Legal Counsel (Privacy & Data Protection)

Sumsub is a leading full-cycle verification platform that enables scalable compliance. From identity and business verification to ongoing monitoring, our platform adapts to different risk appetites and market demands, ensuring global compliance. It allows customizing analytics and workflows with a no-code interface.

Over 4,000 clients including Bitpanda, Wirex, Avis, Bybit, Vodafone, Duolingo, Kaizen Gaming, and TransferGo trust Sumsub to accelerate growth, prevent fraud, and maintain compliance worldwide.

Now we are looking for a Legal Counsel (Privacy & Data Protection) to join our Data Protection team. As a key member of our global legal team, you will play a pivotal role in shaping and implementing cutting-edge data protection, security, and privacy policies, ensuring compliance across the EMEA, APAC, US and other regions. You will also be responsible for keeping abreast of emerging data protection legislation affecting the regions in which we provide service.

What You Will Be Doing

• Maintain and update data protection, security, and privacy policies and procedures, and ensure effective consent management.
• Assist with data deletion and DSARs, and respond to privacy-related queries with timely and pragmatic advice.
• Support the review and drafting of data protection contractual terms in agreements with customers and suppliers, including DPAs, DTAs, and other relevant agreements.
• Assist with the onboarding of new technologies and/or vendors.
• Maintaining Records of Processing Activities (ROPA), conducting Data Protection Impact Assessments (DPIAs), and performing Legitimate Interest Assessments (LIAs) to ensure compliance with GDPR and support privacy-by-design across the organization.
• Monitor emerging data protection legislation and oversee data processing registrations across jurisdictions.
• Deliver (or oversee delivery of) GDPR training (in some cases bespoke to the business team) to new starters, carry out ad-hoc training related to data storage, retention, sharing and deletion of all data.
• Support the maintenance of the firms ISO 27001, ISO 27701, GDPR, UK GDPR and other data privacy certifications.

About You

• 5+ years of practical experience of applying relevant data protection and privacy legislation (GDPR, UK GDPR etc.) ideally within tech companies operating on a global scale.
• You are a self-starter who can quickly understand the company's operations and work independently with minimal supervision.
• IAPP CIPP/E, CIPM or CIPT or equivalent certification is desirable.
• A general understanding of technology and security issues impacting privacy projects and programs.
• A genuine interest and desire to work in the privacy field.
• Awareness of ongoing and recent developments across the privacy landscape.
• Attention to detail and commitment to quality, strong written and verbal communication skills.
• Team-focused with a passion for learning, excellence and continuous improvement.
• Strong problem-solving abilities, flexible, able to navigate transformational growth and ambiguity, show initiative and anticipate needs, and able to focus on multiple workstreams at once.
• Experience handling cross-border data privacy matters and implementing local regulatory requirements.

What We Offer

• Remote-first, trust-based culture. Work from the place that works best for you. No mandatory office days, no attendance trackers.
• True flexibility. We do not fix you to a 9-to-5 schedule. You can adjust your working hours when needed, as long as your day stays productive and in sync with the team.
• Extra time off. Your birthday is a holiday here. Add to that 10 personal days each year, seven sick days without paperwork, and extra time to enjoy Christmas and New Year.
• Work that matters. Our mission is to build a digital world that is secure, accessible and inclusive for everyone.
• Compensation. We offer fair and transparent pay, benchmarked to the market.
• Truly global. We work across continents and time zones, with teammates and customers from all over the world.
• Growth built in. Clear goals, open feedback and personal development plans.
• Team offsites. Sometimes just Slack is not enough. That is why we meet in person a few times a year.
• Getting you set up. We make sure you have access to the tools and hardware you need to do your work well.
• Friendly by design. Our logo is a dog for a reason. We keep things human, open and kind.

The hiring stages TA screening -> Hiring Manager Interview -> Assignment. Sounds like a great opportunity for your career development? Then go ahead and apply! We are a global community of innovators, creators, and thinkers, and we believe that diversity fuels our innovation. Sumsub is proud to be an equal opportunity employer, committed to building a diverse and inclusive workforce. We welcome applications from people of all backgrounds, cultures, genders, experiences, abilities and perspectives. Join us in shaping the future inclusively.