Assistant General Counsel Privacy Transformation Trust & Operations (Remote)

As a global leader in cybersecurity CrowdStrike protects the people processes and technologies that drive modern organizations. Since 2011 our mission hasn’t changed — we’re here to stop breaches and we’ve redefined modern security with the world’s most advanced AI-native platform. Our customers span all industries and they count on CrowdStrike to keep their businesses running their communities safe and their lives moving forward. We’re also a mission-driven company. We cultivate a culture that gives every CrowdStriker both the flexibility and autonomy to own their careers. We’re always looking to add talented CrowdStrikers to the team who have limitless passion a relentless focus on innovation and a fanatical commitment to our customers our community and each other. Ready to join a mission that matters? The future of cybersecurity starts with you.

About the Role:

CrowdStrike is seeking an Assistant General Counsel Privacy Transformation Trust & Operations to report directly to the Chief Privacy & Public Policy Officer and partner closely with the Privacy Assistant General Counsel (Data Protection & Policy) to serve as a senior legal and operational leader for the privacy function’s AI transformation customer trust and operational initiatives. This is a builder role for a senior privacy attorney who can translate complex legal obligations into practical governance scalable operating models customer-facing trust assets and defensible risk-management processes. The mission of this role is to help make CrowdStrike’s privacy program more strategic more scalable more AI-enabled and more effective as a driver of customer trust. This role will directly manage the Privacy Operations Specialist and will own the strategic operating relationship with alternative legal service provider resources including scope expansion escalation protocols quality standards performance reporting and opportunities to move repeatable work out of the attorney queue. This is not a traditional privacy counsel role focused primarily on routine legal review. 

What You’ll Do:

In this role you will provide practical risk-based legal and operational guidance to modernize how the privacy function works scales and supports the business.

1. AI Transformation and Privacy Governance

• Lead the strategy for AI transformation across the privacy function including AI-enabled workflows automation knowledge management legal review controls and responsible use of approved AI tools.

• Create legally reviewed guardrails for AI-assisted privacy work including regulatory monitoring customer-facing content generation DSAR triage support DPIA routing contract comparison incident summaries and privacy knowledge management.

• Ensure AI-enabled privacy workflows preserve human ownership legal judgment privilege protection source traceability auditability data classification rules and appropriate escalation.

• Partner with Product Legal Security GRC IT Legal Operations and other stakeholders to identify privacy workflows including vendor reviews that can be safely automated delegated or enhanced through AI.

2. Privacy Operations Data Subject Rights and Alternative Legal Service Provider Strategy

• Own the privacy function’s Data Subject Rights operating model including DSAR governance workflow design service levels templates quality controls escalation thresholds reporting and continuous improvement.

• Directly manage the Privacy Operations Specialist who will remain responsible for day-to-day DSAR execution operational coordination tooling reporting and alternative legal provider workflow management.

• Own the strategic relationship with Factor Law and other legal service delivery partners including scope definition expansion opportunities escalation criteria quality review performance metrics and regular business reviews.

• Partner with the Privacy Operations Specialist alternative legal provider IT and Legal Operations to improve DSAR tooling automation intake routing deadline tracking case documentation metrics and reporting.

• Develop DSAR playbooks templates decision trees and escalation matrices that enable standard matters to be handled efficiently while preserving attorney control over higher-risk issues.

3. Customer Trust White Papers and External Privacy Narrative

• Own the legal strategy for customer-facing privacy trust materials including white papers FAQs trust center content data processing explainers AI/privacy narratives privacy notices certification summaries and external privacy claims.

• Translate CrowdStrike’s privacy posture into clear accurate business-friendly materials that support Sales Customer Success Commercial Legal Product Security GRC Marketing and executive stakeholders.

• Create a formal review and sign-off model with Marketing Legal and other relevant teams to ensure that customer-facing privacy materials are legally accurate commercially useful and supportable.

• Build a reusable library of privacy trust assets to reduce one-off escalations and help customers understand CrowdStrike’s approach to data protection AI telemetry subprocessors cross-border transfers retention privacy-by-design security data and incident handling.

