Legal and Regulatory Affairs

Senior Privacy Counsel

Sunnyvale, California, United States

23andMe is focused on maintaining its trusted position with regard to genetic information and data stewardship, including health information contributed by customers. We believe that the customer data we hold belongs to them - our customers, and that we must act as a responsible steward of that data.

Who we are
Since 2006, 23andMe’s mission has been to help people access, understand, and benefit from the human genome. We are a group of passionate individuals pushing the boundaries of what’s possible to help turn genetic insight into better health and personal understanding.

What you’ll do
With a thorough understanding of 23andMe’s business and strategic priorities, you will identify the implications of product, marketing, research and other initiatives on privacy and data use, technology architecture and standards and data governance, to ensure 23andMe maintains its focus on transparency and leadership in privacy and data protection. You will support the continued growth of 23andMe’s comprehensive privacy and data protection program, including conducting education and training at all levels of the company. You will be a key player in leading privacy strategies, be an integral cross-functional team player, work closely with internal and external parties on compliance, policy and government affairs matters.

  • Partner closely with Security, IT, product and other business teams to develop, implement, oversee and monitor 23andMe’s privacy and data protection policies and procedures.
  • Assess how current and proposed laws impact business processes, reporting, record keeping, or other activities. Identify needs for introduction of new business processes and for consultations or training.
  • Lead cross-functional projects related to data governance, data protection and privacy by design.
  • Lead vendor management program, including responsibility for creating policies, processes and templates to support transactions.
  • Ensure 23andMe privacy policies and practices are included in development of product offerings and business processes including, marketing, market research, customer support, and other operational mechanisms and performance measures.
  • Develop strategies, tools, resources and frameworks enabling data use innovation while ensuring adherence to privacy best practices.
  • Together with Security, lead privacy and data protection risk assessments/audits and monitoring to identify opportunities, issues and risks and develop appropriate mitigation plans in support of company risk management and internal audit deliverables.
  • Serve on data incident response and resolution teams; work across the organization to assess incidents and determine appropriate response.
  • Represent the organization’s privacy and data protection interests with external parties.
  • Provide leadership for the Privacy team.

    What you’ll bring
  • JD with excellent academic credentials.
  • Member of the California bar.
  • +6 years of privacy experience in a law firm, in-house or other legal role with a track record of providing practical business-friendly advice.
  • CIPP/US/E certification preferred.
  • Expert knowledge of data protection and information security laws, rules and regulations in the US and globally, including CCPA, GDPR,
  • Genetic Information Nondiscrimination Act, FCRA, HIPAA, COPPA, and relevant rules and regulatory guidance related to mobile applications, as well as industry leading privacy and data protection practices and standards.
  • Knowledge of online and offline advertising and marketing rules and regulations, including state consumer protection statutes, CAN-SPAM,
  • Telephone Consumer Protection Act and FTC guidelines pertaining to areas relevant to 23andMe’s business, such as consumer advertising.
    Knowledge of and experience with data security, data breach, and data loss prevention tools and statutes.
  • Experience and skill in responding to press inquiries and speaking on privacy matters.
  • Demonstrated analytical skills as well as the ability to take disparate information and make strategic recommendations quickly.
  • Experience with FDA regulatory issues related to privacy, including government requirements for compliance programs preferred.
  • Demonstrated leadership with evidence of increasing management responsibility.
  • Ability to develop and deliver presentations to senior management and influence others.
  • Exceptional attention to detail and ability to get things done.
  • Strong organizational, coordination, multi-tasking, and process improvement capabilities.
  • Excellent interpersonal skills, including relationship building and collaboration.
  • Excellent verbal and written communicator.


About Us

23andMe, Inc. is the leading consumer genetics and research company. Founded in 2006, the mission of the company is to help people access, understand, and benefit from the human genome. The company was named by Glassdoor as one of the Best Places to Work in 2019, MIT Technology Review to its “50 Smartest Companies, 2017” list, and named one of Fast Company’s “25 Brands That Matter Now, 2017”. 23andMe has millions of customers worldwide, with more than 80 percent of customers consented to participate in research. 23andMe, Inc. is located in Sunnyvale, CA. More information is available at

At 23andMe, we value a diverse, inclusive workforce and we provide equal employment opportunity for all applicants and employees. All qualified applicants for employment will be considered without regard to an individual’s race, color, sex, gender identity, gender expression, religion, age, national origin or ancestry, citizenship, physical or mental disability, medical condition, family care status, marital status, domestic partner status, sexual orientation, genetic information, military or veteran status, or any other basis protected by federal, state or local laws.  If you are unable to submit your application because of incompatible assistive technology or a disability, please contact us at 23andMe will reasonably accommodate qualified individuals with disabilities to the extent required by applicable law.

Please note: 23andMe does not accept agency resumes and we are not responsible for any fees related to unsolicited resumes. Thank you.