As Privacy & Compliance Counsel, you will proactively assess legal risk and use your experience to provide smart, practical guidance to stakeholders about the privacy and data security challenges our company faces. You will help Credit Karma develop and mature its privacy and compliance program, as well as look for opportunities to distinguish Credit Karma as a privacy and data security leader. You will report to Credit Karma's Lead Counsel for Privacy and work closely with members of our Legal team and cross-functional teams across the organization. The role requires a self-motivated and highly collaborative individual who excels in a dynamic, fast-paced environment.
What You'll Do:
Help to ensure Credit Karma's compliance with state and federal privacy laws, such as the California Consumer Privacy Act and Gramm Leach Bliley Act, through program and process development and management
Review and provide feedback on privacy and security terms in commercial agreements, in partnership with Credit Karma's commercial counsel
Proactively assess how evolving privacy and data security requirements apply to new and innovative financial services products and other technologies
Provide actionable, business-savvy counseling to business stakeholders related to privacy and data security
Assist with consumer and regulatory inquiries and escalations related to privacy and security, and conduct Data Privacy Impact Assessments (DPIA)
Assist with complex cross-functional efforts related to privacy and cybersecurity, including site and security incident response
Help to manage, develop, and mature a privacy program across the entire company, including developing and implementing processes and policies
Educate stakeholders in a simple, easy to understand way about privacy and data security issues and innovating on ways to continue fostering a culture of learning
Stay up-to-date on new and evolving regulatory requirements related to privacy and data security
What's Great About the Role:
A satisfying mission, working to make financial progress possible to everyone – free of charge
The opportunity to work on cutting edge issues at the intersection of technology and financial services
A dynamic work environment with a team of smart, fun, collaboration-minded attorneys who enjoy learning from each other
What we are looking for:
5+ years of experience as an attorney
Previous experience working in-house is strongly preferred (preferably in technology), but will consider candidates with strong law firm experience
Experience advising companies on U.S. (federal and state), European, and/or Canadian privacy and cybersecurity laws.
Knowledge of privacy or cybersecurity-related regulations and frameworks such as NIST, ISO, CCPA/CPRA, GDPR, GLBA, FCRA, and the NYDFS cybersecurity regulation
JD from accredited law school and excellent academic credentials
Member of at least one state Bar
Technologically adept
What we would like to see:
CIPP-E and/or CIPP-US
Experience building or maturing privacy programs
Experience with incident response and breach management or product counseling
Familiarity with Privacy Enhancing Technologies (PET)