We’re looking for a seasoned builder and privacy co-pilot for our small and rapidly growing Legal org. You turn DPA redlines into signatures, translate global privacy requirements into reality, and keep our privacy program humming—without slowing the business down. If you enjoy practical problem-solving with Sales, Security, Procurement, Product, HR, and Ops, you’ll feel right at home. In addition to a strong privacy and commercial privacy background, this role requires a solid understanding of how to operationalize our privacy obligations to ensure our global company operates in accordance with domestic and global privacy/AI laws, regulations, and frameworks. We are looking for an all-around rockstar who wants to work at an early-stage company and is excited by the opportunity to roll up their sleeves and make company-impacting privacy decisions.
Role snapshot- You are an experienced privacy and commercial privacy attorney who owns customer/vendor DPA and Security Addendum negotiations end to end and runs day-to-day privacy tasks (notice updates, DSARs, DPIAs/PIAs, cookies, data mapping).
- You’ll track and translate evolving frameworks (EU AI Act, NIS2, Cyber Resilience Act, DORA, and various U.S. state privacy/AI laws) into crisp guidance, templates, and playbooks that help the business move faster.
- Ensure our global processing complies with all applicable data protection laws, including CCPA and GDPR.
- Provide key privacy/AI insights to partner teams for vendor due diligence and third-party tooling security assessments.
- Own DPA and Security Addendum negotiations; partner with Sales and other cross-functional teams to resolve complex privacy and tooling procurement challenges to close deals.
- Run core privacy program work: update and draft global privacy notices, handle DSARs, complete DPIAs/PIAs, manage cookie compliance, and maintain data maps/inventories.
- Track and implement regulatory requirements (EU AI Act, NIS2, Cyber Resilience Act, DORA, and various U.S. state privacy/AI laws) and turn them into practical, business-ready guidance.
- Partner cross-functionally and level up our legal operations (templates, playbooks, regulatory gap assessments, sales-enablement slides to educate customers on how we are tackling new privacy challenges, and white papers).
- Jump in with general legal support as needed.
- JD from an accredited law school; active bar in at least one U.S. state (or eligible for in-house counsel registration).
- 6+ years of privacy and/or commercial privacy experience (global law firm + in-house mix ideal), familiarity with U.S. state privacy laws, and comfort with EU frameworks.
- In-depth privacy expertise interpreting local and international AI laws, regulations, and frameworks. Hands-on experience building out DSAR processes, conducting DPIAs/PIAs, drafting global privacy and employee notices, and overseeing cookie compliance.
- Working knowledge of, or keen interest in, open-source licensing in commercial settings.
- Clear, pragmatic communicator with excellent stakeholder management; thrive in fast-moving, multi-threaded environments.
- Bonus: experience in technology, cybersecurity, open source, or SaaS companies; incident-response exposure is a plus; CIPP/US and/or CIPP/E preferred.
- High impact at high velocity: your work directly unblocks revenue, strengthens trust, and scales our privacy posture for the future.
- Builder’s mindset welcome: ship practical guidance, iterate on playbooks, and help us do more with less process.
- Cross-functional by default: collaborate daily with Sales, Security, HR, Procurement, Product, and Ops to keep momentum and manage risk smartly.
About Us
Chainguard is the secure foundation for software development and deployment. By providing guarded open source software, built from source and updated continuously, Chainguard helps organizations eliminate threats in their software supply chains.
Founded by the industry's leading experts on open source software, security and cloud native development, Chainguard has built the largest library of open source software that is secure by default.
Chainguard’s mission is to be the safe source for open source.
We live and breathe our company values:
We are customer obsessed - We focus on delivering solutions to our customers that create value and make their lives better.
We have a bias for intentional action - We prioritize, plan, try things, and fail fast.
We don’t take ourselves too seriously (but we do serious work) - We are solving an important problem which takes focus, but we also like to enjoy the journey.
We trust each other and assume good intentions - We’re transparent with decisions to empower team members to make well informed decisions.
A few of the benefits we offer:
- Flexible & Remote-First Culture: Work remotely with team meetup opportunities, bi-annual destination summits, and a monthly stipend for coworking spaces, phone and internet costs.
- Our Approach to Equity: Receive stock options upon hire and promotion. Plus, you can participate in secondary offerings and have 10 years to exercise your options (yes, you read that correctly: 10 years!).
- 100% Covered Health Insurance: We cover 100% of your health, vision and dental insurance premiums for you and your dependents. Nothing comes out of your paycheck.
- ∞ Flexible Time Off: Take the time you need – to do our best work, we need to recharge and reset.
- 18 Weeks Paid Parental Leave: We offer 18 weeks for birthing parents and 12 weeks for non-birthing parents, with the option to use it all at once or throughout your child's first year.
If your experience is close but doesn’t fulfill all requirements, please apply. We’re building the best team in technology and are focused on hiring “Chainguardians'' with unique backgrounds, perspectives, and experiences.
Chainguard is an equal opportunity employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, reproductive health decisions, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, genetic information, political views or activity, or other applicable legally protected characteristics. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law.
By submitting your application, you acknowledge that Chainguard will process your personal data in accordance with Chainguard’s Privacy Policy.
©2025 Chainguard. All Rights Reserved.
Top Skills
Similar Jobs
What you need to know about the Colorado Tech Scene
Key Facts About Colorado Tech
- Number of Tech Workers: 260,000; 8.5% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Lockheed Martin, Century Link, Comcast, BAE Systems, Level 3
- Key Industries: Software, artificial intelligence, aerospace, e-commerce, fintech, healthtech
- Funding Landscape: $4.9 billion in VC funding in 2024 (Pitchbook)
- Notable Investors: Access Venture Partners, Ridgeline Ventures, Techstars, Blackhorn Ventures
- Research Centers and Universities: Colorado School of Mines, University of Colorado Boulder, University of Denver, Colorado State University, Mesa Laboratory, Space Science Institute, National Center for Atmospheric Research, National Renewable Energy Laboratory, Gottlieb Institute
