Senior Counsel, Health Privacy #3579



New York, NY, USA · Remote
Posted on Tuesday, February 6, 2024
GRAIL is a healthcare company whose mission is to detect cancer early, when it can be cured. GRAIL is focused on alleviating the global burden of cancer by developing pioneering technology to detect and identify multiple deadly cancer types early. The company is using the power of next-generation sequencing, population-scale clinical studies, and state-of-the-art computer science and data science to enhance the scientific understanding of cancer biology, and to develop its multi-cancer early detection blood test. GRAIL is headquartered in Menlo Park, CA with locations in Washington, D.C., North Carolina, and the United Kingdom. GRAIL, LLC is a wholly-owned subsidiary of Illumina, Inc. (NASDAQ:ILMN). For more information, please visit
GRAIL’s Legal Department is seeking a dynamic and collaborative Senior Counsel to join the Privacy team, supporting GRAIL’s privacy program, clinical research program and real world evidence program. This role will work cross-functionally to deliver novel and strategic solutions to complex issues while mitigating risk. The Senior Counsel, Health Privacy will report directly to GRAIL’s Global Privacy Counsel and Privacy Officer and work closely with our product development, commercial, clinical quality compliance, marketing, and information security teams. You will counsel executives and product leads on US and ex-US data privacy and security laws and support the maturation of GRAIL’s global data privacy program. This role requires the ability to work independently and present analysis and counsel to executive leaders and key business stakeholders.
This is a hybrid role with 2 days in the office in Menlo Park, CA


  • Provide timely compliance advice to internal clients on a wide range of matters, including permissible data uses for strategic initiatives and the application of global privacy laws and evolving regulatory guidance to current business processes, new product development, research collaborations and other commercial partnerships
  • Support the corporate transactions team in negotiating data use and data protection terms in complex commercial agreements, vendor agreements, data sharing agreements (e.g., DUAs, MTAs, BAAs), clinical trial agreements, and other collaboration agreements covering all stages of a product’s life cycle (i.e., research, development and commercialization)
  • Support investigation, analysis and remediation of privacy and security incidents
  • Assist with the development of policies and procedures, privacy training, and awareness activities to continuously advance GRAIL’s privacy program
  • Working independently, stay up-to-date on new developments in regulatory enforcement activity, new comprehensive state privacy laws, and industry standard privacy practices as well as identify ways to continuously improve templates, forms, processes, and operations.
  • Collaborate with the information security team on various data security initiatives, risk management, third party audits/certifications, and vendor assessments

Preferred Qualifications

  • A US based Law degree from accredited law school and active member of a state bar or registration as in-house counsel
  • 7+ years of privacy and health regulatory experience, ideally with a mix of national law firm experience and prior in-house life sciences experience strongly preferred
  • Deep knowledge of data privacy laws and regulations and industry guidelines across global markets, including the Health Insurance Portability and Accountability Act (HIPAA), the Federal Trade Commission (FTC) Act, U.S. state comprehensive privacy laws (e.g., California Consumer Privacy Act (CCPA)), genetic information privacy laws, and the EU General Data Protection Regulation (GDPR)
  • Extensive experience advising on data sharing, the collection and use of real world data, de-identification, and secondary uses of data
  • Experience maintaining components of a global privacy compliance program and supporting privacy by design processes to identify privacy controls for systems and software applications that process personal data
  • Familiarity with artificial intelligence governance and use of personal data in artificial intelligence/machine learning products a strong plus
The expected, full-time, annual base pay scale for this position is $223K-$265K. Actual base pay will consider skills, experience, and location.
Based on the role, colleagues may be eligible to participate in an annual bonus plan tied to company and individual performance, or an incentive plan. We also offer a long-term incentive plan to align company and colleague success over time.
In addition, GRAIL offers a progressive benefit package, including flexible time-off, a 401k with a company match, and alongside our medical, dental, vision plans, carefully selected mindfulness offerings.
GRAIL is an Equal Employment Employer and does not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability or any other legally protected status. We will reasonably accommodate all individuals with disabilities so that they can participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation. GRAIL maintains a drug-free workplace.