Cybersecurity Counsel

We are currently hiring a Cybersecurity Counsel to join our growing Privacy Legal team. As a part of this team, you will contribute insights and guidance on various cybersecurity issues, encompassing laws, regulations, incidents, and policies.

Role is based in our San Mateo, CA office on a hybrid model (Tuesday-Thursday) #LI-Hybrid

You will:

• Assist in advising on global and domestic cybersecurity and data privacy laws, regulations, and industry standard processes for cybersecurity.
• Stay informed about relevant cybersecurity and data privacy laws and regulations and industry standards to support the team in providing sound compliance advice.
• Support the analysis and interpretation of evolving cybersecurity and data privacy legislation, regulations, and enforcement actions, and help translate this analysis into clear, concise, and actionable guidance.
• Support the Detection and Response Team, including providing impact analysis, notification obligations, post incident retrospectives, and proposing guidance on repair items.
• Provide legal support for a wide range of low-to-medium severity incidents across the organization, covering areas such as Safety, AI/ML, Privacy, Compliance, Platform Reliability, Communications/PR, User Experience, Anti-Money Laundering (AML), Policy, and Law Enforcement Engagement.
• Support legal-security initiatives related to supply chain risk management, including vendor due diligence, security provisions in contracts, and reviewing compliance attestations.
• Support updating legal incident response policies.
• Work cross-functionally with other counsel, including commercial, product, regulatory, employment, and securities.
• Assist in providing insights and recommendations on internal company cybersecurity and data privacy policies in collaboration with Information Security.
• Develop expertise in cybersecurity and data privacy to give inputs into Quantified Risk assessments.

You have:

• 2+ years of data security, data privacy, data protection, and governance experience.
• JD from an ABA-accredited law school; active U.S. state bar membership (California preferred)
• Ability to educate cross-functional partners on attorney-client privilege, privacy, regulatory, commercial, and security issues.
• Understanding of cybersecurity and data privacy regulations and frameworks, such as GDPR, NIS2, SEC Cybersecurity Rule, CCPA, COPPA, NIST CSF, and PCI.
• Experience or shown curiosity about the following areas:
  • Handling supply chain risk management practices, including assessing legal risk in due diligence and vendor compliance initiatives.
  • Collaborating with Information Security teams, including running low-to-medium severity incidents with the Detection and Response Team, providing legal support to a Bug Bounty program, and offering legal expertise for compliance initiatives in Governance, Risk, and Compliance.
  • Leading legal support for a wide range of low-to-medium severity incidents across the organization, covering areas such as Safety, AI/ML, Privacy, Compliance, Platform Reliability, Communications/PR, User Experience, Anti-Money Laundering (AML), Policy, and Law Enforcement Engagement.
  • Supporting global data protection and security requirements.
  • Providing legal support for diverse incidents, including safety, AI/ML, privacy, AML, platform reliability, communications, and law enforcement engagement.
• Training at a major national law firm; in-house experience highly valued.
• Experience handling domestic and international law enforcement requests