Need help hiring top legal talent? Contact our team.
Company logo

Privacy and Data Protection Counsel

Posted Nov 22
Full Time
Remote

At Veracyte, we offer exciting career opportunities for those interested in joining a pioneering team that is committed to transforming cancer care for patients across the globe. Working at Veracyte – whether it be in one of our labs, corporate offices, the field – enables our employees to not only make a meaningful impact on the lives of patients, but to also learn and grow within a results-driven environment that values innovation, collaboration, and compassion.

The Position:

The Privacy and Data Protection Counsel will be an incredible asset to Veracyte’s Privacy and Data Protection team and will advise our global business teams on  a wide range of global privacy and data protection legal matters, and assist in scaling our global program.   Reporting directly to the Chief Privacy and Data Officer, this position will lead the Privacy team’s review of a variety of agreements, advise on a wide range of cutting edge, complex privacy and data protection matters in the diagnostics industry, including processing genomic data through advanced technologies to support our research, products, and partnerships.  This role will also be responsible for directly managing a variety of global privacy operations, projects, and privacy program management needs. 

Responsibilities.

  • Advise global teams on a wide variety of privacy and data protection issues relating to our global diagnostics business’ processing of personal health data (PHI) under US and EU laws, including HIPAA, GDPR, CCPA, and other state laws, and other data processing activities amongst Veracyte global teams.
  • Distill complex legal requirements to provide practical, risk-based advice appropriate for Veracyte’s business models, operations and risk profile; create out of the box solutions to scale our ability to provide legal guidance to the global teams through guidelines, tools, training and processes;
  • Evaluate personal health data in a variety of forms and understand how data origin, patient consents, data use rights, international transfers, and deidentification/pseudonymization, third-party sharing, data flows, and other attributes determine what laws apply, what contract terms are appropriate, and what compliance requirements arise;
  • Manage global large-scale projects, including Privacy team’s own projects, and support projects of global cross-functional teams. Execute privacy team projects through project management, including designing the project plan, execution of tasks and deliverables, and managing inputs required from other teams.
  • Conduct a variety of privacy reviews, including privacy use-case reviews to determine if new tools, projects, products and data analytics are aligned with privacy and data protection laws, our contractual commitments, and policies; conduct privacy impact assessments and similar reviews.
  • Monitor U.S. and global privacy, data, and AI laws for updates, determine applicability to our business, and collaborate on implementing new requirements.
  • Negotiate privacy and data protection terms in a wide array of global agreements, including vendor agreements, research collaborations, clinical trial agreements, business associate agreements and data protection agreements, including standard contractual clauses and solid understanding of controller and processor roles.
  • Design and implement global privacy operations including GDPR and U.S. privacy impact assessments, records of processing activities, framework mapping to controls and tracking of program evidence and documentation, conducting transfer impact assessments, creating standard operating procedures on a wide range of privacy requirements, and managing privacy operational tools.
  • Establish and manage a variety of privacy program requirements and assist with privacy program management, including drafting privacy guidelines and procedures, creating and facilitating global privacy and data protection training, facilitate privacy audits, manage policy review cycles, outside counsel and vendor management, and other program needs.
  • Establish cross-functional collaborations with teams to align on data goals and needs of our business, and partner on privacy and data governance solutions to support our global data strategy.

Who You Are:

