About AppDirect

Become a digital, global citizen and enable the new generation of digital entrepreneurs around the world. AppDirect offers a subscription commerce platform to sell any product, through any channel, on any device - as a service. We power millions of subscriptions worldwide for organizations. We do this by our values-driven culture - one that enables you to Be Seen, Be Yourself, and Do Your Best Work.

About You

We’re looking for talented yet humble individuals who are smart, passionate, and want to drive disruption in the Information security industry. If you thrive in a fast-paced, collaborative workplace, AppDirect provides an environment where you will be challenged and inspired every day. If you relish the freedom to bring creative, thoughtful solutions to the table that reflect your experience and personality, there's no limit to what you can accomplish here.

What you'll do and how you'll have an impact

You will be a member of the Compliance team (part of the Infosec team) as a Tech Risk Management Analyst. You will join the team primarily responsible for continuous compliance monitoring, risk management, vendor management, and maintaining our various certifications, such as ISO 27001, PCI-DSS, SOC 2, and SOC 1.

You have both soft skills and technical potential and you think that the security team must be an ally and a facilitator for the company and all its members. Below is what we expect from you:

• Provide overall oversight for continued compliance and ongoing certifications (e.g. SOC 1 and 2, PCI DSS, ISO 27001, NIST CSF, GDPR, HIPAA, ISO 42001, NIST AI RMF, etc.).
• Collaborate with internal staff to ensure that appropriate controls are implemented, operating properly, in accordance with the corporate policies.
• Conduct audit readiness assessments and coordinate with internal and external functions and audit resources.
• Serve as the primary point of contact during external audits, including coordinating evidence requests, facilitating auditor walkthroughs, and managing audit timelines to closure.
• Improve and maintain the Privacy practice at AppDirect.
• Develop and implement in collaboration with Engineering and architects mechanisms to automate the generation of evidence.
• Support security and compliance due diligence and integration activities for M&A transactions.
• Oversee customers questionnaires by liaising with internal staff and delivering expected results
• Develop and maintain organization information security policies based on applicable standards, information security requirements, business requirements and legal requirements.
• Communicate compliance requirements and risk posture to technical and non-technical stakeholders, including executive leadership.
• Expertise in US certifications, such as GovRAMP or FedRAMP, is considered a strong asset.
• Demonstrated ability to use AI-assisted workflows to improve efficiency in compliance operation
• Facilitate discussions and reach decisions that can have a good balance between security and usability.

What we're looking for

• A degree or comparable experience (~5+ years) in Information Security or a related field.
• Prior experience in IT compliance and Audit support (SOC2, ISO 27001 and PCI-DSS).
• Prior experience with risk management and GRC Tools.
• Good experience with Privacy frameworks and what needs to be implemented to meet customer/internal needs.
• Successful in cross-functional team collaboration to drive early security adoption 
• Good understanding of networking, cloud computing, operating systems concepts.
• Experience on cloud adoption strategies including design and implementation of security controls and compliance monitoring.
• Experience with project management (planning, organizing, and managing resources to successfully achieve audits).
• Strong verbal, written and presentations skills with the ability to find innovative solutions to complex problems (compliance vs risk vs security vs usability).
• Nice to have, any Information Security Certification (CISA, CDPSE, ISO implementer , Security+, CISSP).
• Demonstrated technical experience in development, networking, IT support, system administrations, etc.

At AppDirect, we believe that innovation thrives in an environment that houses diversity of excellence, experience and thought. We respect each AppDirector as their own fingerprint; unique with no one alike. We foster an environment of inclusion without regard to race, religion, age, sexual orientation, or gender identity enabling AppDirectors to embrace their uniqueness to do their best work. As such, we strongly encourage applications from Indigenous peoples, racialized people, people with disabilities, people from gender and sexually diverse communities, and/or people with intersectional identities.

At AppDirect we take privacy very seriously. For more information about our use and handling of personal data from job applicants, please read our Candidate Privacy Policy. For more information of our general privacy practices, please see AppDirect Privacy Notice: https://www.appdirect.com/about/privacy-notice

Your role
As a Product, Privacy, and Regulatory Counsel, you'll own the legal strategy where product innovation, data privacy, and regulatory compliance intersect. You'll work closely with Product, Engineering, Security, Telephony, Marketing, Sales, and Customer Success to embed legal judgment directly into how Dialpad's AI-powered products are designed, launched, and scaled globally. You'll also help build the frameworks, playbooks, and guardrails that position Dialpad as a trustworthy, enterprise-ready AI platform. You are not a compliance gatekeeper - you are a builder.

This position reports to our Assistant General Counsel and has the opportunity to be based in our San Ramon, CA office. You will join a collaborative legal team alongside dedicated product and privacy legal resources, supported by a strong network of outside counsel and cross-functional partners. This is a high-visibility role with direct exposure to Dialpad's executive team and enterprise customer base.

