Director or Senior Privacy Counsel

Burlington, MA, US, 01803 Santa Clara, CA, US, 03945


Sophos Overview – Security Made Simple

Sophos makes IT security simple with next-generation solutions that protect networks, servers, and devices wherever they are. Today, more than 100 million users in 150 countries and a global network of channel partners trust Sophos to deliver simple solutions to complex security challenges. Focused on innovation and backed by a global network of Sophos Labs threat intelligence centres and industry-leading support, Sophos delivers solutions that are simple to deploy, maintain, and manage, enabling organizations to focus on performance and growth. Sophos - Security made simple.


Job Purpose

We are searching for an experienced, pragmatic, and technically-minded attorney to join our legal team. As a senior member of the Legal team, you will be responsible for leading our privacy strategy and initiatives globally. This role reports to the VP and Assistant General Counsel.


Main Duties

  • Lead Sophos’ global privacy strategies and initiatives
  • Oversee and manage Sophos’ privacy policies and disclosures in accordance with Sophos’ compliance obligations and strategy
  • Work with cross-functional stakeholders to advise on privacy issues and help achieve business goals while appropriately managing privacy risks, and to implement best practices for management and protection of company data
  • Work with product management and engineering teams to provide privacy counselling and review for new products and product features
  • Work with global commercial legal team on negotiation of privacy and data protection terms with customers and suppliers, by providing training, templates, playbooks, and escalation support in negotiations
  • Partner with Compliance Team on data protection regimen and advise on security incident investigations, data subject access requests, Data Protection Impact Assessments, and responses to regulators, as needed
  • Serve as a resource to all members of the legal team in addressing privacy issues as they impact or apply to their areas of responsibility
  • Develop and deliver training on privacy topics
  • Support the continuous improvement of standard form agreements, playbooks and legal processes


Skills & Experience


  • JD and bar membership in at least one state
  • 8-10+ years of relevant experience, including in-house experience with a high-tech company
  • Deep experience with privacy and data protection laws and managing a multinational organization’s compliance with such laws
  • Proven ability to translate technical knowledge into pragmatic advice that appropriately balances legal risks with commercial needs
  • Experience providing privacy counseling to product and engineering teams on privacy considerations for product development and new product/product feature launch
  • Experience drafting and negotiating privacy, security, and confidentiality terms in commercial agreements (including data processing agreements)
  • Strong interpersonal skills with an ability to successfully interact with senior management
  • Self-starter with ability to execute tasks efficiently with sound business judgment and attention to detail
  • Ability to manage and prioritize a complex workload is essential for this role



  • CIPP certification is a plus
  • Technical or engineering background is a plus
  • Experience interacting with privacy regulators a plus


Equal Opportunities

Sophos is committed to equality opportunity in all areas of its work. All qualified applicants will be treated in a fair and equal manner and in accordance with the law regardless of gender, marital status, race, religion, colour, age, disability or sexual orientation.


If you choose to explore this opportunity, and subsequently share your CV or other personal details with Sophos, these details will be held by Sophos for 12 months in accordance with our Privacy Policy and used by our recruitment team to contact you regarding this or other relevant opportunities at Sophos.  If you would like Sophos to delete or update your details at any time, please follow the steps set out in the Privacy Policy describing your individual rights.  If you have any questions about Sophos’ data protection practices, please contact dataprotection@sophos.com.


At Sophos, we want every organization to be protected by innovative, next-generation IT security, even those who don't have a huge IT staff. We protect organizations of all sizes, all around the world by making enterprise-grade security that is simple to deploy, manage, and use. It is our passion, and something we are truly proud of.

Nearest Major Market: Boston