Basic Qualifications

  • In-depth knowledge of GDPR, HIPAA, U.S. state privacy laws and health information privacy and the global privacy legal regime.
  • Minimum of four (4) years of full-time experience as a privacy attorney, including two (2) years in-house experience or experience in biotech or life sciences industry. Experience with a broad range of privacy work supporting a fast-paced company. Direct experience advising on privacy legal matters in new business initiatives, strong experience with contract reviews and negotiations, including templates and playbooks, and reviewing and negotiating a variety of privacy and data protection agreements, including GDPR data processing agreements, business associate agreements, data use and transfer agreements, for both customers and vendors.
  • Direct experience in establishing, implementing and managing U.S. and GDPR privacy operational requirements, including data inventories, DPIAs/PIAs for sensitive health data, ROPAs, intake review processes, notice and consent requirements, and assisting the business teams in managing their data requirements.
  • Proven success advising internal clients on legal privacy and data protection laws in the healthcare industry, including performing data privacy reviews of new products, services, tools and advising on requirements in a practical, risk-based approach; keen understanding of practical risks and ability to offer creative solutions.
  • Direct experience advising on and operationalizing requirements for processing of sensitive health data and personal health information; keen understanding of deidentification, pseudonymization and anonymization under GDPR and HIPAA, and in-depth experience advising on data usage rights and restrictions under applicable healthcare privacy laws, HIPAA, CCPA, GDPR and others.
  • Project management experience and ability to manage large-scale, multi-stakeholder projects for the privacy team.
  • Proven skills and experience collaborating across a wide range of global teams and with a diverse employee population
  • Best in class communication and interpersonal skills.
  • Advanced legal degree and member in good standing with a U.S. state bar (or international equivalent).
  • Best in class communications and interpersonal skills.

Preferred Qualifications

  • Experience working as in-house privacy counsel at a life-sciences or healthcare company.
  • Strong preference in candidates with understanding of how advanced technologies, AI and analytics impacts legal requirements for personal data.

Your approach to work:

  • Ability to take a business and client-focused approach to difficult decisions – including thinking “outside the box” on practical solutions
  • Able to engage team members in order to achieve objectives
  • Strong prioritization skills, ability to effectively manage multiple tasks and priorities in a fast-paced environment
  • Has initiative, enthusiasm, and resourcefulness
  • Team player with a passion for collaboration and patient care
  • You work hard and want to have fun while you do so.  You celebrate wins and remember to enjoy the journey as we grow together and as a company
  • You are fundamentally a good partner and a good human

The final salary offered to a successful candidate will be dependent on several factors that may include but are not limited to the type and length of experience within the job, type and length of experience within the industry, education, etc. Base pay is one part of the Total Package that is provided to compensate and recognize employees for their work, and this role may be eligible for additional discretionary bonuses/incentives, and restricted stock units. Veracyte is a multi-state employer, and this salary range may not reflect positions that work in other states.

Pay range

$176,000$220,000 USD

What We Can Offer You

Veracyte is a growing company that offers significant career opportunities if you are curious, driven, patient-oriented and aspire to help us build a great company. We offer competitive compensation and benefits, and are committed to fostering an inclusive workforce, where diverse backgrounds are represented, engaged, and empowered to drive innovative ideas and decisions.  We are proud to have been named a “Bay Area Top Workplace” for 11 years in a row by the Bay Area News Group and “Best Places to Work in San Diego” in 2023 by the San Diego Business Journal.

About Veracyte

Veracyte (Nasdaq: VCYT) is a global genomic diagnostics company that improves patient care by providing answers to clinical questions, informing diagnosis and treatment decisions throughout the patient journey in cancer and other diseases. The company’s growing menu of genomic tests leverage advances in genomic science and technology, enabling patients to avoid risky, costly diagnostic procedures and quicken time to appropriate treatment. The company’s tests in lung cancer, prostate cancer, breast cancer, thyroid cancer, bladder cancer and idiopathic pulmonary fibrosis are available to patients and its lymphoma subtyping and renal cancer tests are in development. With Veracyte’s exclusive global license to a best-in-class diagnostics instrument platform, the company is positioned to deliver its tests to patients worldwide. Veracyte is based in South San Francisco, California. For more information, please visit www.veracyte.com and follow the company on X (Formerly Twitter).

Veracyte, Inc. is an Equal Opportunity Employer and will consider all qualified applicants for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status or disability status. Veracyte participates in E-Verify in the United States. View our CCPA Disclosure Notice.

If you receive any suspicious alerts or communications through LinkedIn or other online job sites for any position at Veracyte, please exercise caution and promptly report any concerns to careers@veracyte.com