Who we are
Since 2006, 23andMe’s mission has been to help people access, understand, and benefit from the human genome. We are a group of passionate individuals pushing the boundaries of what’s possible to help turn genetic insight into better health and personal understanding.
What you’ll do
With a thorough understanding of 23andMe’s business and strategic priorities, you will identify the implications of product, marketing, research and other initiatives on privacy and data use, technology architecture and standards and data governance, to ensure 23andMe maintains its focus on transparency and leadership in privacy and data protection. You will support the continued growth of 23andMe’s comprehensive privacy and data protection program, including conducting education and training at all levels of the company. You will be a key player in leading privacy strategies, be an integral cross-functional team player, work closely with internal and external parties on compliance, policy and government affairs matters.
- Partner closely with Security, IT, product and other business teams to develop, implement, oversee and monitor 23andMe’s privacy and data protection policies and procedures.
- Assess how current and proposed laws impact business processes, reporting, record keeping, or other activities. Identify needs for introduction of new business processes and for consultations or training.
- Lead cross-functional projects related to data governance, data protection and privacy by design.
- Lead vendor management program, including responsibility for creating policies, processes and templates to support transactions.
- Ensure 23andMe privacy policies and practices are included in development of product offerings and business processes including, marketing, market research, customer support, and other operational mechanisms and performance measures.
- Develop strategies, tools, resources and frameworks enabling data use innovation while ensuring adherence to privacy best practices.
- Together with Security, lead privacy and data protection risk assessments/audits and monitoring to identify opportunities, issues and risks and develop appropriate mitigation plans in support of company risk management and internal audit deliverables.
- Serve on data incident response and resolution teams; work across the organization to assess incidents and determine appropriate response.
- Represent the organization’s privacy and data protection interests with external parties.
- Provide leadership for the Privacy team.
- What you’ll bring
- JD with excellent academic credentials.
- Member of the California bar.
- +6 years of privacy experience in a law firm, in-house or other legal role with a track record of providing practical business-friendly advice.
- CIPP/US/E certification preferred.
- Expert knowledge of data protection and information security laws, rules and regulations in the US and globally, including CCPA, GDPR,
- Genetic Information Nondiscrimination Act, FCRA, HIPAA, COPPA, and relevant rules and regulatory guidance related to mobile applications, as well as industry leading privacy and data protection practices and standards.
- Knowledge of online and offline advertising and marketing rules and regulations, including state consumer protection statutes, CAN-SPAM,
- Telephone Consumer Protection Act and FTC guidelines pertaining to areas relevant to 23andMe’s business, such as consumer advertising.
- Knowledge of and experience with data security, data breach, and data loss prevention tools and statutes.
- Experience and skill in responding to press inquiries and speaking on privacy matters.
- Demonstrated analytical skills as well as the ability to take disparate information and make strategic recommendations quickly.
- Experience with FDA regulatory issues related to privacy, including government requirements for compliance programs preferred.
- Demonstrated leadership with evidence of increasing management responsibility.
- Ability to develop and deliver presentations to senior management and influence others.
- Exceptional attention to detail and ability to get things done.
- Strong organizational, coordination, multi-tasking, and process improvement capabilities.
- Excellent interpersonal skills, including relationship building and collaboration.
- Excellent verbal and written communicator.