Senior Director, Privacy, Security & Data Compliance

At Snowflake, we are powering the era of the agentic enterprise. To usher in this new era, we seek AI-native thinkers across every function who are energized by the opportunity to reinvent how they work. You don’t just use tools; you possess an innate curiosity, treating AI as a high-trust collaborator that is core to how you solve problems and accelerate your impact. We look for low-ego individuals who thrive in dynamic and fast-moving environments and move with an experimental mindset — who rapidly test emerging capabilities to discover simpler, more powerful ways to deliver results. At Snowflake, your role isn't just to execute a function, but to help redefine the future of how work gets done.

Snowflake is seeking an experienced and pragmatic attorney to lead our 14-person Privacy, Legal Security, and Data Compliance teams. You will report to Snowflake’s VP and Deputy General Counsel - Corporate, Trust, and Employment. The role is in-person in either Menlo Park, CA or Dublin, CA.

Work Location: This position is based exclusively in Menlo Park or Dublin, CA. Alternative locations are not available at this time.

TEAM RESPONSIBILITIES:

Global Privacy Program: Oversee the operation of our global privacy program, which covers compliance with GDPR, CCPA/CPRA, China’s PIPL/DSL, and other global privacy laws. This includes managing Data Subject Requests (DSRs), Data Protection Impact Assessments (DPIAs), and records of processing.

Privacy/Security/AI Governance by Design: Work with the Product Legal, Product, Engineering, and Compliance teams to ensure data compliance requirements are baked into the development lifecycle. Provide practical, non-obstructionist guidance on data sovereignty, encryption, and AI/ML data usage.

Commercial and Procurement: Manage a team of privacy and security negotiating specialists, who provide enablement to the broader Commercial Legal and Procurement teams and act as direct negotiators for complex deals. Diligence third-party vendors and sub-processors.

Incident Response and Vulnerability Management: Lead the legal response to security incidents, vulnerabilities, and customer-impacting product bugs. Coordinate with the CISO’s office to ensure timely and compliant communications and effective remediation. Counsel the Product Security and Engineering teams with respect to vulnerability policies and response.

New Law Compliance: Ensure team is functioning as the subject matter experts for evolving AI, security, privacy, and other data laws and provide practical advice to both product and corporate execution teams.

Compliance Frameworks: Advise Snowflake’s Security Compliance team in managing the lifecycle of our global security and AI certifications, including SOC 1/2, ISO 27001, ISO 42001, HIPAA, HITRUST, and FedRAMP, among others.

Public Sector & Government Compliance: Support Snowflake’s global public sector security program. Create specialized programs to support authorizations from FedRAMP, the Department of War, and the US Intelligence Community, as well as international standards (e.g., Protected B in Canada). Assist with industrial security, including personnel security and FOCI submissions. Advise on public sector contract terms and negotiations, and provide hands-on management of government-related security incidents and spillage events.

Operational Management: Manage 14-person team across legal privacy, security, and AI/data compliance. Ensure that the team is providing active, energetic, and hands-on partnership to the rest of the legal team and the rest of the company.

MINIMUM QUALIFICATIONS

• 15+ Years of Substantive Privacy/Security & Tech Legal Experience: Must include at least 5 years in a high-impact leadership role within a global, high-growth enterprise SaaS or Cloud Infrastructure environment.

• Regulatory Mastery: Expert-level knowledge of key regulatory frameworks including GDPR, the EU AI Act, and NIST AI Risk Management Framework.

• Strategic Risk Management: Ability to provide clear-eyed legal guidance on the "gray areas" of AI, such as copyright in training data, deepfake prevention, and automated profiling.

• Cross-Functional Orchestration: Experience leading "AI Task Forces" or "Ethics Boards" that include stakeholders from Product, Security, Engineering, and Marketing.

• Education: BA/BS and JD from an accredited law school, membership in at least one state bar, and ability to practice in California.

Every Snowflake employee is expected to follow the company’s confidentiality and security standards for handling sensitive data. Snowflake employees must abide by the company’s data security plan as an essential part of their duties. It is every employee's duty to keep customer information secure and confidential.

Snowflake is growing fast, and we’re scaling our team to help enable and accelerate our growth. We are looking for people who share our values, challenge ordinary thinking, and push the pace of innovation while building a future for themselves and Snowflake.

How do you want to make your impact?

For jobs located in the United States, please visit the job posting on the Snowflake Careers Site for salary and benefits information: careers.snowflake.com