Associate General Counsel, Privacy & Compliance

Team Description 

We are a small, dedicated legal team deeply embedded in the business. You will be a vital part of a collaborative and adaptive team that embraces a growth mindset. We handle a wide range of legal issues, and you will have the opportunity to take ownership of key projects and make a tangible, company-wide impact on the business. 

Job Description and Responsibilities 

Neuralink is hiring an Associate General Counsel to build and lead the company’s privacy and compliance program end-to-end. You will own the privacy strategy across our most sensitive data — neural recordings, clinical trial data, and the health information of the patients we serve — and stand up the compliance program that governs how Neuralink interacts with clinical investigators, physicians, hospitals, patients, and federal healthcare programs. 

You will report to the General Counsel and partner closely with Clinical, Regulatory, and Engineering. You will set the privacy and compliance posture, design the program, and translate complex global obligations into clear guardrails the team can move quickly within. We are looking for an operator-attorney who is excited to roll up their sleeves, not someone who wants to manage a program from a distance. 

As our Associate General Counsel, Privacy & Compliance, you will: 

• Lead Neuralink’s privacy program across the United States and international jurisdictions, including governance, policies, training, vendor diligence, incident response, and data subject rights. 
• Serve as the company’s subject-matter authority on HIPAA and clinical trial data. Partner with Clinical, Regulatory, and research ethics committee liaisons to ensure informed consent, BAAs, and study protocols are aligned with patient privacy expectations, best practices, and regulatory requirements. 
• Own global privacy compliance and the full set of US state privacy laws. Drive privacy compliance for new market entry as Neuralink expands clinical trials and product availability internationally.
• Drive Privacy by Design with Product and Engineering, including conducting PIAs and DPIAs for new features and clinical study protocols, advising on data minimization and retention, and helping engineering teams ship faster by giving clear, early, implementable guidance. 
• Lead vendor privacy reviews and DPA negotiations, including BAAs, SCCs, transfer impact assessments, and subprocessor management, and own the data flow map for the company.
• Maintain the company’s privacy notices, internal data handling standards, employee privacy policies, and DSAR/data rights response process. 
• Lead the privacy incident response function in partnership with Security; own breach assessment, notification analysis, and regulator-facing communications. 
• Lead Neuralink’s healthcare compliance program, including the policies, training, monitoring, auditing, and reporting infrastructure of a company operating in a federally regulated healthcare environment (OIG Seven Elements framework). 
• Advise on interactions with healthcare professionals, hospitals, and clinical investigators, including AdvaMed Code adherence, Sunshine Act reporting, state HCP-interaction laws
• Track and translate regulatory developments and enforcements into concrete operational changes. 

Key Qualifications 

• A J.D. from an accredited law school and active membership in at least one state bar (California or Texas preferred). 
• Privacy experience at a medical device company or high-growth health technology company (e.g., digital health, wearable tech, or life science company specializing in devices or advanced clinical data systems). 
• A minimum of 10 years of privacy-focused legal practice, with substantial in-house experience leading a privacy program. CIPP/US and CIPP/E (or equivalent) strongly preferred. 
• Deep, hands-on expertise with HIPAA (Privacy, Security, and Breach Notification Rules), including BAA negotiation and the privacy dimensions of clinical research (IRB processes, informed consent). 
• Demonstrated command of GDPR, UK GDPR, and the US state privacy law landscape, including international data transfers and DPO/representative obligations. 
• Track record of running Privacy by Design with engineering and product teams — PIAs, DPIAs, data mapping, and embedding privacy into product development. 
• Strong contracts background: DPAs, BAAs, vendor privacy provisions.
• Operational fluency. You can build a program, not just advise on one. You have personally stood up policies, processes, and tooling, and you know how to measure whether they’re working. 
• Excellent judgment under ambiguity. You can take a novel question with no clean regulatory analog and produce a clear, defensible answer that the business can act on.
• Clear writing, rigor, and direct communication. You can translate privacy law into guidance engineers and clinicians can actually use.

Preferred Qualifications 

• Familiarity with the privacy issues unique to neural, biometric, and other sensitive categories of data. 
• Working knowledge of AI/ML governance and the privacy interplay with model training data, including EU AI Act obligations. 
• Experience supporting international expansion (clinical trial site activation, data localization, cross-border transfers). 
• Comfort engaging directly with regulators. 
• Experience running a compliance hotline and privileged internal investigations, and evaluating OIG/CMS self-disclosure pathways. 

What You’ll Find Here 

A mission you can’t get anywhere else. A small, dense team that ships, gives you real ownership, and expects you to think for yourself. The hardest privacy problems in the industry, and the trust to solve them.