Privacy Lawyer

Summary

Join Instructure as a dynamic lawyer specializing in data privacy, security, and AI. You will provide legal support for Instructure's global privacy program, AI initiatives, and security program, developing and maintaining policies and procedures. Responsibilities include addressing legal, contractual, and regulatory matters related to data privacy, data security, and AI, supporting various teams, and handling transactions. The ideal candidate possesses experience in SaaS and technology privacy law, along with business/transactional law expertise. This role requires strong legal skills, collaboration abilities, and the capacity to handle day-to-day tasks while strategically advising senior leadership.

Requirements

• Prior experience in global AI, data protection, & security law and an in-depth knowledge of U.S. and EU privacy statutes – including GDPR, FERPA, and US Consumer Privacy laws
• Business judgment and ability to assess legal risk while also thinking strategically and providing practical advice
• J.D. from an accredited law school and excellent academic credentials
• 4 - 6 years of experience in a large firm and ideally some in-house experience
• Excellent written and verbal communication
• Meticulous attention to detail and process
• Ability to maintain poise in stressful situations
• Must be able to interact directly with senior business leaders without supervision
• Willingness to expand the range of job responsibilities as needed, based on the evolution of the company and the role
• Deep governance and operational incident response experience, including in developing, implementing, and managing an incident response program and process for full compliance with the law, including reporting and post incident remediation
• Experience working with cross functional teams (legal, security, GRC, product, engineering) in advising on privacy issues across an organization (i.e. privacy/ handling customer information/HR/ education)
• Excellent oral and written communications skills and experience in advising and reporting to Boards of Directors, senior management, accountants, and auditors, regulators and other external parties

Responsibilities

• Provide general in-house legal services to and advise our business and operational units with a focus on privacy, security, and AI law
• Lead and manage legal matters pertaining to privacy, security, and AI
• Review and aid in crafting data privacy policies and practices and opportunities for improvement of privacy policies in collaboration with the Privacy Office
• Maintain current knowledge and expand your knowledge of all applicable worldwide privacy, security, data, and AI laws and accreditation standards
• Collaborate with the entire organization, including senior management, security, engineering, HR, marketing, compliance, and others to advise on privacy, security, and AI issues, including privacy strategy and worldwide regulatory requirements and laws
• Collaborate with the Security Steering Committee to advise and support Instructure’s ongoing data security incident program and process to track, investigate, and report data incidents
• Serve as Instructure’s data protection officer under the UK & EU GDPR
• Support Instructure’s Academic Office representing the organization's information privacy interests with external parties (state or local government bodies) who undertake to adopt or amend privacy legislation, regulation, or standards

Preferred Qualifications

Certifications in Certified Information Privacy Professional (CIPP US and/or EU), Information Privacy Manager (CIPM), Information Privacy Technologist (CIPT) and Information Systems Security Professional (CISSP) are a big plus