Privacy & Commercial Counsel
About the role
The right candidate will combine deep knowledge of global privacy frameworks with the speed, commercial instinct, and stakeholder management skills needed to operate in a high-growth enterprise SaaS environment.
Responsibilities
- Serve as the primary legal resource for privacy questions arising in commercial transactions, including enterprise customer deals, vendor agreements, and partner contracts.
- Draft, review, and negotiate data processing agreements (DPAs), data protection addenda, and related privacy terms on both Postman paper and counterparty paper.
- Manage a high volume of customer and prospect privacy questionnaires, security questionnaires, and due diligence requests, working with Security and Compliance teams to provide accurate, timely responses.
- Advises Sales, Deal Operations, and Partner teams on privacy-related deal issues, translating complex regulatory requirements into clear, actionable guidance that non-lawyers can apply.
- Maintain and update Postman's DPA templates, privacy-related contract clauses, and negotiation playbooks to reflect changes in law, product, and commercial practice.
- Support enterprise and mid-market commercial transactions beyond privacy as capacity allows, including reviewing subscription agreements, order forms, and related deal documents.
- Build trust as an accessible, responsive legal partner who makes privacy feel approachable rather than obstructive.
Requirements
- J.D. from an accredited U.S. law school and admitted to the bar in at least one U.S. jurisdiction.
- 5-8 years of legal experience with a meaningful focus on data privacy and commercial transactions, including substantial in-house experience at a technology company.
- Deep working knowledge of GDPR, UK GDPR, CCPA/CPRA, and international data transfer mechanisms (SCCs, UK Addendum, transfer risk assessments).
- Hands-on experience drafting and negotiating DPAs and data protection terms in the context of enterprise SaaS transactions.
- Exceptional ability to balance precision with pace. You take privacy seriously without letting it become a bottleneck.
- Strong stakeholder management skills, with a demonstrated ability to advise Sales teams on privacy matters in language they can act on.
- Clear, confident communicator who works independently and exercises strong judgment on when to escalate and when to move forward.
Qualifications
- CIPP/US, CIPP/E, or CIPM certification (preferred)
- Experience drafting and negotiating Business Associate Agreements (BAAs) under HIPAA, including familiarity with the interplay between BAA requirements and standard DPA terms in enterprise SaaS transactions (preferred)
- Experience supporting commercial transactions in regulated industries (healthcare, financial services, government/public sector) where privacy and data handling requirements are subject to sector-specific frameworks beyond general data protection law (preferred)
- Experience with privacy aspects of AI-related products and services, including model training, usage data, and AI governance frameworks (preferred)
- Experience building or improving DPA templates, privacy playbooks, or privacy-related legal operations processes (preferred)
- Familiarity with B2B SaaS product architectures and how data flows through API platforms, cloud infrastructure, and third-party integrations (preferred)
- Experience supporting cloud marketplace transactions or technology partnerships where privacy and data handling are key negotiation points (preferred)
- Prior experience working alongside a dedicated privacy program team while owning the commercial-facing privacy workstream (preferred)
- Familiarity with SOC 2, ISO 27001, and other security frameworks as they intersect with commercial privacy requirements (preferred)
- Experience with CLM platforms (Ironclad or similar) (preferred)
Skills
- Deep knowledge of global privacy frameworks
- Speed, commercial instinct, and stakeholder management skills
- Exceptional ability to balance precision with pace
- Clear, confident communicator
- Stakeholder management skills
- Ability to simplify complex privacy regulations
Benefits
The reasonably estimated base salary for this role ranges from $190,000 to $230,000, plus a competitive equity package. Actual compensation is based on the candidate's skills, qualifications, and experience.
Pay
The reasonably estimated base salary for this role ranges from $190,000 to $230,000, plus a competitive equity package. Actual compensation is based on the candidate's skills, qualifications, and experience.
Schedule
In addition to Postman's pay-on-performance philosophy, and a flexible schedule working with a fun, collaborative team, Postman offers a comprehensive set of benefits, including full medical coverage, flexible PTO, wellness reimbursement, and a monthly lunch stipend.