing Sales Rules (TSR), and FTC marketing guidelines pertaining to areas such as deceptive advertising and endorsements/testimonials.
- Knowledge of and experience with data security, data breach, and data loss prevention tools and statutes.
- Experience and skill in responding to press inquiries and public speaking as an expert on wide range of global privacy matters.
- Demonstrated analytical skills as well as the ability to take disparate information and make strategic recommendations quickly.
- Experience with FDA regulatory issues related to privacy, including government requirements for compliance programs preferred.
- Demonstrated leadership with evidence of increasing management responsibility throughout career history.
- Ability to develop and deliver presentations to senior management and influence others
- Exceptional attention to detail and ability to get things done.
- Strong organizational, coordination, multi-tasking, and process improvement capabilities to work with functional groups across the organization including Business Development, Marketing, and Research.
23andMe, Inc. is the leading consumer genetics and research company. Our mission is to help people access, understand and benefit from the human genome. The company was named by MIT Technology Review to its “50 Smartest Companies, 2017” list, and named one of Fast Company’s “25 Brands That Matter Now, 2017”. 23andMe has over 5 million customers worldwide, with ~85 percent of customers consented to participate in research. 23andMe is located in Mountain View, CA. More information is available at www.23andMe.com.
At 23andMe, we value a diverse, inclusive workforce and we provide equal employment opportunity for all applicants and employees. All qualified applicants for employment will be considered without regard to an individual’s race, color, sex, gender identity, gender expression, religion, age, national origin or ancestry, citizenship, physical or mental disability, medical condition, family care status, marital status, domestic partner status, sexual orientation, genetic information, military or veteran status, or any other basis protected by federal, state or local laws. If you are unable to submit your application because of incompatible assistive technology or a disability, please contact us at firstname.lastname@example.org. 23andMe will reasonably accommodate qualified individuals with disabilities to the extent required by applicable law.
Please note: 23andMe does not accept agency resumes and we are not responsible for any fees related to unsolicited resumes. Thank you.