Associate General Counsel, Privacy & Compliance
Listed on 2026-06-27
-
IT/Tech
Data Security, Cybersecurity
About Neuralink
We are creating devices that enable a bi‑directional interface with the brain. These devices allow us to restore movement to the paralyzed, restore sight to the blind, and revolutionize how humans interact with their digital world.
Team DescriptionWe are a small, dedicated legal team deeply embedded in the business. You will be a vital part of a collaborative and adaptive team that embraces a growth mindset. We handle a wide range of legal issues, and you will have the opportunity to take ownership of key projects and make a tangible, company‑wide impact on the business.
Job Description and ResponsibilitiesNeuralink is hiring an Associate General Counsel to build and lead the company’s privacy and compliance program end‑to‑end. You will own the privacy strategy across our most sensitive data—neural recordings, clinical trial data, and the health information of the patients we serve—and stand up the compliance program that governs how Neuralink interacts with clinical investigators, physicians, hospitals, patients, and federal healthcare programs.
You will report to the General Counsel and partner closely with Clinical, Regulatory, and Engineering. You will set the privacy and compliance posture, design the program, and translate complex global obligations into clear guardrails the team can move quickly within. We are looking for an operator‑attorney who is excited to roll up their sleeves, not someone who wants to manage a program from a distance.
Asour Associate General Counsel, Privacy & Compliance, you will:
- Lead Neuralink’s privacy program across the United States and international jurisdictions, including governance, policies, training, vendor diligence, incident response, and data subject rights.
- Serve as the company’s subject‑matter authority on HIPAA and clinical trial data. Partner with Clinical, Regulatory, and research ethics committee liaisons to ensure informed consent, BAAs, and study protocols are aligned with patient privacy expectations, best practices, and regulatory requirements.
- Own global privacy compliance and the full set of US state privacy laws. Drive privacy compliance for new market entry as Neuralink expands clinical trials and product availability internationally.
- Drive Privacy by Design with Product and Engineering, including conducting PIAs and DPIAs for new features and clinical study protocols, advising on data minimization and retention, and helping engineering teams ship faster by giving clear, early, implementable guidance.
- Lead vendor privacy reviews and DPA negotiations, including BAAs, SCCs, transfer impact assessments, and subprocessor management, and own the data flow map for the company.
- Maintain the company’s privacy notices, internal data handling standards, employee privacy policies, and DSAR/data rights response process.
- Lead the privacy incident response function in partnership with Security; own breach assessment, notification analysis, and regulator‑facing communications.
- Lead Neuralink’s healthcare compliance program, including the policies, training, monitoring, auditing, and reporting infrastructure of a company operating in a federally regulated healthcare environment (OIG Seven Elements framework).
- Advise on interactions with healthcare professionals, hospitals, and clinical investigators, including Adva Med Code adherence, Sunshine Act reporting, state HCP‑interaction laws.
- Track and translate regulatory developments and enforcements into concrete operational changes.
- A J.D. from an accredited law school and active membership in at least one state bar (California or Texas preferred).
- Privacy experience at a medical device company or high‑growth health technology company (e.g., digital health, wearable tech, or life science company specializing in devices or advanced clinical data systems).
- A minimum of 10 years of privacy‑focused legal practice, with substantial in‑house experience leading a privacy program. CIPP/US and CIPP/E (or equivalent) strongly preferred.
- Deep, hands‑on expertise with HIPAA (Privacy, Security, and Breach Notification Rules), including BAA negotiation and the privacy dimensions of clinical…
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).