Legal Council

About TryHackMe

TryHackMe is the fastest-growing online cyber readiness platform in the world. Our mission is to make the world more digitally secure by making cybersecurity capability development accessible practical and fun for everyone empowering teams to go from good to world class. After a highly successful 2025 weve grown to more than 7 million community members working with 1000 companies and our growth is only accelerating!

Why were looking for you

We are scaling at pace across the US EU UK and APAC our customer base is shifting up-market into Government Defence Education Financial Services and other regulated industries and we are mid-flight on launching our US entity. We need a commercially minded Legal Counsel who can sit alongside the Founders hold the pen across the legal stack of the whole business and unblock deals products and people decisions at the speed THM moves.

This is a high-trust high-leverage hire. You will own the policies and contracts that protect TryHackMe and accelerate it: Privacy Policy Terms of Use (including AI) Acceptable Use Policy Cookie Policy customer paper vendor paper and everything in between. You will work hand in hand with Finance People Data Protection and IT Management and partner closely with our Contracts Manager on day-to-day deal flow.

You dont need to do everything yourself. You do need to make sharp commercial calls manage risk like an owner and keep us moving.

The Challenge

TryHackMe is operating in a regulated AI-shaped multi-jurisdiction world and our legal function needs to scale with the business:

• Customer contracting spans Government Defence Education Financial Services and other regulated buyers each with their own paper redlines and compliance asks

• Product and AI are evolving fast and our Terms of Use AUP and product-facing policies need to keep pace without slowing the roadmap

• Privacy and data protection sit across US EU UK and APAC with ISO certification in place and SOC 2 implementation underway

• Corporate setup includes the live launch of a US entity with knock-on effects across contracting employment tax and IP

• Procurement and vendor risk is growing as we layer in AI infra and GTM tooling and we need a clean fast vendor review motion

• Commercial decisions need a legal partner who weighs risk against reward and the rate of growth not one who defaults to no

We need someone who can hit the ground running build a clear view of where the legal risks and accelerants sit and deliver impact in weeks not quarters.

Responsibilities

Founder and SLT Partnership

• Act as primary legal advisor to the Founders and Senior Leadership Team across commercial corporate regulatory and people matters

• Translate ambiguous business questions into clear commercial risk-weighted recommendations the SLT can act on

• Bring legal judgement into product GTM and operating decisions early before they become problems

Policies and Public-Facing Terms

• Own and continuously evolve the Privacy Policy Terms of Use (including AI provisions) Acceptable Use Policy and Cookie Policy across all THM properties

• Keep policies aligned with US EU UK and APAC requirements ISO certification commitments and the in-flight SOC 2 programme

• Partner with Product Marketing and Engineering so user-facing terms reflect how the product actually works

Customer Contracting and Regulated Sectors

• Lead complex customer negotiations with Government Defence Education Financial Services and other regulated buyers including DPAs security schedules AI clauses and security questionnaires

• Operate in close partnership with our Contracts Manager so day-to-day MSAs order forms and renewals run cleanly and your time is spent on the deals and clauses that genuinely move risk

• Build playbooks templates and fallback positions so the Sales motion is fast by default and only escalates what truly needs you

Procurement Vendors and AI

• Own vendor and procurement contracting cycles with a sharp eye on data protection AI usage security obligations and exit

• Stand up a lightweight scalable vendor review process that protects THM without becoming a bottleneck

• Keep us safe and credible as we adopt AI tooling across the business

Privacy Data Protection and Compliance

• Partner with our Data Protection function on GDPR UK GDPR CCPA / CPRA and the wider international privacy stack

• Support ISO certification maintenance and SOC 2 readiness from a legal and contractual perspective

• Manage data subject rights regulator engagement breach response readiness and DPIAs alongside the relevant owners

Corporate Employment and International Expansion

• Support the launch and ongoing operation of the US entity working with Finance and external counsel on structure contracts IP and cross-border flows

• Partner with HR / People on employment matters across the UK EU US and APAC including contractor frameworks equity and policy alignment

• Keep corporate hygiene tight: IP ownership equity documentation board materials and statutory filings

IT Security and Risk

• Work alongside IT Management and Security on access acceptable use incident response and tooling decisions

• Own the legal lens on enterprise risk surfacing what matters to the Founders and SLT clearly and early

Building the Legal Function

• Manage external counsel as a portfolio picking the right firm for the right problem and keeping spend disciplined

• Build the next layer of legal infrastructure: playbooks knowledge base intake and metrics

• Use AI and modern tooling to scale your own output you treat Claude and similar tools as coworkers not novelties

