Senior Counsel, Cybersecurity and Incident Management

Role Description

As Senior Counsel, Cybersecurity and Incident Management, you will lead Dropbox’s incident response program and be responsible for cybersecurity counseling. This fast-paced role includes complying with global data breach notification laws, complying with cybersecurity rules and regulations, engaging with regulators, and advising on a wide range of legal issues that impact all aspects of Dropbox’s business. You will also help coordinate a global program that promotes user trust and facilitates company-wide responses to customer- and employee-impacting events. If you are passionate about security, privacy, and incident response, and thrive in an environment of uncertainty, then this role is for you.

Responsibilities

• Investigate and assess security and privacy incidents, analyze legal responsibilities, and drive legal and regulatory responses.
• Lead, and provide legal support to, Dropbox’s incident response program, which deals with a wide range of business issues beyond security and privacy.
• Coordinate a team of on-call business managers that provide 24/7 support to incidents, and manage one incident response attorney.
• Engage and coordinate with leaders and executives throughout the company to respond to business-impacting incidents.
• Provide sophisticated advice to engineers working on security, threat intelligence, and abuse issues.
• Ensure compliance with global cybersecurity laws.
• Promote and foster a culture of trust within and outside of Dropbox.

Requirements

• 5+ years of post-JD legal experience, ideally with experience counseling privacy, security, breach notification, and incident response matters.
• Strong understanding of, and experience with, domestic and global breach notification and cybersecurity laws, including GDPR, HIPAA, US state breach laws, and SEC cybersecurity disclosure rules.
• Familiarity with technology and the ability to interact with highly-technical engineers and security personnel.
• Willingness to support incident response outside of traditional business hours.
• Great people skills and ability to work well in a fast-paced team environment with a wide range of technical and non-technical teams.
• Excellent writing, communication, and organizational skills.
• JD, admitted to a US state bar, distinctive academic record.

Preferred Qualifications

• Basic knowledge of SQL or other query/programming languages is a plus.
• Previous experience at a tech company.
• Previous management experience.

Compensation