Senior Privacy Counsel
il y a 1 jour
<div><p><b>Bandwidth</b>, a prior “Best of EC” award winner, is a global software company that helps enterprises deliver exceptional experiences through voice, messaging, and emergency services. Reaching 65+ countries and over 90 percent of the global economy, we're the only provider offering an owned communications cloud that delivers advanced automation, AI integrations, global reach, and premium human support.Bandwidth is trusted for mission-critical communications by the Global 2000, hyperscalers, and SaaS builders</p>
<p>At Bandwidth, your music matters when you are part of the BAND. We celebrate differences and encourage BANDmates to be their authentic selves. #jointheband</p>
<p><b>What We Are Looking For:</b></p>
<p>We are looking for an experienced, curious, and collaborative attorney with 7+ years of experience in privacy and data protection to join our Legal Team. This role can be based at one of Bandwidth’s offices in Europe, the UK, or our headquarters in Raleigh, North Carolina.</p>
<p>The Senior Privacy Counsel will provide expert legal guidance and operational support to drive responsible growth and support compliance with global privacy laws. You will be the second member of the Privacy Team and report to the VP, Deputy General Counsel in the United States (based in North Carolina) who leads Bandwidth’s Privacy Program.</p>
<p><b>What You’ll Do:</b></p>
<ul>
<li>Advise business stakeholders and support compliance as a subject matter expert on privacy and data protection requirements in connection with Bandwidth’s products, services, and operations worldwide.</li>
<li>Draft, review, and negotiate privacy terms in service, software and telecommunications agreements, including agreements with customers, vendors, and partners and/or carriers, in support of and close coordination with the Commercial Legal Team and Global Regulatory team. Develop and contribute to templates, playbooks, and training to support the Commercial Legal with resolution before escalation.</li>
<li>Research and deepen your expertise in global privacy laws, AI legislation, and emerging tech regulations, with a special emphasis on Europe and UK (unpacking acronyms such as the GDPR, ePrivacy Directive, the EU AI Act, and the NIST AI Risk Management Framework); provide practical guidance on implementing new requirements to business stakeholders and other members of the Legal team.</li>
<li>Lead and assist in the completion of risk assessments such as privacy by design product review, PIAs, DPIAs, AI risk reviews, and transfer impact assessments on a prioritized basis to support the goals of the Bandwidth Privacy Program and new business initiatives.</li>
<li>Assist other members of the Legal Team with cross-functional legal issues involving governmental and regulatory compliance, including the management of retention periods and regulatory obligations relevant to communications service providers.</li>
<li>Serve as a spirited champion for privacy and AI awareness across the company–creating and delivering training, fielding questions, and keeping teams informed and empowered.</li>
<li>Own, manage, and continuously strive to improve processes, procedures, and operational functions of the privacy program; assist in the creation and upkeep of our privacy and AI notices and disclosures, policies, and internal guidelines and resources to ensure they are clear, current, useful, and aligned with our operational objectives.</li>
<li>Lead and contribute to investigation, mitigation, and response to privacy incidents and regulatory inquiries on an as-needed basis, and assist in the development of incident response protocols.</li>
<li>Advise on cybersecurity laws and regulatory frameworks in collaboration with our Global Regulatory and Information Security teams; support implementation, monitoring, and compliance in connection with third-party and customer standards for data protection and data security, including ISO 27001/27701/42001, SOC II, NIS2, and customer audits.</li>
<li>Research and liaise with our external DPO and outside counsel to obtain specialized advice on topics that are relevant to data protection and privacy compliance in a new local market where Bandwidth may offer or expand services or operations (such as locations in LATAM, APAC, or other jurisdictions).</li>
</ul>
<p><b>What You Need:</b></p>
<p>Experience: 7+ years of relevant legal experience, including significant privacy and data protection experience, preferably in a law firm or in‑house setting.</p>
<p>Knowledge: In-depth knowledge of global privacy, data protection, and cybersecurity laws and regulatory frameworks applicable to technology companies, including the GDPR, UK GD