What You Bring

Required Skills and Experience

• Qualified lawyer with strong commercial experience ideally in-house at an international SaaS business going through fast growth

• Demonstrable experience working in an ISO certified environment with practical exposure to SOC 2 implementation

• Track record of leading customer contracting with Government Defence Education Financial Services or other regulated buyers including the harder DPAs security schedules and AI provisions

• Strong privacy and data protection grounding across GDPR UK GDPR CCPA / CPRA and the broader international landscape

• Hands-on experience supporting US EU UK and APAC operations and ideally direct experience with a US entity launch or equivalent international expansion

• Comfortable owning Privacy Policy Terms of Use (including AI) Acceptable Use Policy and Cookie Policy as living documents not as one-off projects

• Proven ability to manage external counsel commercially and keep spend in check

• AI-native you actively use Claude and similar tools to draft review summarise and pressure-test your own work

• Excellent written and verbal communication with the ability to give a clean commercial answer to a non-lawyer in two sentences

Nice to Have

• Cybersecurity developer tools or edtech background

• Experience with procurement frameworks public sector tendering or defence contracting

• Familiarity with AI-specific regulation (EU AI Act US state AI laws) and emerging customer AI clauses

• Prior experience as the first or second legal hire at a scaling business

Attributes We Value

• Commercial first: you weigh risk against reward and the cost of slowing the business down you do not default to no

• Founder mindset: you treat THM like its yours you take ownership you make the call

• Bias for action: you ship a v1 in days then improve from live feedback

• Risk-literate not risk-averse: you can size name and price risk so the SLT can decide with clarity

• Operator energy: you build playbooks templates and processes that make the next hundred deals faster not slower

• Plain English: complex law translated into commercial decision-ready guidance every time

• High-trust partner: Founders SLT Sales Finance People IT and Security all want you in the room early

• AI-native: you adopt new tooling fast and turn it into leverage for the whole legal function

• Resilient and adaptable: you thrive in ambiguity in a fast-changing regulatory environment and at THMs pace

• Always be learning: you stay ahead of legal regulatory AI and product trends and feed that back into how we operate

What Success Looks Like

Within 30 days you will have:

• Built a clear map of the legal landscape at THM: contracts in flight policies regulatory commitments ISO and SOC 2 obligations US entity status and top open risks

• Met the Founders SLT Contracts Manager Finance People Data Protection and IT Management and aligned on priorities

• Reviewed our public-facing policies (Privacy Terms of Use including AI AUP Cookie) and surfaced the highest-priority changes

• Taken first ownership of the most important live deal or regulator-facing item

• Surfaced at least one material risk or accelerant the business was not aware of

Within 60 to 90 days you will have:

• Refreshed the Privacy Policy Terms of Use (including AI) AUP and Cookie Policy in line with US EU UK and APAC requirements

• Stood up customer contracting playbooks for Government Defence Education Financial Services and other regulated buyers with the Contracts Manager running the day-to-day

• Operationalised a clean vendor and procurement review motion that does not slow the business down

• Provided clear legal cover for the US entity launch and any near-term cross-border people IP and tax questions

• Embedded a working partnership with Finance HR Data Protection and IT Management with clear lanes and escalation paths

Role Details

• Type: Permanent full-time / FTC / Contractor - TBD

• Location: Fully remote

• Working pattern: Flexible hours with core collaboration time aligned to UK business hours and reasonable overlap with US and APAC where required

• Salary: Competitive commensurate with experience (TBD)

• Reports to: Founders / CEO

Why This Role Matters

You are the legal partner the Founders rely on as TryHackMe scales internationally sells into the most demanding regulated industries on earth and ships AI-shaped product into a fast-moving regulatory environment. Get this right and you will:

• Unlock deals with Government Defence Education and Financial Services that would otherwise stall

• Keep our public-facing terms and AI posture sharp credible and current

• Make the US entity launch and our wider international footprint clean and durable

• Protect THM through ISO and SOC 2 and keep our compliance posture a sales accelerant not a tax

• Free the Founders and SLT to make faster sharper commercial decisions because legal is in the room early

How to Apply

Please include:

1. Your CV highlighting in-house SaaS regulated-sector contracting and international privacy / data protection experience

2. A brief cover note explaining:

   • An example of a commercial legal call you made under pressure and the business outcome it drove

   • How you partner with non-lawyers (Founders Sales Finance People Security) to keep the business moving

   • Your availability and any geographical or working-pattern considerations

We are moving quickly on this hire. Strong candidates will be contacted within 48 hours for an initial conversation.