Elastic is a free and open search company that powers enterprise search, observability, and security solutions built on one technology stack that can be deployed anywhere. From finding documents to monitoring infrastructure to hunting for threats, Elastic makes data usable in real-time and at scale. Thousands of organizations worldwide, including Barclays, Cisco, eBay, Fairfax, ING, Goldman Sachs, Microsoft, The Mayo Clinic, NASA, The New York Times, Wikipedia, and Verizon, use Elastic to power mission-critical systems. Founded in 2012, Elastic is a distributed company with Elasticians around the globe. Learn more at elastic.co.
We seek to hire a Corporate Counsel, Privacy to join our legal department in this fast growing, truly globally distributed company. This is an optionally remote position that will be ideal for a self-sufficient and resourceful mid-level attorney.
What You Will Be Doing:
- Serve as the privacy subject matter expert to the company and provide strategic and practical counsel to company-wide stakeholders on privacy and data governance principles and requirements.
- Work with leaders within the legal, information security, product and marketing teams to develop, implement and improve our data privacy program. Develop, maintain and deliver privacy training, communication and awareness materials. Monitor privacy and data protection laws and enforcement activities and update the program and/or implement initiatives to maintain compliance with applicable laws.
- Assume a knowledge leadership role within the legal team on all privacy and data protection matters across the legal team. This includes training the legal team on the negotiation, drafting and review of privacy and data processing contract terms and acting as an escalation point for privacy-related matters. This also includes working with the legal team to maintain updated templates and playbooks and providing guidance on privacy standards applicable to Elastic’s delivery of products and services.
- Support our marketing team with a focus on all aspects of data privacy associated with lead generation and management. This includes advising and counseling on relevant legal principles worldwide and collaborating with the marketing team to achieve lead generation goals while staying compliant with applicable data privacy and protection laws.
- Advise and support our engineering, products and services teams on the implementation of key data protection principles (e.g., purpose limitation, data minimization, transparency, etc.) consistent with the company focus on quality, responsiveness and continuous improvement of our products and services.
- Serve as primary contributor for review of all data privacy matters related to vendor agreements. This includes participating in vendor privacy due diligence assessments and training the vendor legal team on the analysis and negotiation of data privacy matters related to vendor agreements and/or reviewing and negotiation vendor data privacy provisions and DPAs.
- Assume a knowledge leadership role within the legal team on all privacy and data protection matters across the legal team. This includes serving as the primary point of escalation for all privacy matters relating to deals as well as providing guidance on privacy standards applicable to Elastic’s legal templates and negotiation fallback positions.
- Develop a collaborative and trusted relationship with our information security team. This includes coordinating the escalation of contractual provisions that require InfoSec review and providing timely assistance in attaining and maintaining our essential security credentials (SOC2, ISO 27001, FEDRAMP, etc.) and assisting in response to data security incidents.
- Maintain our public facing privacy statements. These include our general privacy statement, product privacy statement, cookie statement, candidate privacy statement and California and/or EU privacy statements.
- Work with our HR and InfoSec team to develop, implement and communicate privacy policies relevant to our handling of personal data of applicants, employees and customers. This will include providing guidance and training based on regional privacy requirements and/or relevant operational roles.
What You Will Bring:
Expertise and relevant experience in data privacy matters. Your data privacy experience includes data privacy program management, advising on data protection and privacy matters, negotiating data processing agreements and working collaboratively across multiple teams to build consensus on data privacy matters. You have excellent judgment, are able to balance competing demands on your time, independently function in a fast-paced environment, and can handle ambiguity and rapidly shifting priorities with flexibility, patience and humor. We’re looking for someone with the ability to learn quickly and enthusiastically with great interpersonal skills, who is effective at collaborating across multiple teams and building strong relationships with stakeholders.
In Addition to:
- Juris Doctor degree from a top law school;
- 5 to 7 years of related experience preferably including experience in a top law firm advising rapidly-growing technology companies and in-house at a rapidly-growing technology company supporting data privacy and protection functions.
- Solid understanding and ability to interpret and implement relevant data protection laws and regulations, including GDPR, PIPEDA, HIPAA, GLB and CCPA;
- Completion of one or more privacy and/or data protection related certification programs (e.g., CIPP/E. CIPM, etc.);
- Solid understanding and interest in information security principles and requirements and in integrating applicable security standards (SOC, ISO 27001, FEDRAMP) with the information security requirements of a privacy program;
- An enthusiasm for training, team building, collaboration and process development combined with a willingness to learn and teach tools for managing complex data flows;
- Experience and confidence with negotiating complex data privacy and information security issues and with teaching others how to do so; and
- A strong work ethic and the ability to prioritize and drive to results with a high emphasis on quality and professionalism.
Additional Information - We Take Care of Our People
As a distributed company, diversity drives our identity. Whether you’re looking to launch a new career or grow an existing one, Elastic is the type of company where you can balance great work with great life. Your age is only a number. It doesn’t matter if you’re just out of college or your children are; we need you for what you can do.
We strive to have parity of benefits across regions and while regulations differ from place to place, we believe taking care of our people is the right thing to do.
- Competitive pay based on the work you do here and not your previous salary
- Health coverage for you and your family in many locations
- Ability to craft your calendar with flexible locations and schedules for many roles
- Generous number of vacation days each year
- Double your charitable giving - We match up to $1500 (or local currency equivalent)
- Up to 40 hours each year to use toward volunteer projects you love
- Embracing parenthood with minimum of 16 weeks of parental leave
Different people approach problems differently. We need that. Elastic is committed to diversity as well as inclusion. We are an equal opportunity employer and committed to the principles of affirmative action. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status or any other basis protected by federal, state or local law, ordinance or regulation. If you require any reasonable accessibility support, please email email@example.com.
Please see here for our Privacy Statement.