Senior Counsel

We’re looking for a seasoned builder and privacy co-pilot for our small and rapidly growing Legal org. You turn DPA redlines into signatures, translate global privacy requirements into reality, and keep our privacy program humming—without slowing the business down. If you enjoy practical problem-solving with Sales, Security, Procurement, Product, HR, and Ops, you’ll feel right at home. In addition to a strong privacy and commercial privacy background, this role requires a solid understanding of how to operationalize our privacy obligations to ensure our global company operates in accordance with domestic and global privacy/AI laws, regulations, and frameworks. We are looking for an all-around rockstar who wants to work at an early-stage company and is excited by the opportunity to roll up their sleeves and make company-impacting privacy decisions.

Role snapshot

• You are an experienced privacy and commercial privacy attorney who owns customer/vendor DPA and Security Addendum negotiations end to end and runs day-to-day privacy tasks (notice updates, DSARs, DPIAs/PIAs, cookies, data mapping).
• You’ll track and translate evolving frameworks (EU AI Act, NIS2, Cyber Resilience Act, DORA, and various U.S. state privacy/AI laws) into crisp guidance, templates, and playbooks that help the business move faster.
• Ensure our global processing complies with all applicable data protection laws, including CCPA and GDPR.
• Provide key privacy/AI insights to partner teams for vendor due diligence and third-party tooling security assessments.

What you’ll do

• Own DPA and Security Addendum negotiations; partner with Sales and other cross-functional teams to resolve complex privacy and tooling procurement challenges to close deals.
• Run core privacy program work: update and draft global privacy notices, handle DSARs, complete DPIAs/PIAs, manage cookie compliance, and maintain data maps/inventories.
• Track and implement regulatory requirements (EU AI Act, NIS2, Cyber Resilience Act, DORA, and various U.S. state privacy/AI laws) and turn them into practical, business-ready guidance.
• Partner cross-functionally and level up our legal operations (templates, playbooks, regulatory gap assessments, sales-enablement slides to educate customers on how we are tackling new privacy challenges, and white papers).
• Jump in with general legal support as needed.

What you’ll bring

• JD from an accredited law school; active bar in at least one U.S. state (or eligible for in-house counsel registration).
• 6+ years of privacy and/or commercial privacy experience (global law firm + in-house mix ideal), familiarity with U.S. state privacy laws, and comfort with EU frameworks.
• In-depth privacy expertise interpreting local and international AI laws, regulations, and frameworks. Hands-on experience building out DSAR processes, conducting DPIAs/PIAs, drafting global privacy and employee notices, and overseeing cookie compliance.
• Working knowledge of, or keen interest in, open-source licensing in commercial settings.
• Clear, pragmatic communicator with excellent stakeholder management; thrive in fast-moving, multi-threaded environments.
• Bonus: experience in technology, cybersecurity, open source, or SaaS companies; incident-response exposure is a plus; CIPP/US and/or CIPP/E preferred.

Why this role rocks

• High impact at high velocity: your work directly unblocks revenue, strengthens trust, and scales our privacy posture for the future.
• Builder’s mindset welcome: ship practical guidance, iterate on playbooks, and help us do more with less process.
• Cross-functional by default: collaborate daily with Sales, Security, HR, Procurement, Product, and Ops to keep momentum and manage risk smartly.