What will you be empowered to do?


Data Privacy Officer and Sr. Product Counsel

Sunnyvale, California, United States

23andMe is seeking an exceptional and highly collaborative Data Privacy Officer and Sr. Product Counsel to join our team! 


Who We Are

Since 2006, 23andMe’s mission has been to help people access, understand, and benefit from the human genome. We are a group of passionate individuals pushing the boundaries of what’s possible to help turn genetic insight into better health and personal understanding.


About This Role

With a thorough understanding of 23andMe’s business and strategic priorities, you will lead the Privacy and Product Legal team and report to and collaborate with the General Counsel to ensure 23andMe maintains its focus on transparency and leadership in privacy, data protection, and legally compliant products. You will manage the team’s execution, which includes identifying and addressing the privacy, data use, data governance, and health law implications of cutting-edge products, marketing, research, and strategic initiatives. You will apply your technology, e-commerce, and healthcare knowledge and experience to guide the product development lifecycle, working with cross-functional stakeholders in a fast-paced environment. You will provide thought leadership on privacy and technology policy and work closely with internal and external parties on policy and government affairs matters.

This role will be based in our Sunnyvale, CA headquarters and report to the General Counsel. The role may be remote for the appropriate candidate.


What You’ll Do

  • Develop and enhance the company’s privacy and data governance policies, standards and practices, including compliance with laws in the U.S. and globally.
  • Build, manage, and motivate the Privacy and Product Legal team, fostering a collaborative and inclusive work environment.
  • Support Product, Marketing, Research, Security, IT, and other business teams to develop and implement solutions that comply with 23andMe’s privacy and data protection policies and procedures. 
  • Coordinate with Product and Engineering teams, including ensuring privacy by design, data governance, and healthcare compliance for product launches and initiatives.
  • Assess how current and proposed laws and regulations impact business processes, reporting, record keeping, and other activities. Identify the need for, and advise on the introduction of new business processes, consultations, or training.
  • Collaborate with contracts, procurement, and business development teams, including responsibility for creating policies, processes, and templates and reviewing and negotiating contracts to support transactions involving customer, patient, and/or research participant data.
  • Develop strategies, tools, resources, and frameworks enabling data use and healthcare delivery innovation while ensuring adherence to applicable standards.
  • Perform/oversee privacy and data protection risk assessments and proactively monitor and identify opportunities, issues, and risks. Develop mitigation plans to support company risk management and internal audit reporting.
  • Member of the data protection governance committee, as well as incident response and resolution leadership.
  • Represent 23andMe’s privacy and data protection interests with external parties.
  • Develop, monitor, remediate, and report performance metrics for privacy and data protection.


 What You'll Bring

  • JD with excellent academic credentials and a member of a U.S. state bar, preferably including the State Bar of California.
  • 10+ years of privacy experience in a law firm, in-house, or other legal role with a track record of providing practical business-friendly advice. CIPP/US/E certification preferred.
  • 5+ years of product counseling experience for innovative technology and/or health data companies.
  • People management experience  -- proven experience managing, motivating, and developing a high-performing legal team.
  • Expert knowledge of data protection and information security laws, rules, and regulations in the US and globally, including CPRA and other state consumer privacy laws, COPPA, privacy practice under the FTC Act, and GDPR, as well as leading privacy and data protection practices and standards.
  • Significant experience successfully implementing privacy-focused projects with efficiency, including data mapping, data privacy impact assessments, and third-party risk assessments, as well as in negotiating complex agreements involving personal data. 
  • Knowledge of online and offline advertising and marketing rules and regulations, including state consumer protection statutes, CAN-SPAM, TCPA, and FTC guidelines pertaining to 23andMe’s business.
  • Experience with health privacy laws, including GINA and HIPAA, as well as associated privacy and data protection practices and standards.
  • Experience with data security, data breaches, and data loss prevention, including knowledge of relevant laws and regulations.
  • Experience and skill in responding to press inquiries and speaking on privacy matters.
  • Experience with project management methodologies and tools is a strong plus.
  • Demonstrated analytical skills as well as the ability to take disparate information and make strategic recommendations quickly.
  • Demonstrated leadership with evidence of increasing management responsibility.
  • Ability to develop, deliver presentations to and influence senior management.
  • Exceptional attention to detail and ability to get things done.
  • Ego-free, team-first mentality.
  • Exceptional verbal and written communicator.
  • Excellent interpersonal skills, including relationship-building and collaboration.


About Us

Headquartered in Sunnyvale, California, 23andMe is a genetics-led consumer healthcare and biopharmaceutical company empowering a healthier future. Founded in 2006, the company’s mission is to help people access, understand, and benefit from the human genome. 23andMe has pioneered direct access to genetic information as the only company with multiple FDA authorizations for genetic health risk reports. The company has created the world’s largest crowdsourced platform for genetic research, with 80 percent of its customers electing to participate. The platform also powers the 23andMe Therapeutics group, currently pursuing drug discovery programs rooted in human genetics. More information is available at www.23andMe.com.

At 23andMe, we value a diverse, inclusive workforce and we provide equal employment opportunity for all applicants and employees. All qualified applicants for employment will be considered without regard to an individual’s race, color, sex, gender identity, gender expression, religion, age, national origin or ancestry, citizenship, physical or mental disability, medical condition, family care status, marital status, domestic partner status, sexual orientation, genetic information, military or veteran status, or any other basis protected by federal, state or local laws.  If you are unable to submit your application because of incompatible assistive technology or a disability, please contact us at accommodations-ext@23andme.com. 23andMe will reasonably accommodate qualified individuals with disabilities to the extent required by applicable law.

Please note: 23andMe does not accept agency resumes and we are not responsible for any fees related to unsolicited resumes. Thank you.

Pay Transparency
23andMe takes a market-based approach to pay, and amounts will vary depending on your geographic location. The salary range reflected here is for a candidate based in the San Francisco Bay Area.  The successful candidate’s starting pay will be determined based on job-related skills, experience, qualifications, work location, and market conditions. These ranges may be modified in the future.
San Francisco Bay Area Base Pay Range
$273,000$409,000 USD