• Partner with Privacy Leadership Sales Customer Success Commercial Legal and Product Legal to identify recurring customer privacy questions and convert them into scalable trust content.

• Support strategic customer engagements where privacy AI incident response certifications international transfers or data-use questions are material to the relationship.

• Ensure that all external privacy and data-practice claims are accurate consistent current and aligned with CrowdStrike’s contractual regulatory and operational reality.

4. Certifications Assurance and Evidence Strategy

• Partner with Privacy Leadership GRC Security Compliance Product Engineering and Legal stakeholders to support privacy-related certifications attestations audits customer assurance requests and control frameworks.

• Own certifications specific to Privacy including the Data Privacy Framework Global CBPR APEC CBPR/PRP and related privacy assurance programs as applicable.

• Develop a privacy evidence strategy that connects internal controls to external commitments customer diligence regulatory expectations and certification requirements.

• Create legally reviewed privacy narratives for certification and assurance topics including cross-border transfers BCRs SCCs APEC CBPRs subprocessor governance retention access controls incident response privacy-by-design consent and AI governance.

• Help ensure that customer-facing certification statements and privacy assurance materials are accurate current and consistent with internal controls and legal obligations.

• Support readiness assessments and remediation planning where certification or assurance efforts identify privacy control gaps.

• Serve as the privacy legal partner to GRC and Security on privacy control ownership evidence quality audit responses and customer assurance positioning.

5. Privacy Incident Response and Remediation

• Serve as a senior privacy legal lead for incidents with actual or potential privacy implications.

• Partner with CSIRT Security Legal Compliance Product Communications and outside counsel as needed to assess privacy impact notification obligations customer commitments regulatory risk and remediation requirements.

• Develop and maintain privacy incident response playbooks escalation criteria privilege protocols documentation standards decision trees and post-incident remediation workflows.

• Advise on whether an incident triggers privacy notification customer notice regulator engagement contractual reporting or additional investigation.

• Ensure privacy incident records are accurate defensible privilege-aware and aligned with applicable regulatory and contractual obligations.

• Lead post-incident privacy reviews to identify control improvements policy updates training needs process changes product changes or customer communication improvements.

• Escalate high-risk privacy incidents to the CPPO and appropriate legal security and executive stakeholders.

6. Cookie Consent and Preference Governance

• Own the privacy legal standard for cookies tracking technologies consent preference management and related notices mindful of GDPR ePrivacy CCPA/CPRA CAN-SPAM CASL and related commercial messaging requirements.

• Create and lead a cross-functional consent framework involving Privacy Marketing Legal Marketing Operations Product Engineering Web Security and other relevant stakeholders.

• Establish rules for new cookies pixels SDKs tags analytics tools advertising technologies consent banners preference centers and regional consent experiences.

• Review and approve material changes to cookie banners consent flows preference-management tools tracking configurations and privacy notices.

• Coordinate periodic cookie scans and remediation reviews to ensure actual site behavior matches public notices consent configurations and applicable legal requirements.

7. Strategic Operating Model and CPPO Reporting

• Convert privacy operational assessment recommendations into practical governance structures playbooks decision rights workflows and metrics.

• Help the CPPO clarify boundaries among Privacy the Privacy Assistant General Counsel Product Legal Marketing Legal Commercial Legal Security GRC Product Engineering Marketing Legal Operations the Privacy Operations Specialist Factor Law and other stakeholders.

• Develop RACI models escalation criteria review protocols and dashboards for cross-functional privacy matters.

• Identify work that should remain attorney-owned versus work that should be handled by the Privacy Operations Specialist Factor Law automation shared services or other operational support.

• Prepare regular CPPO reporting on AI transformation DSAR operations Factor Law performance customer trust materials privacy incidents certifications cookie compliance and consent governance.

• Support annual privacy program planning budget discussions resource planning executive updates and privacy-function transformation initiatives.

What You’ll Need:

• J.D. and active bar membership.

• Significant experience in privacy data protection cybersecurity technology AI governance or a related field.

