<div id="jobDescriptionText" class="jobsearch-jobDescriptionText" dir="ltr"><div>
<p>Senior Counsel, Data Privacy (23010448)<br> Description</p>
<p><b> CULTIVATE A BETTER WORLD</b></p>
<p> Food served fast does not have to be a typical fast-food experience. Chipotle has always done things differently, both in and out of our restaurants. We are changing the face of fast food, starting conversations, and directly supporting efforts to shift the future of farming and food. We hope you will join us as we continue to learn, evolve, and shape what comes next on our mission to make better food accessible to everyone. </p>
<p><b>THE OPPORTUNITY</b></p>
<p> As the Sr. Counsel - Data Privacy, you will be a key member of enterprise programs around data privacy while working with a diverse stakeholder group including (but not limited to) Software Development, Marketing / Advertising, People Experience (which is Chipotle speak for HR), Information Security, and Legal to ensure cross-functional alignment on data privacy and protection. In this role, you will facilitate the implementation of key privacy compliance programs and processes ranging from the negotiation of Data Protection Agreements, Data Subjects Access Requests (DSARs), and Privacy Impact Assessments (PIAs or DPIAs). </p>
<p>This role will report to our Newport Beach, CA office, or our Columbus, OH office. </p>
<p><b>WHAT YOU'LL DO</b></p>
<ul>
<li> Provide legal counsel and subject matter expertise in areas of privacy, artificial intelligence, biometrics, marketing and advertising laws (including state and federal consumer protection and privacy laws, CCPA, VCDPA, CPA, CTDPA, and UCPA, COPPA, CAADC, CAN-SPAM, TCPA, HIPAA, BIPA, PIPEDA, GDPR, and other global privacy laws). Continually update legal partners, programs, and inventory as new laws pass or are amended. </li>
<li>Support and, as necessary, participate in evaluation of enterprise initiatives from a privacy risk perspective, facilitating, where appropriate the preparation of risk memos/presentations, and / or the development of guidelines, SOPs, scripts, training, contract terms, or the like to mitigate risk or facilitate compliance.</li>
<li> Counsel business teams on privacy legal issues relating to the development and provision of managed cloud, marketing /AdTech, biometrics, and consulting services by effectively communicating the requirements and application of privacy laws and regulations.</li>
<li> Work with cross functional stakeholders to conduct privacy impact assessments ("PIAs").</li>
<li> Review and negotiate data processing agreements and other privacy and data related agreements. </li>
<li>In partnership with Chipotle's Assistant General Counsel - Privacy and other business partners, ensure that Chipotle meets its obligations under HIPPA and related laws and regulations.</li>
<li> Review, understand, and recommend improvements to Chipotle's existing and ever evolving enterprise data privacy program and strategy; partner with Chipotle's Assistant General Counsel- Privacy to implement said strategy. </li>
<li>Develop privacy training materials and deliver said training.</li>
<li> Draft, update, and maintain policies, standards, playbooks and standard operating procedures that support Chipotle's privacy and (together with IT Security team) data protection program goals.</li>
<li> Manage and supervise Data Subjects Access Request (DSAR) and complaint processes.<br>
<ul>
<li> Evaluate the effectiveness and legal sufficiency of the DSAR processes. </li>
<li>Assist with DSARs that require escalation or sensitive handling.</li>
</ul></li>
<li> In partnership with Chipotle's Assistant General Counsel - Privacy, maintain a comprehensive privacy incident response program.<br>
<ul>
<li> Track, investigate, and assist in responding to privacy/security incidents and complaints in a manner that accurately documents the incident and the subsequent remediation.</li>
</ul></li>
<li> In partnership with other stakeholders, identify in scope metrics, create a process for collecting, tracking, responding to, and reporting on privacy-related queries and metrics.</li>
</ul>
<p><b> WHAT YOU'LL BRING TO THE TABLE</b></p>
<ul>
<li> JD required and must be licensed to practice law in at least one state. </li>
<li>3+ years of relevant privacy law experience. </li>
<li>5 - 8+ years of professional experience. </li>
<li>One or more IAPP CIPP, CIPM, CIPT certifications preferred. </li>
<li>Practical business judgement and ability to qualify risk.</li>
<li> Extensive knowledge of global privacy laws, including GDPR, PIPEDA, COPPA, Section 5 of the FTC Act, US state privacy laws, and experience in implementing global privacy and/or compliance programs. </li>
<li>Experience in handling privacy inquiries, complaints, and incidents including data protection impact assessments ("DPIA"). </li>
<li>Experience working alongside procurement teams, including drafting, meeting, and synthesizing inputs from external stakeholders on data compliance and usage agreements. </li>
<li>Experience working across an entire organization; experience working with marketing/advertising, software development, engineering, and human resources departments preferred. </li>
</ul>
<p><b>WHO WE ARE</b></p>
<p> Chipotle Mexican Grill, Inc. (NYSE: CMG) is cultivating a better world by serving responsibly sourced, classically cooked, real food with wholesome ingredients without artificial colors, flavors or preservatives. Chipotle has over 3,000 restaurants in the United States, Canada, the United Kingdom, France and Germany and is the only restaurant company of its size that owns and operates all its restaurants. Chipotle is ranked on the Fortune 500 and is recognized on the 2022 list for Fortune's Most Admired Companies. With over 100,000 employees passionate about providing a great guest experience, Chipotle is a longtime leader and innovator in the food industry. Chipotle is committed to making its food more accessible to everyone while continuing to be a brand with a demonstrated purpose as it leads the way in digital, technology and sustainable business practices. For more information or to place an order online, visit www.chipotle.com<b> </b></p>
<p><b>PAY TRANSPARENCY</b></p>
<p> A reasonable estimate of the current base salary range for this position is $116,000 - $224,000. You are also eligible for annual cash bonuses and equity awards based upon performance and other factors. Actual compensation offered may vary depending on skill level, experience, and/or education. Chipotle offers a competitive total rewards package, which includes medical, dental, and vision insurance, 401k, sick leave, vacation time, and much more. Visit https://jobs.chipotle.com/benefits</p>
<p> Chipotle Mexican Grill is an equal opportunity employer that values diversity at all levels. As a people-first company rooted in values, our purpose extends beyond serving nutritious food using real ingredients. It means hiring world-class individuals and fostering a culture that champions diversity, ensures equity, and celebrates inclusion. All qualified applicants, regardless of personal characteristics, are encouraged to apply. </p>
<p>To request a reasonable accommodation to complete an application, job interview, and/or to otherwise participate in the hiring process, please contact ADAaccommodations@chipotle.com.</p>
<p> Primary Location: California - Newport Beach - 9998 - 610 Newport Office-(09998)</p>
<p> Work Location:<br> 9998 - 610 Newport Office-(09998)<br> 610 Newport Center Drive<br> Newport Beach 92660</p>
</div></div>