23andMe is focused on maintaining a trusted position with regard to genetic information and data stewardship, including health data supplied by customers. We believe that the customer data we hold belongs to them - our customers, and it is our duty to act as a responsible steward of that data. Our goal is that every 23andMe customer trusts us with their data.
With a deep understanding of 23andMe's business strategies and strategic priorities, you will identify the implications of product, marketing, business development and research initiatives on privacy and data use, technology architecture and standards and data governance, to ensure 23andMe implements sound decision-making and maintains its focus on transparency and mindfulness of privacy and data protection matters. You will be responsible for ensuring that 23andMe has a comprehensive and effective privacy program, and will conduct privacy education and training at all levels of the company. You will lead on privacy strategies, be an integral cross-functional colleague, work closely with parties on related compliance, policy and governmental affairs matters and lead all privacy programs and policies, in the US and abroad.
Who we are
Since 2006, 23andMe's mission has been to help people access, understand, and benefit from the human genome. We are a group of passionate individuals pushing the boundaries of what's possible to help turn genetic insight into better health and personal understanding.
What you'll do
- Serve as Privacy Officer for 23andMe.
- Own and provide leadership for the privacy function and staff.
- Represent the organization's privacy and data protection interests with internal and external parties.
- Develop, implement, supervise and monitor 23andMe's privacy and data protection policies and procedures to ensure the privacy and confidentiality of health information are kept up to date and are tailored to our business model.
- Assess how current and proposed regulations impact business processes, reporting functions, record keeping, or other activities. Assess needs for introduction of new business processes and for consultations or training.
- Conduct critical analysis and articulate how the external environment influences privacy laws, and regulations that impact 23andMe's businesses.
- Drive complex projects and lead cross-functional teams in setting and handling achievements and deliverables to achieve stated outcomes.
- Guarantee 23andMe privacy policies and practices are included in development of product offerings and business processes including, marketing, market research, customer support, and other operational mechanisms and performance measures.
- Develop strategies, tools, resources and frameworks enabling data use innovation and improvement throughout the company while ensuring operational privacy compliance.
- Apply innovation and process improvement skills to implement effective and efficient solutions.
- Collaborate with IT and Security to conduct risk assessments/audits and monitoring to find opportunities, issues and risks and develop appropriate mitigation plans in support of 23andMe Risk Management and Internal Audit deliverables.
- Lead data incident response and resolution teams; work cross-functionally to assess privacy events or potential data breaches and decide on appropriate responses.
Who you are
- JD with excellent academic credentials.
- Member of the California bar.
- +8 years of privacy experience in a law firm, in-house or other legal environment with a track record of providing practical business-friendly advice and management of other attorneys and staff.
- CIPP certification required.
- Skilled knowledge of data protection and information security laws, rules and regulations in the US and globally, including EU GDPR, as well as industry leading-practices and standards, US federal and state privacy laws and regulations including the Genetic Information Nondiscrimination Act (GINA), Fair Credit Reporting Act (FCRA), Health Information Portability and Accountability Act (HIPAA), California Online Privacy Protection Act, Children's Online Privacy Protection Act (COPPA), and rules and regulations related to mobile applications.
- Knowledge of online and offline advertising and marketing rules and regulations, such as state consumer protection statutes, CAN-SPAM, Telephone Consumer Protection Act (TCPA), Telemarketing Sales Rules (TSR), and FTC marketing guidelines pertaining to areas such as deceptive advertising and endorsements/testimonials.
- Knowledge of and experience with data security, data breach, and data loss prevention tools and statutes.
- Background and skill in responding to press inquiries and public speaking as an authority on wide range of global privacy matters.
- Shown analytical skills as well as the ability to take disparate information and make strategic recommendations quickly.
- Experience with FDA regulatory issues related to privacy, including government requirements for compliance programs preferred.
- A leader with evidence of growing management responsibility throughout career history.
- Ability to develop and deliver presentations to senior management and influence others.
- Impeccable attention to detail and ability to get things done.
- Strong organizational, coordination, multi-tasking, and process improvement capabilities to work with functional groups across the organization including Business Development, Marketing, and Research.
23andMe, Inc. is the leading consumer genetics and research company. Our mission is to help people access, understand and benefit from the human genome. The company was named by MIT Technology Review to its "50 Smartest Companies, 2017" list, and named one of Fast Company's "25 Brands That Matter Now, 2017". 23andMe has over 5 million customers worldwide, with ~85 percent of customers consented to participate in research. 23andMe is located in Mountain View, CA. More information is available at www.23andMe.com ( https://www.23andme.com/ ).
At 23andMe, we value a diverse, inclusive workforce and we provide equal employment opportunity for all applicants and employees. All qualified applicants for employment will be considered without regard to an individual's race, color, sex, gender identity, gender expression, religion, age, national origin or ancestry, citizenship, physical or mental disability, medical condition, family care status, marital status, domestic partner status, sexual orientation, genetic information, military or veteran status, or any other basis protected by federal, state or local laws. If you are unable to submit your application because of incompatible assistive technology or a disability, please contact us at email@example.com ( firstname.lastname@example.org ). 23andMe will reasonably accommodate qualified individuals with disabilities to the extent required by applicable law.
23andMe does not accept agency resumes and we are not responsible for any fees related to unsolicited resumes. Thank you.