Director, Data Privacy & Security Legal

Job Description

As a company, we challenge industry norms by pushing one another to think creatively about complex questions. Our legal team is no exception. We think critically about the range of legal issues our business faces and act in a manner consistent with our freedom and responsibility culture, one marked by a bias toward action, collaborative work, candid discussions, by leaning into smart risks and taking ownership of bold decisions. Our culture is unique, and we live by our values. We encourage learning more about Netflix through our culture memo and long term view.

The candidate will support our Information Security team, advancing compliance with data protection and security laws in a balanced, risk-based manner that allows our business to grow and expand, drawing on knowledge and experience with specific government/industry requirements and best practices. This position will support all aspects of security across our business (streaming video, studio, etc.), with a focus on providing proactive guidance to support key decisions, including areas of focus and strategic technical investments for building and improving the security program. The position will also support investigations, breach notification, incident management, and litigation. The candidate will need to develop a deep functional understanding of Netflix's data assets and information flows across the company as well as our use of analytics. The position will report to the Vice President of Data Privacy and Security, and will work in an ongoing and collaborative way with relevant Legal, Security and Public Policy groups.

Desired Skills and Experience

At least 10 to 15 years of experience counseling and providing strategic thought partnership in the cybersecurity space. Experience in the entertainment and/or technology industries required, significant in-house legal work is a plus.

This position also requires, at a minimum, the following experience and personal skills:
• A JD and qualifications to practice before at least one US State bar
• A background in computer science or computer engineering preferred but not required
• Strong substantive knowledge of cyber-security legal requirements globally, as well as familiarity with PCI-DSS standards and NIST privacy and cybersecurity frameworks
• Strong risk-tolerance and experienced perspective on building, improving and maintaining an information security program
• Ability to work well under pressure with diligence, organization, and minimal supervision, and provide practical advice to stakeholders
• Excellent judgment and ability to communicate concisely and candidly
• Strong collaborative skills
• A sense of humor (although ideally you are live and not a cat)

Jobcode: Reference SBJ-gx1bbz-3-149-229-253-42 in your application.