Assistant General Counsel, Privacy Transformation, Trust & Operations (Remote)

As a global leader in cybersecurity, CrowdStrike protects the people, processes and technologies that drive modern organizations. Since 2011, our mission hasn’t changed — we’re here to stop breaches, and we’ve redefined modern security with the world’s most advanced AI-native platform. Our customers span all industries, and they count on CrowdStrike to keep their businesses running, their communities safe and their lives moving forward. We’re also a mission-driven company. We cultivate a culture that gives every CrowdStriker both the flexibility and autonomy to own their careers. We’re always looking to add talented CrowdStrikers to the team who have limitless passion, a relentless focus on innovation and a fanatical commitment to our customers, our community and each other. Ready to join a mission that matters? The future of cybersecurity starts with you.

About the Role:

CrowdStrike is seeking an Assistant General Counsel, Privacy Transformation, Trust & Operations to report directly to the Chief Privacy & Public Policy Officer and partner closely with the Privacy Assistant General Counsel (Data Protection & Policy) to serve as a senior legal and operational leader for the privacy function’s AI transformation, customer trust, and operational initiatives. This is a builder role for a senior privacy attorney who can translate complex legal obligations into practical governance, scalable operating models, customer-facing trust assets, and defensible risk-management processes. The mission of this role is to help make CrowdStrike’s privacy program more strategic, more scalable, more AI-enabled, and more effective as a driver of customer trust. This role will directly manage the Privacy Operations Specialist and will own the strategic operating relationship with alternative legal service provider resources, including scope expansion, escalation protocols, quality standards, performance reporting, and opportunities to move repeatable work out of the attorney queue. This is not a traditional privacy counsel role focused primarily on routine legal review. 

What You’ll Do:

In this role, you will provide practical, risk-based legal and operational guidance to modernize how the privacy function works, scales, and supports the business.

1. AI Transformation and Privacy Governance

• Lead the strategy for AI transformation across the privacy function, including AI-enabled workflows, automation, knowledge management, legal review controls, and responsible use of approved AI tools.

• Create legally reviewed guardrails for AI-assisted privacy work, including regulatory monitoring, customer-facing content generation, DSAR triage support, DPIA routing, contract comparison, incident summaries, and privacy knowledge management.

• Ensure AI-enabled privacy workflows preserve human ownership, legal judgment, privilege protection, source traceability, auditability, data classification rules, and appropriate escalation.

• Partner with Product Legal, Security, GRC, IT, Legal Operations, and other stakeholders to identify privacy workflows, including vendor reviews, that can be safely automated, delegated, or enhanced through AI.

2. Privacy Operations, Data Subject Rights, and Alternative Legal Service Provider Strategy

• Own the privacy function’s Data Subject Rights operating model, including DSAR governance, workflow design, service levels, templates, quality controls, escalation thresholds, reporting, and continuous improvement.

• Directly manage the Privacy Operations Specialist, who will remain responsible for day-to-day DSAR execution, operational coordination, tooling, reporting, and alternative legal provider workflow management.

• Own the strategic relationship with Factor Law and other legal service delivery partners, including scope definition, expansion opportunities, escalation criteria, quality review, performance metrics, and regular business reviews.

• Partner with the Privacy Operations Specialist, alternative legal provider, IT, and Legal Operations to improve DSAR tooling, automation, intake routing, deadline tracking, case documentation, metrics, and reporting.

• Develop DSAR playbooks, templates, decision trees, and escalation matrices that enable standard matters to be handled efficiently while preserving attorney control over higher-risk issues.

3. Customer Trust, White Papers, and External Privacy Narrative

• Own the legal strategy for customer-facing privacy trust materials, including white papers, FAQs, trust center content, data processing explainers, AI/privacy narratives, privacy notices, certification summaries, and external privacy claims.

• Translate CrowdStrike’s privacy posture into clear, accurate, business-friendly materials that support Sales, Customer Success, Commercial Legal, Product, Security, GRC, Marketing, and executive stakeholders.

• Create a formal review and sign-off model with Marketing Legal and other relevant teams to ensure that customer-facing privacy materials are legally accurate, commercially useful, and supportable.

