Qualified lawyer (UK or EU) with GDPR experience PQE 5+ years (mix of in-house or private practice experience). Years matter less to us than impact. If you have relevant specialist experience, apply even if you don’t quite hit the 5+ years.
Strong knowledge of EU/UK GDPR and familiarity with global privacy laws (US, Middle East, Asia).
Experience drafting and negotiating data processing agreements and handling privacy-related issues in a global business context.
Proven ability to manage data breaches, regulatory notifications and privacy audits.
Excellent communication skills with the ability to simplify complex legal concepts for non-legal audiences.
Strong understanding of AI technologies, their ethical implications, and related legal frameworks.
Excellent analytical, problem-solving, and decision-making skills with the ability to provide practical and strategic legal advice.
Experience in using privacy management systems such as OneTrust is required.
Ability to manage multiple priorities and work collaboratively across diverse teams.
Comfortable working independently in a fast-paced, global environment
Certified Information Privacy Professional (CIPP),
Artificial Intelligence Governance Professional (AIGP) and other relevant certifications,
German language proficiency.
Experience in cybersecurity, offensive security, or SaaS environments.
Responsibilities
Apply an AI-First approach by using AI tools responsibly to improve research quality, drafting efficiency, and privacy assessment workflows.
Demonstrate Change Agility by adapting quickly to evolving global privacy and AI regulations, adjusting guidance as new risks, tools, or requirements emerge.
Use First Principles Problem Solving to simplify complex privacy questions, clarify assumptions, and provide clear, structured recommendations.
Leverage Data-Driven Decision Making during DPIAs,and related assessments by grounding evaluations in evidence, criteria, and regulatory expectations.
Support the current Privacy function with global privacy assessments, including DPIAs, AI DPIAs, TIAs, LIAs, and other structured risk reviews.
Review new and existing product features, AI capabilities, and data practices as part of privacy-by-design, identifying risks and opportunities early in development.
Draft, review, and negotiate data processing agreements (DPAs), privacy terms, and commercial contracts to support global sales and procurement.
Maintain and update privacy contractual documentation and internal templates and policies.
Create and deliver internal training on privacy and AI governance.
As part of the Privacy function, support internal and external privacy audits, coordinate with external advisors, and ensure alignment across business functions on assessment findings and remediation.
Monitor evolving privacy laws, case law, AI governance frameworks, and regulatory trends, sharing key insights with stakeholders to maintain compliance and anticipate future requirements.
Benefits
UK Tier£80K – £100K • Offers Equity
HackerOne Pay Transparency
HackerOne defaults to disclosure in its pay transparency approach. All jobs are posted with the target hiring range, which is a subset of the full pay range for that role. We expect offers to be made within the target hiring range based on the selected candidate’s alignment to functional requirements for the role and our Talent and Leadership Principles.
Our U.S. compensation structure is based on the cost of labor by hub location. Candidates are assigned to a pay tier based on the hub they are aligned to.
Tier Locations
If you meet the criteria of the job requirements, we encourage you to apply. Our Talent Acquisition team can answer any salary-related questions you may have during the process.
Upload your resume here to autofill key application fields.
Drop your resume here!
Parsing your resume. Autofilling key fields...
Please enter your first and last name
or drag and drop here
REQUIRED: Enter your city, region/state, and country