Director, Privacy Legal Counsel

Director, Privacy Legal Counsel page is loaded## Director, Privacy Legal Counsel remote type:
Hybrid-San Diego locations:
San Diego, CAtime type:
Full time posted on:
Posted Yesterday job requisition :
JR000520

Crinetics is a pharmaceutical company based in San Diego, California, developing much-needed therapies for people with endocrine diseases and endocrine-related tumors. We were founded by a dedicated team of scientists with the simple belief that better therapies developed from rigorous innovation can lead to better lives. Our work continues to make a real difference in the lives of patients. We have a prolific discovery engine and a robust preclinical and clinical development pipeline.

We are driven by science with a patient-centric and team-oriented culture. Crinetics is known for its inclusive workplace culture. We are also a dog-friendly workplace. This is an exciting time to join Crinetics as we shape our organization into the world’s premier fully-integrated endocrine company from discovery to patients. Join our team as we transform the lives of others.
*
* Position Summary:

** Crinetics is seeking a highly experienced and strategic Director, Privacy Legal Counsel to lead and oversee the company’s global privacy program. Reporting to the Chief Legal Officer, this role is critical in ensuring compliance with United States and international privacy regulations, standards, and industry best practices. The Director will be Crinetics’ privacy subject-matter expert, advising on privacy, data protection, cybersecurity, and data governance initiatives across R&D, clinical development, IT, HR, and commercial operations.

The ideal candidate will bring deep experience counseling life-sciences organizations, a sophisticated understanding of global privacy frameworks, and the ability to translate complex legal requirements into actionable business guidance that supports innovation, patient trust, and ethical data use.
** Essential Job Functions and Responsibilities:
** These may include but are not limited to:
* Lead, design, implement, and maintain a comprehensive global privacy and data protection program, including policies, standards, procedures, and controls that align with U.S. and international regulations and industry best practices.
* Serve as the company’s primary advisor and subject-matter expert on privacy, data protection, cybersecurity, and data-use ethics across all business functions, including clinical development, research, pharmacovigilance, HR, IT, and commercial operations.
* Provide practical, timely, and strategic legal advice on privacy and data-security issues impacting research, development, and commercialization activities, balancing risk mitigation with operational efficiency.
* Counsel on privacy and data-protection considerations throughout the clinical-trial lifecycle, including informed consent, pseudonymization and de-identification, secondary data use, and cross-border data transfers involving CROs, investigators, vendors, and regulators.
* Support compliant data-use practices for real-world evidence, pharmacovigilance, patient-support programs, and digital health platforms, ensuring lawful processing and appropriate safeguards for sensitive health information.
* Advise on privacy, data-governance, and ethical considerations in connection with artificial intelligence (AI), machine learning (ML), and emerging digital technologies, including transparency, fairness, and explainability requirements under evolving AI and data-use frameworks (e.g., EU AI Act, Colorado AI Act).
* Monitor, interpret, and implement strategies to comply with emerging privacy and AI laws, including the GDPR, HIPAA, CCPA/CPRA, Colorado Privacy Act, Virginia Consumer Data Protection Act, Washington My Health My Data Act, Oregon Consumer Privacy Act, and other state, federal, and global regulations.
* Oversee Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs) for systems, clinical programs, and data-processing activities, and advise on remediation and risk-mitigation measures.
* Draft, review, and negotiate data-protection and privacy provisions in vendor, commercial,…