Offer summary

Qualifications:

J.D. from an accredited law school with excellent academic credentials., 4-6 years of experience in global AI, data protection, and security law, ideally with in-house experience., In-depth knowledge of U.S. and EU privacy statutes, including GDPR and FERPA., Certifications such as CIPP, CIPM, or CISSP are a plus..

Key responsabilities:

Provide legal support for Instructure’s global privacy program, AI initiatives, and security program.

Lead and manage legal matters related to privacy, security, and AI, including policy development.

Collaborate with various teams to advise on privacy strategy and regulatory compliance.

Serve as Instructure’s data protection officer under the UK & EU GDPR and represent privacy interests with external parties.

Job description

Instructure is seeking a dynamic lawyer who will serve as the data privacy, security, and AI legal lead. You will be responsible for providing legal support to Instructure’s global privacy program, AI initiatives, and security program, including development, implementation and maintenance of policies and procedures, as well as address day to day legal, contractual and regulatory matters involving data privacy, data security, and AI. You will also support Instructure’s product, marketing, and engineering teams and handle a broad range of transactions, including data processing agreements, vendor processing agreements, and transfer impact assessments. The ideal candidate will be someone who isn’t afraid to roll up their sleeves and handle the day to day while bringing with them privacy law experience in SaaS and technology and familiarity with business/transactional law.

What you will do

Provide general in-house legal services to and advise our business and operational units with a focus on privacy, security, and AI law.

Lead and manage legal matters pertaining to privacy, security, and AI.

Review and aid in crafting data privacy policies and practices and opportunities for improvement of privacy policies in collaboration with the Privacy Office.

Maintain current knowledge and expand your knowledge of all applicable worldwide privacy, security, data, and AI laws and accreditation standards.

Collaborate with the entire organization, including senior management, security, engineering, HR, marketing, compliance, and others to advise on privacy, security, and AI issues, including privacy strategy and worldwide regulatory requirements and laws.

Collaborate with the Security Steering Committee to advise and support Instructure’s ongoing data security incident program and process to track, investigate, and report data incidents.

Serve as Instructure’s data protection officer under the UK & EU GDPR.

Support Instructure’s Academic Office representing the organization's information privacy interests with external parties (state or local government bodies) who undertake to adopt or amend privacy legislation, regulation, or standards.

What you need to know/have

Prior experience in global AI, data protection, & security law and an in-depth knowledge of U.S. and EU privacy statutes – including GDPR, FERPA, and US Consumer Privacy laws.

Business judgment and ability to assess legal risk while also thinking strategically and providing practical advice

J.D. from an accredited law school and excellent academic credentials.

4 - 6 years of experience in a large firm and ideally some in-house experience.

Excellent written and verbal communication.

Meticulous attention to detail and process.

Ability to maintain poise in stressful situations.

Must be able to interact directly with senior business leaders without supervision.

Willingness to expand the range of job responsibilities as needed, based on the evolution of the company and the role.

Deep governance and operational incident response experience, including in developing, implementing, and managing an incident response program and process for full compliance with the law, including reporting and post incident remediation,

Experience working with cross functional teams (legal, security, GRC, product, engineering) in advising on privacy issues across an organization (i.e. privacy/ handling customer information/HR/ education).

Excellent oral and written communications skills and experience in advising and reporting to Boards of Directors, senior management, accountants, and auditors, regulators and other external parties

Certifications in Certified Information Privacy Professional (CIPP US and/or EU), Information Privacy Manager (CIPM), Information Privacy Technologist (CIPT) and Information Systems Security Professional (CISSP) are a big plus

We’ve always believed in hiring the most awesome people and treating them right. We know that the more diverse we are, the more diverse our ideas will be and when we openly welcome those ideas, our environment is better and our business is stronger.

At Instructure we participate in E-Verify and yes, in case you didn't catch it from the above, we are an Equal Opportunity Employer.

All Instructure employees are required to successfully pass a background check upon being hired.

Required profile