Data and Privacy Counsel, London

Senior Legal Counsel (Data & Privacy), London

Isomorphic Labs is a new Alphabet company that is reimagining drug discovery through a computational- and AI-first approach.

We are on a mission to accelerate the speed, increase the efficacy and lower the cost of drug discovery. You'll be working at the cutting edge of the new era of 'digital biology' to deliver a transformative social impact for the benefit of millions of people. 

Come and be part of a multi-disciplinary team driving groundbreaking innovation and play a meaningful role in contributing towards us achieving our ambitious goals, while being a part of an inspiring, collaborative and entrepreneurial culture.

Your impact 

This is an exciting opportunity to contribute to a new initiative, working closely with world leading computational chemists and AI experts to devise imaginative approaches to developing the next generation of medicines. As Data and Privacy Counsel, you will support the building and evolution of our Company. 

As Data and Privacy Counsel, you will grow and develop in a high-growth environment. The Company will give you the opportunity to self-start, drive change, and lead. You will be encouraged and empowered to take initiative and have hands-on ownership of projects. This is an ideal role for someone who is keen to work closely with stakeholders in a dynamic and innovative global business environment focused on cutting-edge technology. 

What you will do 

You will serve as lead subject matter expert within our Legal team on all privacy and data protection matters. You will report to the General Counsel based in London and work closely with the Legal team and other cross-functional stakeholders throughout the Company. Your areas of responsibilities will include the following, as may be expanded from time to time: 

Data Privacy Compliance:

• Conducting regular assessments of the Company's data privacy practices and identifying potential risks within global data and privacy frameworks, including GDPR
• Developing and implementing data privacy policies, procedures, and guidelines
• Overseeing and managing the Company's data mapping initiatives, ensuring accurate identification, classification, and documentation of personal data
• Advising on cross-border data transfers and data localisation requirements
• Monitoring evolving data privacy laws and regulations, assessing their impact on the Company and communicating to relevant internal stakeholders
• Managing Company’s ongoing compliance with third parties’ privacy, data protection and use or access requirements
• Engaging and managing outside counsel on privacy-related matters

Data Security:

• Collaborating with Tech, Data Engineering and Security teams to implement appropriate technical and organisational measures to protect data
• Conducting Data Protection Impact Assessments (DPIA) and developing cybersecurity incident response plans, including data breach response
• Advising on data breach notification obligations and coordinating incident response activities
• Counseling business stakeholders on building systems to mitigate privacy, data protection and security risks

Contract Review:

• Managing negotiation of applicable agreements based on data ingestion strategy
• Supporting contracts involving data processing, data sharing, and relevant IP considerations
• Advising internal stakeholders on data and privacy considerations across all enterprise agreements, such as service agreements, material transfer agreements, R&D agreements, licensing, collaboration and partnering deals, manufacturing agreements and clinical trial agreements
• Ensuring that contracts comply with applicable data privacy laws, industry standards, and partnership requirements

Legal Counsel:

• Providing legal advice and drafting Company policies on a wide range of privacy and data protection issues, including data minimisation, purpose limitation, and data retention
• Advising engineering and product teams to develop legally compliant and sustainable systems
• Representing the Company in regulatory investigations and enforcement actions
• Supporting preparation and execution of audits of global privacy practices, including responding to due diligence questions for corporate transactions
• Advising internal stakeholders on key considerations related to the legal and ethical use of various types of data to train AI/ML models and the proper use of generative AI tools
• Reviewing incoming requests for AI use cases and assist in maturing AI governance framework and policies from a data protection perspective
• Collaborating with other Legal team members to provide comprehensive legal support on various workstreams
• Drafting and implementing internal policies and procedures to appropriately manage data and privacy risk
• Counseling senior leadership on privacy and data protection risks
• Developing and delivering legal and compliance training to internal stakeholders

Skills and qualifications 

Essential: 

• 5+ years' experience at a large law firm or in-house role with 2+ years spent negotiating data license agreements
• Strong understanding of global data and privacy frameworks, including those applicable in the research, development and approval of new medicines
• LLB / JD from accredited law school, demonstrated academic achievement or equivalent 
• Current Bar membership in good standing
• Experience advising clients on building processes related to data ingestion strategy, data auditing and compliance matters
• Experience advising clients on data and privacy matters for major corporate transactions including financing, M&A or similar
• Demonstrated interest in technology and AI, including recent AI regulatory developments
• Ability to grasp scientific and technical concepts quickly 
• Ability to form strong, positive relationships with colleagues and operate efficiently and effectively in a fast-paced, innovative business climate 
• Ability to proactively identify and analyse potential legal issues and develop creative, pragmatic and business-oriented legal advice and solutions

Nice to have: 

• Scientific (Bachelor of Science in biology, chemistry, biochemistry, physics, computer science, etc.) or IP background
• Certified Information Privacy Professional (CIPP) certification or similar with experience with ISO 27701, SOC 1 & 2
• Experience working within a growing organisation and legal team
• In-house AI drug discovery experience or experience supporting data and privacy matters related to clinical development operations
• One or more cybersecurity or AI-related certifications

Culture and values

What does it take to be successful at IsoLabs? It's not about finding people who think and act in the same way, but we do have some shared values:

Thoughtful
Thoughtful at Iso is about curiosity, creativity and care. It is about good people doing good, rigorous and future-making science every single day.

Brave
Brave at Iso is about fearlessness, but it’s also about initiative and integrity. The scale of the challenge demands nothing less.

Determined
Determined at Iso is the way we pursue our goal. It’s a confidence in our hypothesis, as well as the urgency and agility needed to deliver on it. Because disease won’t wait, so neither should we.

Together
Together at Iso is about connection, collaboration across fields and catalytic relationships. It’s knowing that transformation is a group project, and remembering that what we’re doing will have a real impact on real people everywhere.

Creating an inclusive company

We realise that to be successful we need our teams to reflect and represent the populations we are striving to serve. We’re working to build a supportive and inclusive environment where collaboration is encouraged and learning is shared. We value diversity of experience, knowledge, backgrounds and perspectives and harness these qualities to create extraordinary impact. 

We are committed to equal employment opportunities regardless of sex, race, religion or belief, ethnic or national origin, disability, age, citizenship, marital, domestic or civil partnership status, sexual orientation, gender identity, pregnancy or related condition (including breastfeeding) or any other basis protected by applicable law. If you have a disability or additional need that requires accommodation, please do not hesitate to let us know.

Hybrid working

It’s hugely important for us to be able to share knowledge and establish relationships with each other, and we find it easier to do this if we spend time together in person. This is why we’ve decided to follow a hybrid model, and for full time positions we would require you to be able to come into the office 3 days a week (currently Tue, Wed, and one other day depending on which team you’re in). For part time positions this may vary.  As an equal opportunities employer we are committed to building an equal and inclusive team. If you have additional needs that would prevent you from following this hybrid approach, we’d be happy to talk through these if you’re selected for an initial screening call.

Please note that when you submit an application, your data will be processed in line with our privacy policy.

>> Click to view other open roles at Isomorphic Labs