Product & Privacy Counsel

About The Position

Requirements

• Admitted to the California Bar or eligible for the Registered In-House Counsel exception, and in good standing.
• 8+ years of legal experience, including 4+ years of product legal experience at a software company.
• Significant experience counseling product and engineering teams through the full product development lifecycle, from conception to launch, and advising on the legal and regulatory aspects of software product development.
• Strong understanding of open source licensing, SaaS business practices, and relevant global regulatory requirements.
• Able to quickly form and convincingly communicate a point of view under time pressure and with imperfect information.
• Generalist by nature: willing to take on additional responsibilities and explore subjects outside your core expertise, with no job too big or too small.
• Strong judgment and risk assessment skills, with the ability to adapt legal requirements in creative and pragmatic ways.
• Able to independently manage and negotiate commercial agreements with customers, partners, and vendors.
• Thrives in fast-paced, highly variable environments, with a proven track record of building or improving processes at hyper-growth companies.

Nice To Haves

• Prior experience in the SaaS and cybersecurity industry.
• IAPP certifications (CIPP/US, CIPP/E).
• Experience advising on AI/ML products, including emerging AI governance frameworks such as the EU AI Act.
• Familiarity with security and compliance frameworks such as SOC 2, ISO 27001, or HIPAA.

Responsibilities

• Serve as legal advisor to Product and Engineering, providing timely guidance during product development cycles.
• Help shape and implement Teleport's AI governance framework, including use-case risk evaluation standards, and documentation practices.
• Contribute to cross-functional workstreams to develop and implement internal, scalable processes and policies for responsible AI use, working closely with engineering, security, and product leadership.
• Advise on AI-related intellectual property matters, including licensing and data usage.
• Advise on open source licensing models and the legal considerations relevant to open source software development and distribution.
• Monitor and interpret evolving AI regulations and global privacy frameworks, including the EU AI Act, GDPR, and CCPA/CPRA, translating requirements into clear, actionable guidance for technical and business stakeholders.
• Conduct privacy impact assessments (PIAs), data protection impact assessments (DPIAs), and AI risk analyses for new features and product lines.
• Support data mapping, data subject requests, and data governance improvements across the product portfolio.
• Draft, review, and negotiate data processing agreements (DPAs) and AI-specific addendums, serving as the escalation point for the commercial legal team on privacy and AI issues.
• Perform due diligence on vendor compliance, and negotiate contracts to include robust data protection clauses.
• Partner with Security on incident response and regulatory inquiries, including breach assessment and stakeholder notifications.
• Develop internal playbooks, training programs, and policies, including privacy policies, terms of service, and DPAs, to build a culture of compliance and proactively address emerging risks.
• Partner with security and engineering teams to support compliance certifications such as SOC 2, ISO 27001 and 27701, HIPAA and PCI from a privacy and legal perspective.

Benefits

• Extensive health coverage
• Annual expense budget
• Rest and recovery policies that maximize your ability to recharge
• Investment in your future with retirement savings plans
• Professional development opportunities