Privacy Counsel — AI-First Global Privacy & DPAs

HackerOne is seeking a Privacy Counsel to join our Privacy function to support the growing volume and complexity of global data protection, AI governance, and commercial contracting needs across the business. In this role, you will help accelerate product development, sales motions, internal procurement and cross‑border data operations by providing thoughtful, practical, and globally relevant privacy support. You will work closely with colleagues in Product, Security, Compliance, Engineering, and Sales to deliver clear guidance, support privacy assessments, review customer and vendor agreements, and help us move quickly and responsibly as we grow. This is an individual contributor role ideal for a privacy lawyer who enjoys hands‑on work, cross‑functional collaboration, and applying structured legal thinking to emerging technologies.

What You Will Do

• Apply an AI‑first approach by using AI tools responsibly to improve research quality, drafting efficiency, and privacy assessment workflows.
• Demonstrate change agility by adapting quickly to evolving global privacy and AI regulations, adjusting guidance as new risks, tools, or requirements emerge.
• Use first‑principles problem solving to simplify complex privacy questions, clarify assumptions, and provide clear, structured recommendations.
• Leverage data‑driven decision making during DPIAs and related assessments by grounding evaluations in evidence, criteria, and regulatory expectations.
• Support the current Privacy function with global privacy assessments, including DPIAs, AI DPIAs, TIAs, LIAs, and other structured risk reviews.
• Review new and existing product features, AI capabilities, and data practices as part of privacy‑by‑design, identifying risks and opportunities early in development.
• Draft, review, and negotiate data processing agreements (DPAs), privacy terms, and commercial contracts to support global sales and procurement.
• Maintain and update privacy contractual documentation and internal templates and policies.
• Create and deliver internal training on privacy and AI governance.
• Support internal and external privacy audits, coordinate with external advisors, and ensure alignment across business functions on assessment findings and remediation.
• Monitor evolving privacy laws, case law, AI governance frameworks, and regulatory trends, sharing key insights with stakeholders to maintain compliance and anticipate future requirements.

Minimum Qualifications

• Qualified lawyer (UK or EU) with GDPR experience, PQE 5+ years (mix of in‑house or private practice experience).
• Strong knowledge of EU/UK GDPR and familiarity with global privacy laws (US, Middle East, Asia).
• Experience drafting and negotiating DPAs and handling privacy‑related issues in a global business context.
• Proven ability to manage data breaches, regulatory notifications and privacy audits.
• Excellent communication skills with the ability to simplify complex legal concepts for non‑legal audiences.
• Strong understanding of AI technologies, their ethical implications, and related legal frameworks.
• Excellent analytical, problem‑solving, and decision‑making skills with the ability to provide practical and strategic legal advice.
• Experience in using privacy management systems such as OneTrust is required.
• Ability to manage multiple priorities and work collaboratively across diverse teams.
• Comfortable working independently in a fast‑paced, global environment.

Preferred Qualifications

• Certified Information Privacy Professional (CIPP).
• Artificial Intelligence Governance Professional (AIGP) and other relevant certifications.
• German language proficiency.
• Experience in cybersecurity, offensive security, or SaaS environments.

Compensation

UK Tier: £80K – £100K Offers equity.

Benefits

• Health (medical, vision, dental), life, and disability insurance.
• Equity stock options.
• Retirement plans.
• Paid public holidays and unlimited PTO.
• Paid maternity and parental leave.
• Leaves of absence (including caregiver leave and leave under CO's Healthy Families and Workplaces Act).
• Employee Assistance Program.

Eligibility may differ by country.

Legal & EEO Statements

Visa/work permit sponsorship is not available. Employment at HackerOne is contingent on a background check. HackerOne is an Equal Opportunity Employer in the terms and conditions of employment for all employees and job applicants without regard to race, color, religion, sex, sexual orientation, age, gender identity or gender expression, national origin, pregnancy, disability or veteran status, or any other protected characteristic as outlined by international, federal, state, or local laws. This policy applies to all HackerOne employment practices, including hiring, recruiting, promotion, termination, layoff, recall, leave of absence, compensation, benefits, training, and apprenticeship. HackerOne makes hiring decisions based solely on qualifications, merit, and business needs at the time. For U.S. based roles only: Pursuant to the San Francisco Fair Chance Ordinance, all qualified applicants with arrest and conviction records will be considered for the position.