Summary

We are looking for an attorney for Block’s Privacy Legal team, focusing on cybersecurity, to help us support Block’s purpose of economic empowerment. Reporting into our Global Privacy Lead, you will support a best-in-class cybersecurity legal function and be at the forefront of privacy and data protection issues. If you’re ready to take on the challenge of shaping the future of privacy in a leading technology company, we want to hear from you.

You Will

1. Provide expert legal advice to our our teams as it relates to managing cybersecurity risks and compliance with global cybersecurity laws and regulations.
2. Build and improve incident detection and response processes.
3. Provide support and counsel during cybersecurity-related investigations and the response to data privacy incidents, including breach notification and mitigation strategies, to minimize impact and maintain trust.
4. Provide legal guidance on regulatory, third-party, and internal security audits, and work with teams to scope and perform periodic security hygiene assessments, mitigation and remediation.
5. Help enhance the global privacy program, including privacy operations and documentation, employee training on data privacy and security obligations, promoting a culture of awareness and compliance throughout the organization, policy enforcement, privacy compliance program monitoring and auditing, and third-party risk assessment.
6. Collaborate with the global legal team to align security and privacy practices across the company, ensuring a unified approach to data protection.
7. Remain up-to-date on relevant data security laws and regulations, industry approaches to privacy program management, and on privacy and security technological developments, threat vectors, and evolving industry standards to provide solutions to complex issues.
8. Help prepare board and executive presentations, regulatory filings, and other legal disclosures to ensure accuracy and completeness of cybersecurity representations.
9. Support global AI governance, helping the business teams continue innovating responsibly.

You Have

1. J.D. (or foreign equivalent) and active membership in at least one state bar
2. 7+ years of experience as a practicing attorney in a law firm, government agency, or in-house legal team, with a substantial number of those years focused on cybersecurity and incident response.
3. Subject matter expertise regarding global privacy and cybersecurity laws and regulations (including, among others, U.S. state laws and international data protection frameworks, GLBA, SEC, and NYDFS cybersecurity requirements, and the EU’s GDPR, DORA, and AI Act).
4. Strategic vision and ability to spot issues and communicate complex legal issues to a variety of legal and non-legal partners across the company.
5. Experience negotiating, drafting, and updating documents and policies.

Block takes a market-based approach to pay, and pay may vary depending on your location. U.S locations are categorized into one of four zones based on a cost of labor index for that geographic area. The successful candidate’s starting pay will be determined based on job-related skills, experience, qualifications, work location, and market conditions. These ranges may be modified in the future.

To find a location’s zone designation, please refer to this resource. If a location of interest is not listed, please speak with a recruiter for additional information. 

Zone A:

$217,800—$326,800 USD

Zone B:

$202,600—$303,800 USD

Zone C:

$191,700—$287,500 USD

Zone D:

$185,200—$277,800 USD

Skills

• Communications Skills
• Cybersecurity Solutions
• Legal Consulting
• Strategic Thinking
• Team Collaboration