Rocket LawyerRemote
AI Data Security & Privacy Engineer
United States
Full Time
5 hours ago
$129,000 - $190,000 USD
H1B Sponsor Likely
Key skills
AIServiceNowJiraCommunication
About this role
Rocket Lawyer is the largest and most widely used online legal service platform in the world, and they are seeking an AI Data Security & Privacy Engineer. The role involves designing, building, and scaling systems to protect customer data and ensure compliance with privacy regulations, while collaborating with cross-functional teams to implement privacy-by-design principles.
Responsibilities:
- Design and implement data classification and handling frameworks to provide appropriate protection throughout the data lifecycle
- Build and maintain comprehensive data inventories and data flow maps, identifying where data resides and how it is processed across systems
- Collaborate with Engineering teams to apply appropriate controls at every point in the data pipeline
- Understand the need for encryption, implement it where possible, and implement all appropriate safeguards to ensure keys are both kept secure and available to prevent data exfiltration and loss
- Partner with Engineering, Legal, Product, IT, and other cross-functional stakeholders to design and embed privacy and data protection principles across the entire organization, from product development to operations
- Partner with Stakeholders to translate legal and regulatory obligations into actionable technical requirements, policies, and controls
- Develop privacy-enhancing capabilities such as data minimisation, anonymisation, and access-control frameworks that scale with our infrastructure
- Work with AI teams to ensure that architectural designs are reviewed and threat modeled to minimize data privacy risk
- Conduct technical risk assessments of internal and third-party systems and applications to identify, evaluate, and mitigate privacy and data security risks, including vulnerabilities, misuse, and compliance gaps
- Contribute to Data Protection Impact Assessments (DPIAs) by assessing the technical and security implications of new processing activities
- Partner with Legal to transform evolving regulatory frameworks (e.g., SOC2, GDPR, CCPA, NIST, ISO) into secure, scalable engineering solutions that drive compliance and build user trust
- Support and coordinate the company’s technical response to data breaches or security incidents, including those impacting personal information (Incidents), enabling timely investigation, effective mitigation, and root-cause analysis
- Design and implement processes and tooling to detect, investigate, and remediate data security incidents in compliance with applicable laws
- Partner with Stakeholders to design and implement automated workflows and tools to streamline privacy operations, including data subject rights requests and data deletion workflows
- Deploy and manage data loss prevention (DLP) capabilities across endpoints, applications, and infrastructure to prevent unauthorised disclosure of sensitive data
- Implement continuous auditing, monitoring, and alerting to track compliance posture and surface security and operational privacy risks proactively
- Act as a trusted advisor to Stakeholders on the technical implementation of privacy and security controls
- Provide strategic input on product design decisions and architectural choices to enable alignment with privacy and security best practices
- Partner with cross-functional teams to develop and execute vendor risk assessments as they relate to data security, establishing processes that address technical, security, and privacy requirements across the entire vendor lifecycle
- Collaborate with Legal on technical aspects of contractual reviews with enterprise customers, partners, vendors, and other third parties
- Assist with answering vendor security questionnaires as they relate to Rocket Lawyer’s privacy and data-handling policies
- Contribute to the development of internal policies, standards, and procedures based on technical best practices
Requirements:
- 5+ years of hands-on experience in information security, privacy engineering, or related roles
- Strong understanding of global data protection laws and regulations (e.g., GDPR, CCPA) and their technical implications
- Proven experience in incident response, data protection engineering, and risk assessments
- Familiarity with data classification, mapping, and governance methodologies
- Experience with at least one software data classification technology, such as a DSPM
- Experience with DLP technologies and implementing privacy workflows and automation
- Familiarity with workflow automation tools and ticketing systems (e.g., Jira, ServiceNow)
- Strong analytical, problem-solving, and communication skills, with the ability to work effectively across cross-functional teams
- Experience in using third-party privacy automation tooling is a plus
- Industry certifications (e.g., CISSP, CISA, CISM) are a plus