• Strong working knowledge of global privacy laws and regulatory expectations including GDPR CCPA/CPRA ePrivacy breach notification laws cross-border transfer requirements and emerging AI governance obligations.

• Experience advising on privacy incident response including legal assessment documentation notification analysis remediation and cross-functional escalation.

• Experience with Data Subject Rights / DSAR operations including workflow design templates identity verification exceptions escalation criteria and SLA management.

• Experience managing legal operations professionals privacy operations specialists alternative legal providers outside counsel or other legal service delivery partners.

• Experience creating or reviewing customer-facing privacy materials white papers FAQs trust center content privacy notices certification narratives or external data-practice claims.

• Excellent writing skills for customer-facing executive-facing and regulator-sensitive materials.

• Ability to partner effectively across Privacy Security GRC Marketing Legal Product Legal Commercial Legal Product Engineering Sales Customer Success IT Legal Operations and executive stakeholders.

• Strong program-building instincts including playbook creation governance design metrics escalation paths and operating-model development.

Bonus Points:

• CIPP/E CIPP/US CIPM AIGP or similar privacy data protection or AI governance credential.

• Experience with OneTrust or similar privacy management platforms.

• Experience with consent management platforms cookie scanning tools trust centers privacy automation tools or DSAR automation.

• Experience with privacy-related certifications assurance programs BCRs SCCs APEC CBPRs ISO/SOC support or GRC control frameworks.

• Experience in cybersecurity cloud SaaS enterprise technology threat intelligence endpoint security or security products.

• Experience implementing AI-enabled legal privacy compliance or operational workflows with appropriate human review and governance controls.

#LI-SC1

#LI-Remote

Benefits of Working at CrowdStrike:

• Market leader in compensation and equity awards

• Comprehensive physical and mental wellness programs 

• Competitive vacation and holidays for recharge  

• Paid parental and adoption leaves

• Professional development opportunities for all employees regardless of level or role

• Employee Networks geographic neighborhood groups and volunteer opportunities to build connections

• Vibrant office culture with world class amenities

• Great Place to Work Certified™ across the globe

CrowdStrike is proud to be an equal opportunity employer. We are committed to fostering a culture of belonging where everyone is valued for who they are and empowered to succeed. We support veterans and individuals with disabilities through our affirmative action program.

CrowdStrike is committed to providing equal employment opportunity for all employees and applicants for employment. The Company does not discriminate in employment opportunities or practices on the basis of race color creed ethnicity religion sex (including pregnancy or pregnancy-related medical conditions) sexual orientation gender identity marital or family status veteran status age national origin ancestry physical disability (including HIV and AIDS) mental disability medical condition genetic information membership or activity in a local human rights commission status with regard to public assistance or any other characteristic protected by law. We base all employment decisions--including recruitment selection training compensation benefits discipline promotions transfers lay-offs return from lay-off terminations and social/recreational programs--on valid job requirements.

If you need assistance accessing or reviewing the information on this website or need help submitting an application for employment or requesting an accommodation please contact us at [email protected] for further assistance.

Find out more about your rights as an applicant.

CrowdStrike participates in the E-Verify program.

Notice of E-Verify Participation

Right to Work

For detailed information about the U.S. benefits package please click here. 

What We Do

CrowdStrike has redefined security with the world’s most advanced cloud-native platform that protects and enables the people processes and technologies that drive modern enterprise. Tested and proven the world's largest organizations trust CrowdStrike to stop breaches with unparalleled protection against the most sophisticated cyberattacks. The CrowdStrike culture has been built upon our Core Values since the day we began. We are Fanatical About the Customer Relentlessly Focused on Innovation and believe that our Limitless Passion drives Unlimited Potential for every CrowdStriker. As a purpose-built remote-first company we believe cultivating a connected culture for every employee no matter where they are in the world is a key ingredient in building a high-performing diverse team. We don’t have a mission statement. We’re on a mission—to stop breaches. Ready to join a mission that matters?

Why Work With Us

We have a culture that celebrates achievement encourages flexibility and innovation and thrives on teamwork. We all work towards a single mission: to stop breaches. This common goal drives a sense of community and connection among our people across the globe.

Gallery