Director, Privacy Legal Counsel

Crinetics is a pharmaceutical company based in San Diego, California, developing much-needed therapies for people with endocrine diseases and endocrine-related tumors. We were founded by a dedicated team of scientists with the simple belief that better therapies developed from rigorous innovation can lead to better lives. Our work continues to make a real difference in the lives of patients. We have a prolific discovery engine and a robust preclinical and clinical development pipeline. We are driven by science with a patient-centric and team-oriented culture. Crinetics is known for its inclusive workplace culture. We are also a dog-friendly workplace. This is an exciting time to join Crinetics as we shape our organization into the world’s premier fully-integrated endocrine company from discovery to patients. Join our team as we transform the lives of others.

Position Summary:

Crinetics is seeking a highly experienced and strategic Director, Privacy Legal Counsel to lead and oversee the company’s global privacy program. Reporting to the Chief Legal Officer, this role is critical in ensuring compliance with United States and international privacy regulations, standards, and industry best practices. The Director will be Crinetics’ privacy subject-matter expert, advising on privacy, data protection, cybersecurity, and data governance initiatives across R&D, clinical development, IT, HR, and commercial operations.

The ideal candidate will bring deep experience counseling life-sciences organizations, a sophisticated understanding of global privacy frameworks, and the ability to translate complex legal requirements into actionable business guidance that supports innovation, patient trust, and ethical data use.

Essential Job Functions and Responsibilities:

These may include but are not limited to:

• Lead, design, implement, and maintain a comprehensive global privacy and data protection program, including policies, standards, procedures, and controls that align with U.S. and international regulations and industry best practices.

• Serve as the company’s primary advisor and subject-matter expert on privacy, data protection, cybersecurity, and data-use ethics across all business functions, including clinical development, research, pharmacovigilance, HR, IT, and commercial operations.

• Provide practical, timely, and strategic legal advice on privacy and data-security issues impacting research, development, and commercialization activities, balancing risk mitigation with operational efficiency.

• Counsel on privacy and data-protection considerations throughout the clinical-trial lifecycle, including informed consent, pseudonymization and de-identification, secondary data use, and cross-border data transfers involving CROs, investigators, vendors, and regulators.

• Support compliant data-use practices for real-world evidence, pharmacovigilance, patient-support programs, and digital health platforms, ensuring lawful processing and appropriate safeguards for sensitive health information.

• Advise on privacy, data-governance, and ethical considerations in connection with artificial intelligence (AI), machine learning (ML), and emerging digital technologies, including transparency, fairness, and explainability requirements under evolving AI and data-use frameworks (e.g., EU AI Act, Colorado AI Act).

• Monitor, interpret, and implement strategies to comply with emerging privacy and AI laws, including the GDPR, HIPAA, CCPA/CPRA, Colorado Privacy Act, Virginia Consumer Data Protection Act, Washington My Health My Data Act, Oregon Consumer Privacy Act, and other state, federal, and global regulations.

• Oversee Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs) for systems, clinical programs, and data-processing activities, and advise on remediation and risk-mitigation measures.

• Draft, review, and negotiate data-protection and privacy provisions in vendor, commercial, collaboration, and clinical research agreements, ensuring alignment with company policies and global legal requirements.

• Provide legal support for cross-border data transfers, including evaluation and implementation of Standard Contractual Clauses (SCCs), Transfer Impact Assessments (TIAs), and other transfer mechanisms.

• Partner with Compliance, IT, and Information Security to establish governance frameworks for data classification, access, retention, and disposal, promoting “privacy by design” and “security by default.”

• Play a leadership role in incident response investigations involving potential privacy or data-security events, including assessing regulatory notification obligations and advising on root-cause and remediation efforts.

• Develop and deliver enterprise-wide privacy training and communications to strengthen understanding of data-protection principles, regulatory requirements, and ethical data handling across the organization.

• Build strong cross-functional relationships with R&D, clinical, IT, HR, Compliance, and Commercial teams to foster a proactive, collaborative, and accountable privacy culture.

• Other duties as assigned

Education and Experience:

Required:

• Juris Doctor degree from accredited law school required

• 10+ years of relevant experience, with at least 5+ years in the biotechnology, pharmaceutical, or healthcare industry focusing on privacy and data protection.

• Leadership: a minimum of 8 years of experience as a supervisor with strong leadership skills and experience managing and developing high-performing teams. Ability to influence senior executives and cross-functional teams.

• Deep knowledge of HIPAA, GDPR, U.S. federal and state privacy laws, and global data-transfer frameworks.

• Proven experience developing and operationalizing privacy programs and managing complex, cross-functional privacy issues.

• Strong contract drafting and negotiation skills related to research agreements, particularly vendor, data-processing, and clinical agreements.

• In addition to top-notch legal skills and a strong ethical center, excellent interpersonal, strategic thinking, communication and organizational skills

• Ability to build consensus with diverse stakeholders and form strong, collaborative working relationships

• Ability to handle multiple projects in a fast-paced environment and exercise sound legal judgment

• In-house experience with product counseling, compliance, litigation, and regulatory teams

• Experience with commercial or consumer contracts involving data privacy

• High level of business acumen, excellent contract drafting and negotiation proficiency

Preferred:

• CIPP/US, CIPM, or equivalent privacy certification.

• AIGP or similar AI governance credentials.

• Experience supporting AI-driven innovation.

Physical Demands and Work Environment:

Physical Activities: On a continuous basis, sit at desk for a long period of time; intermittently answer telephone and write or use a keyboard to communicate through written means. Some walking and lifting up to 25 lbs. may be required. The noise level in the work environment is typically low to moderate. The physical demands described above are representative of those that must be met by an employee to successfully perform the essential functions and responsibilities of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions and responsibilities.

Laboratory Activities (if applicable): Biology and chemical laboratory environment experience needed. Environmental health and safety requirements also apply.

Travel:

You may be required to travel for up to 5% of your time.

Equal Opportunity Employer:

Crinetics is proud to be an Equal Opportunity Employer. We provide equal employment opportunities to all employees and employment applicants without regard to unlawful considerations of sex, sexual orientation, gender (including gender identity and/or expression), pregnancy, race, color, creed, national or ethnic origin, citizenship status, religion or similar philosophical beliefs, disability, marital and civil union status, age, genetic information, veteran status or any personal attribute or characteristic that is protected by applicable local, state or federal laws.

Total Compensation: 

The final salary offered to a successful candidate will be dependent on several factors that may include but are not limited to the type and length of experience and education. Crinetics Pharmaceuticals is a multi-state employer, and this salary range may not reflect positions that work in other states. Your recruiter can share more about the specific salary range during the hiring process.

Salary Range

In addition to your base pay, our total rewards program consists of a discretionary annual target bonus, stock options, ESPP, and 401k match. We also provide top-notch health insurance plans for employees (and their families) to include medical, dental, vision and basic life insurance, 20 days of PTO, 10 paid holidays, and a winter company shutdown.