What you’ll do

• AI governance & product counseling - Advise Product and Engineering on privacy-by-design, AI governance, and regulatory risk across the full product lifecycle. Support the development of legal frameworks covering AI training data, LLM data use, model governance, and compliance with the EU AI Act, US state AI laws, and FTC guidance.
• Global privacy & data protection - Support Dialpad’s global privacy compliance program (GDPR/UK GDPR, CCPA/CPRA, HIPAA, and beyond) in partnership with dedicated legal team members. Help manage the data subject access request program, maintain DPIAs and RoPAs, and serve as on-call counsel for data incidents, including breach response and required notifications.
• Telecom & regulatory compliance - Advise on federal and state telecom regulations (FCC, TCPA, 911, USF), track international developments, and handle CALEA readiness, law enforcement requests, and sectoral compliance across regulated verticals.
• Security partnerships & certifications - Partner with Security and GRC teams on certifications (ISO 27001, SOC 2, PCI, HIPAA) and help design privacy-enhancing controls including automated redaction, anonymization, and access governance.
• Commercial & marketing enablement - Handle DPA and BAA negotiations, support complex enterprise transactions, and advise on marketing compliance including TCPA, CIPA, web tracking, consent signals, and digital advertising practices.
• IP & legal operations  - Participate in the Patent Review Board, coordinate patent prosecution with outside counsel, contribute to key internal policies, and drive legal ops scalability through automation and AI tools.

Skills you’ll bring

• J.D. from an ABA-accredited law school; active bar membership in 1+ U.S. states.
• 6+ years of relevant legal experience, preferably including meaningful time at a recognized law firm with a technology or privacy practice, combined with in-house experience at a SaaS or technology company.
• Deep expertise in GDPR, CCPA/CPRA, and HIPAA, including privacy-by-design and cross-border data transfers.
• Familiarity with AI legal frameworks (EU AI Act, US state AI legislation, FTC priorities).
• Experience communicating complex legal concepts to non-legal audiences.
• Experience advising Product and Engineering teams on product, privacy, and regulatory matters.
• Experience with FCC/TCPA/VoIP regulation or communications products such as call recording, telecom, or voice/AI-enabled workflows.
• Experience with incident response and breach notification under US state laws and GDPR.
• CIPP/US, CIPP/E, or equivalent privacy certification is a plus.

Plan, perform and control the activities to assure Blockchain.com’s controls are effectively implemented to comply with defined standards. Ensure compliance of all IT services with the legal frameworks applicable. Evaluate information security risks and identify solutions to minimize exposure. Identify, propose and work towards new applicable certifications, audits and frameworks and act as a liaison between audit requirements and engineering teams.

WHAT YOU WILL DO

• Oversee execution and completion of applications related security controls ensuring effectiveness.
• Design, create and share policies, standards and procedures to ensure demonstrable regulatory /legal control. Communicate changes to internal stakeholders.
• Conduct preliminary self-assessment control tests of the applicable controls.
• Track and document remediation actions as result of audit findings,
• Host internal/external IT audits including walkthroughs, retaining test evidence for in scope assets and tracking action plans to either remediate or mitigate potential risk exposure findings.
• Conduct the quarterly User Access reviews process including information gathering, management responses tracking, and results review to follow through on corrective actions.
• Develop, implement and maintain a risk register. Contribute results to the corporate dashboard.
• Participate in new tools/partners/investors due diligences.
• Have an active participation in Digital projects and perform other activities assigned by the Manager.

WHAT YOU WILL NEED

• Forward-looking and strategic minded, with an eye to understanding potential risks, legal and compliance implications.
• Good knowledge of IT risk areas including regulatory, operational, information and energy industry specific.
• Good overall knowledge of application and infrastructure security control mechanisms.
• Advanced command of the English language.
• 2+ years experience in audit and security certifications such as ISO, SOC and PCI.
• Education Four-year college degree (or equivalent)

JOB CHALLENGES

• Ensure robust information protection policies are in place.
• Ensure effective processes are in place to manage risk, identify nonconformance and assure remediation/ mitigation actions.
• Audit reviews passed without significant findings.
• Achieve applicable audits and certifications.

COMPENSATION & PERKS

• Competitive full-time salary based on experience and meaningful equity in an industry-leading company
• This is a role based in our Palermo office, with a mandatory in-office presence four days per week.
• The opportunity to be a key player and build your career at a rapidly expanding, global technology company in an exciting, emerging industry.
• Performance-based bonuses
• Apple equipment provided by the company
• Work from Anywhere Policy: You can work remotely from anywhere in the world for up to 20 days per year.