[Hiring] Counsel – Privacy, Security & AI Office @Harness

Role Description

We are seeking an experienced and strategic Counsel to join our Privacy, Security & AI (“PSAI”) Office. In this role, you will play a critical part in guiding our product and AI compliance, supporting global privacy and data protection strategy, and helping shape the company’s approach to responsible and ethical data use.

• Advise senior leadership and collaborate with cross-functional stakeholders.
• Ensure data practices are aligned with global legal and regulatory obligations, including those around AI governance and advanced technologies.

About the role

• AI
  • Support the development and implementation of the AI Governance Program.
  • Draft and implement AI policies, procedures, and best practices for internal use of AI and product development.
  • Lead internal awareness campaigns to foster a culture of responsible AI across the organization.
  • Support AI Use Case Intake Assessments.
  • Provide AI advice to key stakeholders (product, procurement).
  • Support customer queries and questionnaires.
• Product Compliance
  • Collaborate closely with product and engineering teams to evaluate and mitigate privacy and AI compliance risks during development and deployment.
  • Review and assess AI/ML use cases for compliance with legal and ethical standards, including EU AI Act, OECD AI Principles, and NIST AI RMF.
  • Contribute to the development of governance frameworks for responsible AI, including fairness, explainability, and accountability controls.
• Privacy & Data Protection Legal Strategy
  • Lead complex legal analysis and provide strategic privacy advice on global data protection laws (e.g., GDPR, CCPA/CPRA, LGPD, PIPEDA, APPI), focusing on US federal and state privacy and EU GDPR.
  • Guide business and technical teams on lawful bases for processing, purpose limitation, transparency, and data minimization.
  • Evaluate and advise on complex personal data use cases, including sensitive data, automated decision-making, and biometric processing.
  • Implement best practices around privacy to ensure the competitive edge of the company.
  • Draft and review breach-related communications, including regulator and data subject notices.
  • Conduct privacy reviews for third-party vendors and tools to ensure alignment with internal standards and legal requirements.
  • Drive the development, maintenance, and enhancement of the company’s privacy compliance program.
  • Maintain and oversee updates to the Records of Processing Activities (ROPA), ensuring accountability documentation is current and complete.
  • Partner with security, compliance, and product teams to integrate privacy by design into internal processes and external-facing technologies.
  • Lead and advise on complex Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs).
  • Oversee and conduct Transfer Impact Assessments (TIAs) to assess and document data transfer risks.
  • Manage Legitimate Interests Assessments (LIAs) and ensure robust justification and safeguards are in place.
  • Identify privacy and AI-related risks and recommend scalable mitigation strategies across the organization.
• Audits, Monitoring & Regulatory Readiness
  • Support or lead the legal function in responding to privacy audits, regulator inquiries, and due diligence requests.
  • Prepare documentation, gap analyses, and remediation plans to ensure audit readiness.
  • Track and interpret global privacy and AI regulatory developments, and support internal implementation efforts.

Qualifications

• Qualified lawyer (active bar membership in at least one jurisdiction).
• 1-3+ years of legal experience, with a focus on privacy, data protection, and technology law.
• Deep understanding of GDPR, CCPA/CPRA, and global privacy frameworks.
• Preferred experience with FedRamp, PCI DSS, and ISO frameworks.
• Extensive experience with PIAs/DPIAs, TIAs, LIAs, and cross-border data transfer mechanisms.
• Strong understanding of privacy issues in product development, data science, and AI applications.

Preferred

• CIPP/E, CIPP/US, and AIGP.
• Direct experience working with or interpreting AI legal and regulatory frameworks (e.g., EU AI Act).
• Strong negotiation skills, particularly in data protection clauses and international data transfer agreements.

Work Location

• Remote within France, Spain, Germany, or the UK.