ACC is committed to compliance with all applicable equal employment laws. ACC In-house Jobline listings may not explicitly or implicitly discriminate on the basis of any prohibited factor.
Listings on the ACC In-house Jobline are for in-house attorney positions only. While we do not accept non-attorney corporate job listings, if you are hiring a corporate legal operations professional, contact LawDepartmentOps@ACC.com. By posting a job on the ACC In-house Jobline or using the service as a job seeker, you are agreeing to comply with our Terms and Conditions, including those relating to discrimination. The system administrator may delete postings, which do not comply. Employer postings removed by ACC are not subject to refund.
We are very interested in your thoughts as we continue to develop the ACC In-House Jobline to better serve your needs. If you have questions about ACC In-house Jobline, please call our helpdesk at: 1-888-491-8833 Ext. 1125 (Extension Required).
Earning and maintaining trust is paramount to our work here at CZI, and one key component of this trust is being responsible data stewards. We practice this by building privacy and security into all of our work from day one - privacy and security by design - and we’re looking for someone to lead the legal side of this critical trust-building function.
As CZI’s first Privacy Lead, you will be a key member of CZI’s growing Legal team. You will be both (a) a strategic thinker and thought leader who looks into and helps create the future and (b) an implementer who partners with teams like technology and data science to create systems and practices that help safeguard the privacy of our community and partners.
You will help teams manage issues across a wide range of regulatory regimes (e.g. GDPR, HIPAA, FERPA, COPPA), legal work product outputs (e.g. DPIAs, internal documentation tools, external privacy notices), and with many partners, cross-functionally internally (e.g. policy, communications, security, infrastructure, senior leadership) as well as externally (e.g. outside counsel, counterparts at partner and grantee institutions).
In short, you will help create and deploy next-generation privacy and security strategies on the ground floor of a highly innovative, collaborative, fast-moving, and unique organization focused on social impact.
Work with senior leaders across the organization in Engineering, Policy, and Communications to lead the CZI Privacy and Security program, which is an organization-wide approach to data privacy and privacy-focused product development
Lead our company-wide GDPR compliance efforts (Data Protection Impact Assessments, Documentation of Data Processing, developing and rolling out internal tooling, managing inbound privacy queries, etc)
Analyze and translate privacy regimes such as HIPAA into technical and infrastructural requirements
Closely work with the information security and infrastructure teams to design, implement, and manage organizational policies and practices regarding data management, retention, and incident response
Develop training content and conduct regular trainings to establish culture of data protection compliance
Work with cross-functional partners to ensure Privacy and Security by design on CZI products
Partner with the venture investing team on privacy-related diligence for potential investments or acquisitions
Maintain current and up-to-date knowledge of applicable state, federal and international privacy/data security laws, regulations and accreditation standards, and monitor changes and advancements in information privacy and data security technologies to ensure organizational adaptation and compliance
Interface with and represent CZI with external partners and NGO’s
Manage and develop partnerships with trusted outside counsel on all of the above issues
7+ years experience as privacy-focused product counsel, privacy counsel, or privacy officer at organizations with complex products and associated data protection concerns
A proven ability to anticipate and grapple with legal, technical, and political challenges that innovation may pose to traditional notions of privacy
Experience or general fluency working in multiple content areas, including education, science, and health and associated privacy regulatory frameworks (FERPA, HIPAA, COPPA, GDPR, etc)
Proven ability to communicate clearly about complex data privacy and data protection issues with both legal and non-legal stakeholders
Experience developing processes and controls for risk mitigation with engineering and product teams, including the cross functional implementation of the processes and controls
Proven ability to work in a highly matrixed and growing organization in a fast-changing environment
A learning and growth mindset, humility, and someone who is mission oriented
Experience and/or passion in education, science, or social justice spaces
Sense of humor, initiative, and an ability to roll up your sleeves while thinking strategically and creatively
Employer will assist with relocation costs.
About Chan Zuckerberg Initiative
The Chan Zuckerberg Initiative is dedicated to advancing human potential and promoting equal opportunity through technology, grantmaking, impact investing, policy, and advocacy work. We look for bold ideas — regardless of structure and stage — and help them scale by pairing world-class engineers with subject matter experts to build tools that accelerate the pace of social progress.