Director – Sr. Privacy and Product Counsel
Posted on 7/19/2023

501-1,000 employees

Personal genomics & biotechnology company
Company Overview
23andMe’s mission is to help people access, understand, and benefit from the human genome. The company has created the world’s largest crowdsourced platform for genetic research and is the only company with multiple FDA authorizations for genetic health risk reports. The company is also in development of discovery programs rooted in a diverse spectrum of human genetics to ultimately deliver reports and results from all spectrums of your DNA.

Company Stage


Total Funding





Sunnyvale, California

Growth & Insights

6 month growth


1 year growth


2 year growth

Sunnyvale, CA, USA
Experience Level
Desired Skills
Legal & Compliance
  • JD with excellent academic credentials and a member of the State Bar of California
  • 10+ years of privacy experience in a law firm, in-house or other legal role with a track record of providing practical business-friendly advice. CIPP/US/E certification preferred
  • 5+ years product counseling experience for innovative technology companies
  • People management experience -- proven experience managing, motivating, and developing a high-performing legal team
  • Expert knowledge of data protection and information security laws, rules and regulations in the US and globally, including CPRA, GIPA, and other state consumer and health privacy laws, GDPR, GINA, HIPAA, COPPA, and relevant rules and regulatory guidance related to mobile applications, as well as industry leading privacy and data protection practices and standards
  • Significant experience in successfully implementing and delivering on privacy-focused projects with efficiency, including data map, data privacy impact assessments and third party risk assessments, as well as in negotiating complex agreements involving personal data
  • Knowledge of online and offline advertising and marketing rules and regulations, including state consumer protection statutes, CAN-SPAM, TCPA and FTC guidelines pertaining to areas relevant to 23andMe's business, such as consumer advertising
  • Experience with data security, data breach, and data loss prevention tools and statutes
  • Experience and skill in responding to press inquiries and speaking on privacy matters
  • Experience with project management methodologies and tools is a strong plus
  • Demonstrated analytical skills as well as the ability to take disparate information and make strategic recommendations quickly
  • Demonstrated leadership with evidence of increasing management responsibility
  • Ability to develop and deliver presentations to senior management and influence others
  • Exceptional attention to detail and ability to get things done
  • Ego-free, team-first mentality
  • Exceptional verbal and written communicator
  • Excellent interpersonal skills, including relationship-building and collaboration
  • Ability to work from 23andMe's office in Sunnyvale, CA three days per week
  • Support the Privacy and Product counseling team in their partnerships with Product, Marketing, Research, Security, IT and other business teams to develop, implement, oversee and monitor 23andMe's privacy and data protection policies and procedures
  • Lead product counseling and cross-functional projects, including as related to data protection compliance, data governance, and privacy by design for new product launches and existing or additional initiatives
  • Responsible for assessment of how current and proposed laws impact business processes, reporting, record keeping, or other activities. Identify needs for introduction of new business processes and for consultations or training
  • Collaborate with contracts and procurement teams on vendor management program, including responsibility for creating policies, processes and templates and reviewing and negotiating contracts to support transactions involving customer, patient and/or research participant data
  • Develop strategies, tools, resources and frameworks enabling data use and healthcare delivery innovation while ensuring adherence to privacy best practices
  • Responsible for privacy and data protection risk assessments/audits and proactively monitoring and identifying opportunities, issues and risks. Develop appropriate mitigation plans in support of company risk management and internal audit deliverables
  • Member of the data protection governance committee, and responsible for incident response and resolution
  • Represent 23andMe's privacy and data protection interests with external parties
  • Develop and monitor performance metrics and plans for continuous improvement
  • Manage, motivate and develop the Privacy and Product Counsel team, fostering a collaborative and inclusive work environment