Job Description and Responsibilities Neuralink is hiring an Associate General Counsel to build and lead the company's privacy and compliance program end-to-end. You will own the privacy strategy across our most sensitive data - neural recordings, clinical trial data, and the health information of the patients we serve - and stand up the compliance program that governs how Neuralink interacts with clinical investigators, physicians, hospitals, patients, and federal healthcare programs.
You will report to the General Counsel and partner closely with Clinical, Regulatory, and Engineering. You will set the privacy and compliance posture, design the program, and translate complex global obligations into clear guardrails the team can move quickly within. We are looking for an operator-attorney who is excited to roll up their sleeves, not someone who wants to manage a program from a distance.
As our Associate General Counsel, Privacy & Compliance, you will: - Lead Neuralink's privacy program across the United States and international jurisdictions, including governance, policies, training, vendor diligence, incident response, and data subject rights.
- Serve as the company's subject-matter authority on HIPAA and clinical trial data. Partner with Clinical, Regulatory, and research ethics committee liaisons to ensure informed consent, BAAs, and study protocols are aligned with patient privacy expectations, best practices, and regulatory requirements.
- Own global privacy compliance and the full set of US state privacy laws. Drive privacy compliance for new market entry as Neuralink expands clinical trials and product availability internationally.
- Drive Privacy by Design with Product and Engineering, including conducting PIAs and DPIAs for new features and clinical study protocols, advising on data minimization and retention, and helping engineering teams ship faster by giving clear, early, implementable guidance.
- Lead vendor privacy reviews and DPA negotiations, including BAAs, SCCs, transfer impact assessments, and subprocessor management, and own the data flow map for the company.
- Maintain the company's privacy notices, internal data handling standards, employee privacy policies, and DSAR/data rights response process.
- Lead the privacy incident response function in partnership with Security; own breach assessment, notification analysis, and regulator-facing communications.
- Lead Neuralink's healthcare compliance program, including the policies, training, monitoring, auditing, and reporting infrastructure of a company operating in a federally regulated healthcare environment (OIG Seven Elements framework).
- Advise on interactions with healthcare professionals, hospitals, and clinical investigators, including AdvaMed Code adherence, Sunshine Act reporting, state HCP-interaction laws
- Track and translate regulatory developments and enforcements into concrete operational changes.
Key Qualifications - A J.D. from an accredited law school and active membership in at least one state bar (California or Texas preferred).
- Privacy experience at a medical device company or high-growth health technology company (e.g., digital health, wearable tech, or life science company specializing in devices or advanced clinical data systems).
- A minimum of 10 years of privacy-focused legal practice, with substantial in-house experience leading a privacy program. CIPP/US and CIPP/E (or equivalent) strongly preferred.
- Deep, hands-on expertise with HIPAA (Privacy, Security, and Breach Notification Rules), including BAA negotiation and the privacy dimensions of clinical research (IRB processes, informed consent).
- Demonstrated command of GDPR, UK GDPR, and the US state privacy law landscape, including international data transfers and DPO/representative obligations.
- Track record of running Privacy by Design with engineering and product teams - PIAs, DPIAs, data mapping, and embedding privacy into product development.
- Strong contracts background: DPAs, BAAs, vendor privacy provisions.
- Operational fluency. You can build a program, not just advise on one. You have personally stood up policies, processes, and tooling, and you know how to measure whether they're working.
- Excellent judgment under ambiguity. You can take a novel question with no clean regulatory analog and produce a clear, defensible answer that the business can act on.
- Clear writing, rigor, and direct communication. You can translate privacy law into guidance engineers and clinicians can actually use.
Preferred Qualifications - Familiarity with the privacy issues unique to neural, biometric, and other sensitive categories of data.
- Working knowledge of AI/ML governance and the privacy interplay with model training data, including EU AI Act obligations.
- Experience supporting international expansion (clinical trial site activation, data localization, cross-border transfers).
- Comfort engaging directly with regulators.
- Experience running a compliance hotline and privileged internal investigations, and evaluating OIG/CMS self-disclosure pathways.
Expected Compensation:The anticipated base salary for this position is expected to be within the following range. Your actual base pay will be determined by your job-related skills, experience, and relevant education or training. We also believe in aligning our employees' success with the company's long-term growth. As such, in addition to base salary, Neuralink offers equity compensation (in the form of Restricted Stock Units (RSU)) for all full-time employees.
Base Salary Range:
$190,000-$316,000 USD
What We Offer:Full-time employees are eligible for the following benefits listed below.
- An opportunity to change the world and work with some of the smartest and most talented experts from different fields
- Growth potential; we rapidly advance team members who have an outsized impact
- Excellent medical, dental, and vision insurance through a PPO plan
- Paid holidays
- Commuter benefits
- Meals provided
- Equity (RSUs) *Temporary Employees & Interns excluded
- 401(k) plan *Interns initially excluded until they work 1,000 hours
- Parental leave *Temporary Employees & Interns excluded
- Flexible time off *Temporary Employees & Interns excluded
