Director, Privacy Legal Counsel jobs in United States
cer-icon
Apply on Employer Site
company-logo

Crinetics Pharmaceuticals · 2 months ago

Director, Privacy Legal Counsel

positionSan Diego, CA
timeFull-time
remoteHybrid
seniorityDirector/Executive
money$170K/yr - $213K/yr
date10+ years exp

Crinetics Pharmaceuticals is a pharmaceutical company based in San Diego, California, developing therapies for endocrine diseases. They are seeking a Director, Privacy Legal Counsel to lead the global privacy program, ensuring compliance with privacy regulations and advising on data protection initiatives across various business functions.

BiotechnologyHealth CarePharmaceuticalTherapeutics

Responsibilities

Lead, design, implement, and maintain a comprehensive global privacy and data protection program, including policies, standards, procedures, and controls that align with U.S. and international regulations and industry best practices
Serve as the company’s primary advisor and subject-matter expert on privacy, data protection, cybersecurity, and data-use ethics across all business functions, including clinical development, research, pharmacovigilance, HR, IT, and commercial operations
Provide practical, timely, and strategic legal advice on privacy and data-security issues impacting research, development, and commercialization activities, balancing risk mitigation with operational efficiency
Counsel on privacy and data-protection considerations throughout the clinical-trial lifecycle, including informed consent, pseudonymization and de-identification, secondary data use, and cross-border data transfers involving CROs, investigators, vendors, and regulators
Support compliant data-use practices for real-world evidence, pharmacovigilance, patient-support programs, and digital health platforms, ensuring lawful processing and appropriate safeguards for sensitive health information
Advise on privacy, data-governance, and ethical considerations in connection with artificial intelligence (AI), machine learning (ML), and emerging digital technologies, including transparency, fairness, and explainability requirements under evolving AI and data-use frameworks (e.g., EU AI Act, Colorado AI Act)
Monitor, interpret, and implement strategies to comply with emerging privacy and AI laws, including the GDPR, HIPAA, CCPA/CPRA, Colorado Privacy Act, Virginia Consumer Data Protection Act, Washington My Health My Data Act, Oregon Consumer Privacy Act, and other state, federal, and global regulations
Oversee Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs) for systems, clinical programs, and data-processing activities, and advise on remediation and risk-mitigation measures
Draft, review, and negotiate data-protection and privacy provisions in vendor, commercial, collaboration, and clinical research agreements, ensuring alignment with company policies and global legal requirements
Provide legal support for cross-border data transfers, including evaluation and implementation of Standard Contractual Clauses (SCCs), Transfer Impact Assessments (TIAs), and other transfer mechanisms
Partner with Compliance, IT, and Information Security to establish governance frameworks for data classification, access, retention, and disposal, promoting 'privacy by design' and 'security by default.'
Play a leadership role in incident response investigations involving potential privacy or data-security events, including assessing regulatory notification obligations and advising on root-cause and remediation efforts
Develop and deliver enterprise-wide privacy training and communications to strengthen understanding of data-protection principles, regulatory requirements, and ethical data handling across the organization
Build strong cross-functional relationships with R&D, clinical, IT, HR, Compliance, and Commercial teams to foster a proactive, collaborative, and accountable privacy culture

Qualification

Privacy legal expertiseData protection complianceHIPAAGDPR knowledgeContract negotiation skillsPrivacy program developmentLeadership experienceCross-functional collaborationSound legal judgmentBusiness acumenAI governance knowledgeCIPP/US certificationInterpersonal skillsStrategic thinkingOrganizational skills

Required

Juris Doctor degree from accredited law school required
10+ years of relevant experience, with at least 5+ years in the biotechnology, pharmaceutical, or healthcare industry focusing on privacy and data protection
Leadership: a minimum of 8 years of experience as a supervisor with strong leadership skills and experience managing and developing high-performing teams. Ability to influence senior executives and cross-functional teams
Deep knowledge of HIPAA, GDPR, U.S. federal and state privacy laws, and global data-transfer frameworks
Proven experience developing and operationalizing privacy programs and managing complex, cross-functional privacy issues
Strong contract drafting and negotiation skills related to research agreements, particularly vendor, data-processing, and clinical agreements
In addition to top-notch legal skills and a strong ethical center, excellent interpersonal, strategic thinking, communication and organizational skills
Ability to build consensus with diverse stakeholders and form strong, collaborative working relationships
Ability to handle multiple projects in a fast-paced environment and exercise sound legal judgment
In-house experience with product counseling, compliance, litigation, and regulatory teams
Experience with commercial or consumer contracts involving data privacy
High level of business acumen, excellent contract drafting and negotiation proficiency

Preferred

CIPP/US, CIPM, or equivalent privacy certification
AIGP or similar AI governance credentials
Experience supporting AI-driven innovation

Benefits

Discretionary annual target bonus
Stock options
ESPP
401k match
Top-notch health insurance plans for employees (and their families) to include medical, dental, vision and basic life insurance
20 days of PTO
10 paid holidays
Winter company shutdown

Company

Crinetics Pharmaceuticals

twittertwittertwitter
company-logo
Crinetics is a clinical-stage pharmaceutical company that develops therapies for people with rare endocrine diseases.
dateFounded in 2008
location
San Diego, California, USA
people-size501-1000 employees
web-link
http://www.crinetics.com

Funding

Current Stage
Public Company
Total Funding
$2B
Key Investors
Frazier Healthcare PartnersNational Institutes of HealthPerceptive Advisors
2026-01-06Post Ipo Equity· $349.22M
2024-10-08Post Ipo Equity· $500M
2024-02-28Post Ipo Equity· $350M

Leadership Team

leader-logo
R. Scott Struthers
Founder, CEO
linkedin
A
Alan S. Krasner
Chief Endocrinologist
linkedin

Recent News

GlobeNewswire
Crinetics Initiates Phase 2/3 Pediatric Trial Evaluating Atumelnant in Congenital Adrenal Hyperplasia (CAH)
2026-01-23
BioWorld Financial Watch
Crinetics Pharmaceuticals discovers new SSTR2 non-peptide-drug conjugates
2026-01-15
GlobeNewswire
Crinetics Pharmaceuticals Announces January 2026 Inducement Grants Under Nasdaq Listing Rule 5635(c)(4)
2026-01-13
Company data provided by crunchbase