Who We Are:
Bandwidth, a prior “Best of EC” award winner, is a global software company that helps enterprises deliver exceptional experiences through voice, messaging, and emergency services. Reaching 65+ countries and over 90 percent of the global economy, we're the only provider offering an owned communications cloud that delivers advanced automation, AI integrations, global reach, and premium human support. Bandwidth is trusted for mission-critical communications by the Global 2000, hyperscalers, and SaaS builders!
At Bandwidth, your music matters when you are part of the BAND. We celebrate differences and encourage BANDmates to be their authentic selves. #jointheband
What We Are Looking For:
We are looking for an experienced, curious, and collaborative attorney with 7+ years of experience in privacy and data protection to join our Legal Team. This role can be based at one of Bandwidth’s offices in Europe, the UK, or our headquarters in Raleigh, North Carolina.
The Senior Privacy Counsel will provide expert legal guidance and operational support to drive responsible growth and support compliance with global privacy laws. You will be the second member of the Privacy Team and report to the VP, Deputy General Counsel in the United States (based in North Carolina) who leads Bandwidth’s Privacy Program.
What You'll Do:
- Advise business stakeholders and support compliance as a subject matter expert on privacy and data protection requirements in connection with Bandwidth’s products, services, and operations worldwide.
- Draft, review, and negotiate privacy terms in service, software and telecommunications agreements, including agreements with customers, vendors, and partners and/or carriers, in support of and close coordination with the Commercial Legal Team and Global Regulatory team. Develop and contribute to templates, playbooks, and training to support the Commercial Legal with resolution before escalation.
- Research and deepen your expertise in global privacy laws, AI legislation, and emerging tech regulations, with a special emphasis on Europe and UK (unpacking acronyms such as the GDPR, ePrivacy Directive, the EU AI Act, and the NIST AI Risk Management Framework); provide practical guidance on implementing new requirements to business stakeholders and other members of the Legal team.
- Lead and assist in the completion of risk assessments such as privacy by design product review, PIAs, DPIAs, AI risk reviews, and transfer impact assessments on a prioritized basis to support the goals of the Bandwidth Privacy Program and new business initiatives.
- Assist other members of the Legal Team with cross-functional legal issues involving governmental and regulatory compliance, including the management of retention periods and regulatory obligations relevant to communications service providers.
- Serve as a spirited champion for privacy and AI awareness across the company–creating and delivering training, fielding questions, and keeping teams informed and empowered.
- Own, manage, and continuously strive to improve processes, procedures, and operational functions of the privacy program; assist in the creation and upkeep of our privacy and AI notices and disclosures, policies, and internal guidelines and resources to ensure they are clear, current, useful, and aligned with our operational objectives.
- Lead and contribute to investigation, mitigation, and response to privacy incidents and regulatory inquiries on an as-needed basis, and assist in the development of incident response protocols.
- Advise on cybersecurity laws and regulatory frameworks in collaboration with our Global Regulatory and Information Security teams; support implementation, monitoring, and compliance in connection with third-party and customer standards for data protection and data security, including ISO 27001/27701/42001, SOC II, NIS2, and customer audits.
- Research and liaise with our external DPO and outside counsel to obtain specialized advice on topics that are relevant to data protection and privacy compliance in a new local market where Bandwidth may offer or expand services or operations (such as locations in LATAM, APAC, or other jurisdictions).
What You Need:
Experience: 7+ years of relevant legal experience, including significant privacy and data protection experience, preferably in a law firm or in-house setting.
Knowledge: In-depth knowledge of global privacy, data protection, and cybersecurity laws and regulatory frameworks applicable to technology companies, including the GDPR, UK GDPR, ePrivacy Directive, EU AI Act, and NIS2.
Skills:
- Ability to translate complex legal concepts into business-friendly guidance
- Strong interpersonal and communication skills that can flex from casual to formal, including demonstrated ability to negotiate fairly, creatively, and to achieve successful resolution
- Superior legal research, critical thinking, and writing skills
- Ability to work autonomously and to use independent judgment and discretion when making the majority of decisions, and to handle confidential and sensitive information with the appropriate discretion
- Demonstrated ability to lead a variety of tasks, evaluate alternatives quickly, and provide top-quality legal assistance and support to executive-level clients
- A growth mindset—self-aware, reflective, and open to feedback to succeed with confidence and humility
- Desire for constant learning within a rapidly changing environment, adapting approaches and deliverables to suit the evolution of business needs, legal requirements, and company risk tolerance
- A calm, constructive approach to conflict and the ability to influence outcomes with diplomacy
- Appreciation for Bandwidth’s values, especially a commitment to work for and love the success of others - we are here to protect the company and to help our Bandmates succeed at their mission
- Exceptional organizational skills with demonstrated experience creating, managing, and maintaining privacy records (such as ROPAs and PIAs) and/or audit artifacts
At Bandwidth, we’re pretty proud of our corporate culture, which is rooted in our “Whole Person Promise.” We promise all employees that they can have meaningful work AND a full life, and we provide a work environment geared toward enriching your body, mind, and spirit. How do we do that? Well…
- Work laptop and an internet allowance to support the costs of the Internet at home.
- We contribute 8% of your monthly gross salary into your private pension.
- Income protection plan to ensure you’ll receive a regular income if you are unable to work due to illness or injury.
- Life insurance providing financial support to your loved ones in the event of your unexpected passing.
- Health insurance, with extensive coverage, a simple claim process and the possibility to cover your life partner and children.
- Extensive Employee Assistance Programme, offering 24/7 counseling and support on all areas of life (personal and professional).
- Unlimited, free and anonymous consultations with our dedicated therapist.
- Childcare support
- Cycle to work scheme
- 24 days annual leave per year and 1 additional day every 3 years.
- Time-Off Embargo. When you take time off (of any kind!) you’re embargoed from working. Bandmates and managers are not allowed to interrupt your time-off - not even with email.
- Additional time-off can be earned throughout the year through volunteer hours and Bandwidth challenges.
- “Mahalo moments” program grants additional time off for life’s most important moments like graduations, buying a first home, getting married, wedding anniversaries (every five years), and the birth of a grandchild.
- 90-Minute Workout Lunches, contribution to your monthly fitness subscription and unlimited virtual meetings with our very own nutritionist.
Are you excited about the position and its responsibilities, but not sure if you’re 100% qualified? Do you feel you can work to help us crush the mission? If you answered ‘yes’ to both of these questions, we encourage you to apply! You won’t want to miss the opportunity to be a part of the BAND.
Applicant Privacy Notice
