Corporate Counsel, Privacy
Corporate Counsel, Privacy
- Location: Distributed, US
Elastic is a search company with a simple goal: to solve the world’s data problems with products that delight and inspire. As the creators of the Elastic Stack, we help thousands of organizations including Cisco, eBay, Grab, Goldman Sachs, ING, Microsoft, NASA, The New York Times, Wikipedia, and many more use Elastic to power mission-critical systems. From stock quotes to Twitter streams, Apache logs to WordPress blogs, our products are extending what’s possible with data, delivering on the promise that good things come from connecting the dots. We have a distributed team of Elasticians across 30+ countries (and counting), and our diverse open source community spans over 100 countries. Learn more at elastic.co
We seek to hire a Corporate Counsel, Privacy to join our legal department in this fast growing, truly globally distributed company. This is an optionally remote position that will be ideal for a self-sufficient and resourceful mid-level attorney.
What You Will Be Doing:
- Serve as the privacy subject matter expert to the company and provide strategic and practical counsel to company-wide stakeholders on privacy and data governance principles and requirements.
- Work with leaders within the legal, information security, product and marketing teams to develop, implement and improve our data privacy program. Develop, maintain and deliver privacy training, communication and awareness materials. Monitor privacy and data protection laws and enforcement activities and update the program and/or implement initiatives to maintain compliance with applicable laws.
- Assume a knowledge leadership role within the legal team on all privacy and data protection matters across the legal team. This includes training the legal team on the negotiation, drafting and review of privacy and data processing contract terms and acting as an escalation point for privacy-related matters. This also includes working with the legal team to maintain updated templates and playbooks and providing guidance on privacy standards applicable to Elastic’s delivery of products and services.
- Support our marketing team with a focus on all aspects of data privacy associated with lead generation and management. This includes advising and counseling on relevant legal principles worldwide and collaborating with the marketing team to achieve lead generation goals while staying compliant with applicable data privacy and protection laws.
- Advise and support our engineering, products and services teams on the implementation of key data protection principles (e.g., purpose limitation, data minimization, transparency, etc.) consistent with the company focus on quality, responsiveness and continuous improvement of our products and services.
- Serve as primary contributor for review of all data privacy matters related to vendor agreements. This includes participating in vendor privacy due diligence assessments and training the vendor legal team on the analysis and negotiation of data privacy matters related to vendor agreements and/or reviewing and negotiation vendor data privacy provisions and DPAs.
- Assume a knowledge leadership role within the legal team on all privacy and data protection matters across the legal team. This includes serving as the primary point of escalation for all privacy matters relating to deals as well as providing guidance on privacy standards applicable to Elastic’s legal templates and negotiation fallback positions.
- Develop a collaborative and trusted relationship with our information security team. This includes coordinating the escalation of contractual provisions that require InfoSec review and providing timely assistance in attaining and maintaining our essential security credentials (SOC2, ISO 27001, FEDRAMP, etc.) and assisting in response to data security incidents.
- Maintain our public facing privacy statements. These include our general privacy statement, product privacy statement, cookie statement, candidate privacy statement and California and/or EU privacy statements.
- Work with our HR and InfoSec team to develop, implement and communicate privacy policies relevant to our handling of personal data of applicants, employees and customers. This will include providing guidance and training based on regional privacy requirements and/or relevant operational roles.
What You Will Bring:
Expertise and relevant experience in data privacy matters. Your data privacy experience includes data privacy program management, advising on data protection and privacy matters, negotiating data processing agreements and working collaboratively across multiple teams to build consensus on data privacy matters. You have excellent judgment, are able to balance competing demands on your time, independently function in a fast-paced environment, and can handle ambiguity and rapidly shifting priorities with flexibility, patience and humor. We’re looking for someone with the ability to learn quickly and enthusiastically with great interpersonal skills, who is effective at collaborating across multiple teams and building strong relationships with stakeholders.
In Addition to:
- Juris Doctor degree from a top law school;
- 5 to 7 years of related experience preferably including experience in a top law firm advising rapidly-growing technology companies and in-house at a rapidly-growing technology company supporting data privacy and protection functions.
- Solid understanding and ability to interpret and implement relevant data protection laws and regulations, including GDPR, PIPEDA, HIPAA, GLB and CCPA;
- Completion of one or more privacy and/or data protection related certification programs (e.g., CIPP/E. CIPM, etc.);
- Solid understanding and interest in information security principles and requirements and in integrating applicable security standards (SOC, ISO 27001, FEDRAMP) with the information security requirements of a privacy program;
- An enthusiasm for training, team building, collaboration and process development combined with a willingness to learn and teach tools for managing complex data flows;
- Experience and confidence with negotiating complex data privacy and information security issues and with teaching others how to do so; and
- A strong work ethic and the ability to prioritize and drive to results with a high emphasis on quality and professionalism.