Assistant General Counsel, Privacy Transformation, Trust & Operations

Role Overview

• Lead the strategy for AI transformation across the privacy function, including AI-enabled workflows, automation, knowledge management, legal review controls, and responsible use of approved AI tools
• Create legally reviewed guardrails for AI-assisted privacy work, including regulatory monitoring, customer-facing content generation, DSAR triage support, DPIA routing, contract comparison, incident summaries, and privacy knowledge management
• Ensure AI-enabled privacy workflows preserve human ownership, legal judgment, privilege protection, source traceability, auditability, data classification rules, and appropriate escalation
• Partner with Product Legal, Security, GRC, IT, Legal Operations, and other stakeholders to identify privacy workflows, including vendor reviews, that can be safely automated, delegated, or enhanced through AI
• Own the privacy function’s Data Subject Rights operating model, including DSAR governance, workflow design, service levels, templates, quality controls, escalation thresholds, reporting, and continuous improvement
• Directly manage the Privacy Operations Specialist, who will remain responsible for day-to-day DSAR execution, operational coordination, tooling, reporting, and alternative legal provider workflow management
• Own the strategic relationship with Factor Law and other legal service delivery partners, including scope definition, expansion opportunities, escalation criteria, quality review, performance metrics, and regular business reviews
• Partner with the Privacy Operations Specialist, alternative legal provider, IT, and Legal Operations to improve DSAR tooling, automation, intake routing, deadline tracking, case documentation, metrics, and reporting
• Develop DSAR playbooks, templates, decision trees, and escalation matrices that enable standard matters to be handled efficiently while preserving attorney control over higher-risk issues
• Own the legal strategy for customer-facing privacy trust materials, including white papers, FAQs, trust center content, data processing explainers, AI/privacy narratives, privacy notices, certification summaries, and external privacy claims
• Translate CrowdStrike’s privacy posture into clear, accurate, business-friendly materials that support Sales, Customer Success, Commercial Legal, Product, Security, GRC, Marketing, and executive stakeholders
• Create a formal review and sign-off model with Marketing Legal and other relevant teams to ensure that customer-facing privacy materials are legally accurate, commercially useful, and supportable
• Build a reusable library of privacy trust assets to reduce one-off escalations and help customers understand CrowdStrike’s approach to data protection, AI, telemetry, subprocessors, cross-border transfers, retention, privacy-by-design, security data, and incident handling
• Support strategic customer engagements where privacy, AI, incident response, certifications, international transfers, or data-use questions are material to the relationship
• Ensure that all external privacy and data-practice claims are accurate, consistent, current, and aligned with CrowdStrike’s contractual, regulatory, and operational reality
• Partner with Privacy Leadership, GRC, Security, Compliance, Product, Engineering, and Legal stakeholders to support privacy-related certifications, attestations, audits, customer assurance requests, and control frameworks
• Own certifications specific to Privacy, including the Data Privacy Framework, Global CBPR, APEC CBPR/PRP, and related privacy assurance programs, as applicable
• Develop a privacy evidence strategy that connects internal controls to external commitments, customer diligence, regulatory expectations, and certification requirements
• Create legally reviewed privacy narratives for certification and assurance topics, including cross-border transfers, BCRs, SCCs, APEC CBPRs, subprocessor governance, retention, access controls, incident response, privacy-by-design, consent, and AI governance
• Help ensure that customer-facing certification statements and privacy assurance materials are accurate, current, and consistent with internal controls and legal obligations
• Serve as a senior privacy legal lead for incidents with actual or potential privacy implications
• Partner with CSIRT, Security, Legal, Compliance, Product, Communications, and outside counsel as needed to assess privacy impact, notification obligations, customer commitments, regulatory risk, and remediation requirements
• Develop and maintain privacy incident response playbooks, escalation criteria, privilege protocols, documentation standards, decision trees, and post-incident remediation workflows
• Advise on whether an incident triggers privacy notification, customer notice, regulator engagement, contractual reporting, or additional investigation
• Ensure privacy incident records are accurate, defensible, privilege-aware, and aligned with applicable regulatory and contractual obligations
• Lead post-incident privacy reviews to identify control improvements, policy updates, training needs, process changes, product changes, or customer communication improvements

Requirements

• J.D. and active bar membership
• Significant experience in privacy, data protection, cybersecurity, technology, AI governance, or a related field
• Strong working knowledge of global privacy laws and regulatory expectations, including GDPR, CCPA/CPRA, ePrivacy, breach notification laws, cross-border transfer requirements, and emerging AI governance obligations
• Experience advising on privacy incident response, including legal assessment, documentation, notification analysis, remediation, and cross-functional escalation
• Experience with Data Subject Rights / DSAR operations, including workflow design, templates, identity verification, exceptions, escalation criteria, and SLA management
• Experience managing legal operations professionals, privacy operations specialists, alternative legal providers, outside counsel, or other legal service delivery partners
• Experience creating or reviewing customer-facing privacy materials, white papers, FAQs, trust center content, privacy notices, certification narratives, or external data-practice claims
• Excellent writing skills for customer-facing, executive-facing, and regulator-sensitive materials
• Ability to partner effectively across Privacy, Security, GRC, Marketing Legal, Product Legal, Commercial Legal, Product, Engineering, Sales, Customer Success, IT, Legal Operations, and executive stakeholders
• Strong program-building instincts, including playbook creation, governance design, metrics, escalation paths, and operating-model development
• Bonus Points: CIPP/E, CIPP/US, CIPM, AIGP, or similar privacy, data protection, or AI governance credential.
• Experience with OneTrust or similar privacy management platforms.
• Experience with consent management platforms, cookie scanning tools, trust centers, privacy automation tools, or DSAR automation.
• Experience with privacy-related certifications, assurance programs, BCRs, SCCs, APEC CBPRs, ISO/SOC support, or GRC control frameworks.
• Experience in cybersecurity, cloud, SaaS, enterprise technology, threat intelligence, endpoint security, or security products.
• Experience implementing AI-enabled legal, privacy, compliance, or operational workflows with appropriate human review and governance controls.

Tech Stack

• Cloud
• Cyber Security

Benefits

• Market leader in compensation and equity awards
• Comprehensive physical and mental wellness programs
• Competitive vacation and holidays for recharge
• Paid parental and adoption leaves
• Professional development opportunities for all employees regardless of level or role
• Employee Networks, geographic neighborhood groups, and volunteer opportunities to build connections
• Vibrant office culture with world class amenities
• Great Place to Work Certified™ across the globe