• Build a reusable library of privacy trust assets to reduce one-off escalations and help customers understand CrowdStrike’s approach to data protection, AI, telemetry, subprocessors, cross-border transfers, retention, privacy-by-design, security data, and incident handling.

• Partner with Privacy Leadership, Sales, Customer Success, Commercial Legal, and Product Legal to identify recurring customer privacy questions and convert them into scalable trust content.

• Support strategic customer engagements where privacy, AI, incident response, certifications, international transfers, or data-use questions are material to the relationship.

• Ensure that all external privacy and data-practice claims are accurate, consistent, current, and aligned with CrowdStrike’s contractual, regulatory, and operational reality.

4. Certifications, Assurance, and Evidence Strategy

• Partner with Privacy Leadership, GRC, Security, Compliance, Product, Engineering, and Legal stakeholders to support privacy-related certifications, attestations, audits, customer assurance requests, and control frameworks.

• Own certifications specific to Privacy, including the Data Privacy Framework, Global CBPR, APEC CBPR/PRP, and related privacy assurance programs, as applicable.

• Develop a privacy evidence strategy that connects internal controls to external commitments, customer diligence, regulatory expectations, and certification requirements.

• Create legally reviewed privacy narratives for certification and assurance topics, including cross-border transfers, BCRs, SCCs, APEC CBPRs, subprocessor governance, retention, access controls, incident response, privacy-by-design, consent, and AI governance.

• Help ensure that customer-facing certification statements and privacy assurance materials are accurate, current, and consistent with internal controls and legal obligations.

• Support readiness assessments and remediation planning where certification or assurance efforts identify privacy control gaps.

• Serve as the privacy legal partner to GRC and Security on privacy control ownership, evidence quality, audit responses, and customer assurance positioning.

5. Privacy Incident Response and Remediation

• Serve as a senior privacy legal lead for incidents with actual or potential privacy implications.

• Partner with CSIRT, Security, Legal, Compliance, Product, Communications, and outside counsel as needed to assess privacy impact, notification obligations, customer commitments, regulatory risk, and remediation requirements.

• Develop and maintain privacy incident response playbooks, escalation criteria, privilege protocols, documentation standards, decision trees, and post-incident remediation workflows.

• Advise on whether an incident triggers privacy notification, customer notice, regulator engagement, contractual reporting, or additional investigation.

• Ensure privacy incident records are accurate, defensible, privilege-aware, and aligned with applicable regulatory and contractual obligations.

• Lead post-incident privacy reviews to identify control improvements, policy updates, training needs, process changes, product changes, or customer communication improvements.

• Escalate high-risk privacy incidents to the CPPO and appropriate legal, security, and executive stakeholders.

6. Cookie, Consent, and Preference Governance

• Own the privacy legal standard for cookies, tracking technologies, consent, preference management, and related notices, mindful of GDPR, ePrivacy, CCPA/CPRA, CAN-SPAM, CASL, and related commercial messaging requirements.

• Create and lead a cross-functional consent framework involving Privacy, Marketing Legal, Marketing Operations, Product, Engineering, Web, Security, and other relevant stakeholders.

• Establish rules for new cookies, pixels, SDKs, tags, analytics tools, advertising technologies, consent banners, preference centers, and regional consent experiences.

• Review and approve material changes to cookie banners, consent flows, preference-management tools, tracking configurations, and privacy notices.

• Coordinate periodic cookie scans and remediation reviews to ensure actual site behavior matches public notices, consent configurations, and applicable legal requirements.

7. Strategic Operating Model and CPPO Reporting

• Convert privacy operational assessment recommendations into practical governance structures, playbooks, decision rights, workflows, and metrics.

• Help the CPPO clarify boundaries among Privacy, the Privacy Assistant General Counsel, Product Legal, Marketing Legal, Commercial Legal, Security, GRC, Product, Engineering, Marketing, Legal Operations, the Privacy Operations Specialist, Factor Law, and other stakeholders.

• Develop RACI models, escalation criteria, review protocols, and dashboards for cross-functional privacy matters.

• Identify work that should remain attorney-owned versus work that should be handled by the Privacy Operations Specialist, Factor Law, automation, shared services, or other operational support.

• Prepare regular CPPO reporting on AI transformation, DSAR operations, Factor Law performance, customer trust materials, privacy incidents, certifications, cookie compliance, and consent governance.

