Data and Privacy Counsel, London

Senior Legal Counsel (Data & Privacy), London

Isomorphic Labs is a new Alphabet company that is reimagining drug discovery through a computational- and AI-first approach.

We are on a mission to accelerate the speed, increase the efficacy and lower the cost of drug discovery. You'll be working at the cutting edge of the new era of 'digital biology' to deliver a transformative social impact for the benefit of millions of people. 

Come and be part of a multi-disciplinary team driving groundbreaking innovation and play a meaningful role in contributing towards us achieving our ambitious goals, while being a part of an inspiring, collaborative and entrepreneurial culture.

Your impact 

This is an exciting opportunity to contribute to a new initiative, working closely with world leading computational chemists and AI experts to devise imaginative approaches to developing the next generation of medicines. As Data and Privacy Counsel, you will support the building and evolution of our Company. 

As Data and Privacy Counsel, you will grow and develop in a high-growth environment. The Company will give you the opportunity to self-start, drive change, and lead. You will be encouraged and empowered to take initiative and have hands-on ownership of projects. This is an ideal role for someone who is keen to work closely with stakeholders in a dynamic and innovative global business environment focused on cutting-edge technology. 

What you will do 

You will serve as lead subject matter expert within our Legal team on all privacy and data protection matters. You will report to the General Counsel based in London and work closely with the Legal team and other cross-functional stakeholders throughout the Company. Your areas of responsibilities will include the following, as may be expanded from time to time: 

Data Privacy Compliance:

• Conducting regular assessments of the Company's data privacy practices and identifying potential risks within global data and privacy frameworks, including GDPR
• Developing and implementing data privacy policies, procedures, and guidelines
• Overseeing and managing the Company's data mapping initiatives, ensuring accurate identification, classification, and documentation of personal data
• Advising on cross-border data transfers and data localisation requirements
• Monitoring evolving data privacy laws and regulations, assessing their impact on the Company and communicating to relevant internal stakeholders
• Managing Company’s ongoing compliance with third parties’ privacy, data protection and use or access requirements
• Engaging and managing outside counsel on privacy-related matters

Data Security:

• Collaborating with Tech, Data Engineering and Security teams to implement appropriate technical and organisational measures to protect data
• Conducting Data Protection Impact Assessments (DPIA) and developing cybersecurity incident response plans, including data breach response
• Advising on data breach notification obligations and coordinating incident response activities
• Counseling business stakeholders on building systems to mitigate privacy, data protection and security risks

Contract Review:

• Managing negotiation of applicable agreements based on data ingestion strategy
• Supporting contracts involving data processing, data sharing, and relevant IP considerations
• Advising internal stakeholders on data and privacy considerations across all enterprise agreements, such as service agreements, material transfer agreements, R&D agreements, licensing, collaboration and partnering deals, manufacturing agreements and clinical trial agreements
• Ensuring that contracts comply with applicable data privacy laws, industry standards, and partnership requirements

Legal Counsel:

• Providing legal advice and drafting Company policies on a wide range of privacy and data protection issues, including data minimisation, purpose limitation, and data retention
• Advising engineering and product teams to develop legally compliant and sustainable systems
• Representing the Company in regulatory investigations and enforcement actions
• Supporting preparation and execution of audits of global privacy practices, including responding to due diligence questions for corporate transactions
• Advising internal stakeholders on key considerations related to the legal and ethical use of various types of data to train AI/ML models and the proper use of generative AI tools
• Reviewing incoming requests for AI use cases and assist in maturing AI governance framework and policies from a data protection perspective
• Collaborating with other Legal team members to provide comprehensive legal support on various workstreams
• Drafting and implementing internal policies and procedures to appropriately manage data and privacy risk
• Counseling senior leadership on privacy and data protection risks
• Developing and delivering legal and compliance training to internal stakeholders

Skills and qualifications 

Essential: 

• 5+ years' experience at a large law firm or in-house role with 2+ years spent negotiating data license agreements
• Strong understanding of global data and privacy frameworks, including those applicable in the research, development and approval of new medicines
• LLB / JD from accredited law school, demonstrated academic achievement or equivalent 
• Current Bar membership in good standing
• Experience advising clients on building processes related to data ingestion strategy, data auditing and compliance matters
• Experience advising clients on data and privacy matters for major corporate transactions including financing, M&A or similar
• Demonstrated interest in technology and AI, including recent AI regulatory developments
• Ability to grasp scientific and technical concepts quickly 
• Ability to form strong, positive relationships with colleagues and operate efficiently and effectively in a fast-paced, innovative business climate 
• Ability to proactively identify and analyse potential legal issues and develop creative, pragmatic and business-oriented legal advice and solutions

Nice to have: 

• Scientific (Bachelor of Science in biology, chemistry, biochemistry, physics, computer science, etc.) or IP background
• Certified Information Privacy Professional (CIPP) certification or similar with experience with ISO 27701, SOC 1 & 2
• Experience working within a growing organisation and legal team
• In-house AI drug discovery experience or experience supporting data and privacy matters related to clinical development operations
• One or more cybersecurity or AI-related certifications