Sophos is a global leader and innovator of advanced security solutions that defeat cyberattacks, including Managed Detection and Response (MDR) and incident response services and a broad portfolio of endpoint, network, email, and cloud security technologies. As one of the largest pure-play cybersecurity providers, Sophos defends more than 600,000 organizations and more than 100 million users worldwide from active adversaries, ransomware, phishing, malware, and more. Sophos’ services and products connect through the Sophos Central management console and are powered by Sophos X-Ops, the company’s cross-domain threat intelligence unit. Sophos X-Ops intelligence optimizes the entire Sophos Adaptive Cybersecurity Ecosystem, which includes a centralized data lake that leverages a rich set of open APIs available to customers, partners, developers, and other cybersecurity and information technology vendors. Sophos provides cybersecurity-as-a-service to organizations needing fully managed security solutions. Customers can also manage their cybersecurity directly with Sophos’ security operations platform or use a hybrid approach by supplementing their in-house teams with Sophos’ services, including threat hunting and remediation. Sophos sells through reseller partners and managed service providers (MSPs) worldwide. Sophos is headquartered in Oxford, U.K. More information is available at www.sophos.com.

This role demands a strong understanding of data protection laws and regulations, particularly the GDPR, comparable data protection regulations, and the ability to integrate data protection regulatory requirements into business processes. Key responsibilities include performing privacy impact assessment, conducting legal research, providing day-to-day advice to the business about privacy and data protection, as well as producing guidelines, standard operating procedures, policies, notices, and governing regulatory criteria (Universal Platform).  Collaboration with the Global Privacy Office,  Legal and Compliance  teams is essential.

This role does not require that you be a lawyer, but it does require legal experience in privacy and, preferably, a legal education. Being able to understand the nuances important to privacy, security, and personal data protection is essential. You will be a proactive privacy paralegal able to provide timely advice and business solutions in accordance with existing laws and regulations, as well as Company policies. You will work closely with the Global Privacy Office and collaborate with the Legal team, global purchasing and other departments, to provide initial advice and escalate, as necessary. You will report directly to the Senior Global Privacy Counsel (located in the UK) and will have the flexibility to be based anywhere in the UK.