• Support annual privacy program planning, budget discussions, resource planning, executive updates, and privacy-function transformation initiatives.

What You’ll Need:

• J.D. and active bar membership.

• Significant experience in privacy, data protection, cybersecurity, technology, AI governance, or a related field.

• Strong working knowledge of global privacy laws and regulatory expectations, including GDPR, CCPA/CPRA, ePrivacy, breach notification laws, cross-border transfer requirements, and emerging AI governance obligations.

• Experience advising on privacy incident response, including legal assessment, documentation, notification analysis, remediation, and cross-functional escalation.

• Experience with Data Subject Rights / DSAR operations, including workflow design, templates, identity verification, exceptions, escalation criteria, and SLA management.

• Experience managing legal operations professionals, privacy operations specialists, alternative legal providers, outside counsel, or other legal service delivery partners.

• Experience creating or reviewing customer-facing privacy materials, white papers, FAQs, trust center content, privacy notices, certification narratives, or external data-practice claims.

• Excellent writing skills for customer-facing, executive-facing, and regulator-sensitive materials.

• Ability to partner effectively across Privacy, Security, GRC, Marketing Legal, Product Legal, Commercial Legal, Product, Engineering, Sales, Customer Success, IT, Legal Operations, and executive stakeholders.

• Strong program-building instincts, including playbook creation, governance design, metrics, escalation paths, and operating-model development.

Bonus Points:

• CIPP/E, CIPP/US, CIPM, AIGP, or similar privacy, data protection, or AI governance credential.

• Experience with OneTrust or similar privacy management platforms.

• Experience with consent management platforms, cookie scanning tools, trust centers, privacy automation tools, or DSAR automation.

• Experience with privacy-related certifications, assurance programs, BCRs, SCCs, APEC CBPRs, ISO/SOC support, or GRC control frameworks.

• Experience in cybersecurity, cloud, SaaS, enterprise technology, threat intelligence, endpoint security, or security products.

• Experience implementing AI-enabled legal, privacy, compliance, or operational workflows with appropriate human review and governance controls.

#LI-SC1

#LI-Remote

Benefits of Working at CrowdStrike:

• Market leader in compensation and equity awards

• Comprehensive physical and mental wellness programs 

• Competitive vacation and holidays for recharge  

• Paid parental and adoption leaves

• Professional development opportunities for all employees regardless of level or role

• Employee Networks, geographic neighborhood groups, and volunteer opportunities to build connections

• Vibrant office culture with world class amenities

• Great Place to Work Certified™ across the globe

CrowdStrike is proud to be an equal opportunity employer. We are committed to fostering a culture of belonging where everyone is valued for who they are and empowered to succeed. We support veterans and individuals with disabilities through our affirmative action program.

CrowdStrike is committed to providing equal employment opportunity for all employees and applicants for employment. The Company does not discriminate in employment opportunities or practices on the basis of race, color, creed, ethnicity, religion, sex (including pregnancy or pregnancy-related medical conditions), sexual orientation, gender identity, marital or family status, veteran status, age, national origin, ancestry, physical disability (including HIV and AIDS), mental disability, medical condition, genetic information, membership or activity in a local human rights commission, status with regard to public assistance, or any other characteristic protected by law. We base all employment decisions--including recruitment, selection, training, compensation, benefits, discipline, promotions, transfers, lay-offs, return from lay-off, terminations and social/recreational programs--on valid job requirements.

If you need assistance accessing or reviewing the information on this website or need help submitting an application for employment or requesting an accommodation, please contact us at [email protected] for further assistance.

Find out more about your rights as an applicant.

CrowdStrike participates in the E-Verify program.

Notice of E-Verify Participation

Right to Work

CrowdStrike, Inc. is committed to fair and equitable compensation practices. Placement within the pay range is dependent on a variety of factors including, but not limited to, relevant work experience, skills, certifications, job level, supervisory status, and location. The base salary range for this position for all U.S. candidates is $210,000 - $300,000 per year, with eligibility for bonuses, equity grants and a comprehensive benefits package that includes health insurance, 401k and paid time off.

For detailed information about the U.S. benefits package, please click here. 

Expected Close Date of Job Posting is:08-02-2026