What will you be empowered to do?


Privacy Counsel

Sunnyvale, California, United States

We are seeking an exceptional Privacy Counsel who is passionate about advancing our mission: to help people access, understand and benefit from the human genome.  You will work in a very fast-paced, dynamic environment with a broad range of responsibilities to provide guidance to product, engineering and security teams on applicable global privacy regulations and incident response. 


Who We Are

Since 2006, 23andMe’s mission has been to help people access, understand, and benefit from the human genome. We are a group of passionate individuals pushing the boundaries of what’s possible to help turn genetic insight into better health and personal understanding.


What You'll Do

You will be responsible for providing privacy and incident response guidance across various areas of our business to support product, engineering, security, and other strategic initiatives.  Your work will include enhancing our incident response plans, leading all aspects of an investigation in the event of an incident, partnering with security on remediation measures and counseling cross-functional partners on global data breach notification requirements and communication plan strategies. We are looking for a leader with experience in the consumer and/or health industry who is eager to continue their growth in a cutting-edge business and will be agile and practical in providing excellent legal advice to support our teams in navigating the legal and regulatory landscape.

  • Serve as one of the main legal points of contact for privacy and security incidents, and collaborate closely with security and privacy teams on incident readiness processes to mitigate legal and security risk
  • Partner closely with security, IT, audit, product, engineering, privacy, and other stakeholders as needed to remediate any risks, implement best practices for our incident response protocols and risk management processes, provide legal guidance related to responsible vulnerability reporting
  • Proactively identify and recommend opportunities for operational improvement and initiatives, including execution in a cross-functional manner  
  • Support timely product launches and ongoing product compliance by providing legal advice to security, IT, audit, product, engineering, privacy, and other stakeholders to ensure 23andMe products, services, and technology delivered by those teams are compliant with applicable privacy and security laws, regulations, standards/controls, contractual obligations, and industry best practices
  • Draft and manage policies, procedures and processes related to 23andMe’s privacy information management system
  • Support and develop scalable privacy-driven audits (e.g., DPIA, Privacy Questionnaires, etc.), tabletops, and other privacy program initiatives
  • Lead as the legal representative during internal and external audits (e.g., ISO, etc.)
  • Advise on ongoing privacy program efforts, including data retention, data mapping initiatives, privacy engineering, and our privacy tools and systems
  • Maintain, build and/or improve the scalability and effectiveness of processes for providing legal input to stakeholders and partners and standards related to privacy by design, privacy engineering, incident response management, and other cross-platform projects
  • Create and provide guidance and training to legal team members, partners, and cross-functional stakeholders on incident response
  • Stay up-to-date on relevant U.S. and international laws and regulations, particularly those related to cybersecurity, privacy, data management, and other applicable areas


Who You Are

  • J.D. from accredited law school
  • 3+ years of relevant experience in top-tier law firm, government agency or in-house; in-house experience preferred. 
  • 2+ years of experience managing and responding to cyber incidents (either in-house or as outside counsel) and aligning cross-functional teams on a response plan, and/or data breach litigation experience
  • Member of the California bar
  • Experience identifying gaps and developing proactive strategies to enhance a company’s incident readiness strategy, including drafting and implementing new policies and protocols
  • Solid understanding and counseling experience with global privacy law requirements (e.g., GDPR, e-Privacy, CCPA, CPRA, etc.) and global cybersecurity laws, regulations, and standards (e.g., PCI, ISO, etc.)
  • Knowledge of information security frameworks and compliance (e.g., NIST and ISO 27001, 27018, and 27701)
  • Consistent track record of advising clients in the day-to-day operation of a business with expertise in conveying complex legal and risk concepts in “plain English” for both technical and legal colleagues  
  • Running executive-level tabletops with data breach hypotheticals
  • Ability and strong desire to effectively advise, develop relationships, and work collaboratively across stakeholders both within and outside of Privacy, and experience counseling information security, IT, and engineering teams
  • Excellent verbal and written communication skills, and the ability to effectively and proactively communicate with partners and stakeholders across the organization
  • Ability to organize, prioritize, and manage projects effectively
  • Go-getter - see an issue and find ways to fix it.  Willing to roll up your sleeves and DIY. Provides sound, practical advice, and finds creative ways to solve problems
  • Strong team player with risk awareness, and a customer service and growth mindset
  • Love working with people, and people love working with you


About Us

23andMe, headquartered in Sunnyvale, CA, is a leading consumer genetics and research company. Founded in 2006, the company’s mission is to help people access, understand, and benefit from the human genome. 23andMe has pioneered direct access to genetic information as the only company with multiple FDA authorizations for genetic health risk reports. The company has created the world’s largest crowdsourced platform for genetic research, with 80 percent of its customers electing to participate. The platform also powers the 23andMe Therapeutics group, currently pursuing drug discovery programs rooted in human genetics across a spectrum of disease areas, including oncology, respiratory, and cardiovascular diseases, in addition to other therapeutic areas. More information is available at www.23andMe.com.

At 23andMe, we value a diverse, inclusive workforce and we provide equal employment opportunity for all applicants and employees. All qualified applicants for employment will be considered without regard to an individual’s race, color, sex, gender identity, gender expression, religion, age, national origin or ancestry, citizenship, physical or mental disability, medical condition, family care status, marital status, domestic partner status, sexual orientation, genetic information, military or veteran status, or any other basis protected by federal, state or local laws.  If you are unable to submit your application because of incompatible assistive technology or a disability, please contact us at accommodations-ext@23andme.com. 23andMe will reasonably accommodate qualified individuals with disabilities to the extent required by applicable law.

Please note: 23andMe does not accept agency resumes and we are not responsible for any fees related to unsolicited resumes. Thank you.