About TryHackMe

TryHackMe is the fastest-growing online cyber readiness platform in the world. Our mission is to make the world more digitally secure by making cybersecurity capability development accessible, practical, and fun for everyone, empowering teams to go from good to world class. After a highly successful 2025, we've grown to more than 7+ million community members working with 1,000 companies, and our growth is only accelerating! 🥷

Why we're looking for you

We are scaling at pace across the US, EU, UK and APAC, our customer base is shifting up-market into Government, Defence, Education, Financial Services and other regulated industries, and we are mid-flight on launching our US entity. We need a commercially minded Legal Counsel who can sit alongside the Founders, hold the pen across the legal stack of the whole business, and unblock deals, products and people decisions at the speed THM moves.

This is a high-trust, high-leverage hire. You will own the policies and contracts that protect TryHackMe and accelerate it: Privacy Policy, Terms of Use (including AI), Acceptable Use Policy, Cookie Policy, customer paper, vendor paper, and everything in between. You will work hand in hand with Finance, People, Data Protection and IT Management, and partner closely with our Contracts Manager on day-to-day deal flow.

You don't need to do everything yourself. You do need to make sharp commercial calls, manage risk like an owner, and keep us moving.

The Challenge

TryHackMe is operating in a regulated, AI-shaped, multi-jurisdiction world, and our legal function needs to scale with the business:

• Customer contracting spans Government, Defence, Education, Financial Services and other regulated buyers, each with their own paper, redlines and compliance asks

• Product and AI are evolving fast and our Terms of Use, AUP and product-facing policies need to keep pace without slowing the roadmap

• Privacy and data protection sit across US, EU, UK and APAC, with ISO certification in place and SOC 2 implementation underway

• Corporate setup includes the live launch of a US entity, with knock-on effects across contracting, employment, tax and IP

• Procurement and vendor risk is growing as we layer in AI, infra and GTM tooling, and we need a clean, fast vendor review motion

• Commercial decisions need a legal partner who weighs risk against reward and the rate of growth, not one who defaults to "no"

We need someone who can hit the ground running, build a clear view of where the legal risks and accelerants sit, and deliver impact in weeks, not quarters.

🔧 Responsibilities

Founder and SLT Partnership

• Act as primary legal advisor to the Founders and Senior Leadership Team across commercial, corporate, regulatory and people matters

• Translate ambiguous business questions into clear, commercial, risk-weighted recommendations the SLT can act on

• Bring legal judgement into product, GTM and operating decisions early, before they become problems

Policies and Public-Facing Terms

• Own and continuously evolve the Privacy Policy, Terms of Use (including AI provisions), Acceptable Use Policy and Cookie Policy across all THM properties

• Keep policies aligned with US, EU, UK and APAC requirements, ISO certification commitments, and the in-flight SOC 2 programme

• Partner with Product, Marketing and Engineering so user-facing terms reflect how the product actually works

Customer Contracting and Regulated Sectors

• Lead complex customer negotiations with Government, Defence, Education, Financial Services and other regulated buyers, including DPAs, security schedules, AI clauses and security questionnaires

• Operate in close partnership with our Contracts Manager so day-to-day MSAs, order forms and renewals run cleanly, and your time is spent on the deals and clauses that genuinely move risk

• Build playbooks, templates and fallback positions so the Sales motion is fast by default and only escalates what truly needs you

Procurement, Vendors and AI

• Own vendor and procurement contracting cycles, with a sharp eye on data protection, AI usage, security obligations and exit

• Stand up a lightweight, scalable vendor review process that protects THM without becoming a bottleneck

• Keep us safe and credible as we adopt AI tooling across the business

Privacy, Data Protection and Compliance

• Partner with our Data Protection function on GDPR, UK GDPR, CCPA / CPRA, and the wider international privacy stack

• Support ISO certification maintenance and SOC 2 readiness from a legal and contractual perspective

• Manage data subject rights, regulator engagement, breach response readiness and DPIAs alongside the relevant owners

Corporate, Employment and International Expansion

• Support the launch and ongoing operation of the US entity, working with Finance and external counsel on structure, contracts, IP and cross-border flows

• Partner with HR / People on employment matters across the UK, EU, US and APAC, including contractor frameworks, equity and policy alignment

• Keep corporate hygiene tight: IP ownership, equity documentation, board materials and statutory filings

IT, Security and Risk

• Work alongside IT Management and Security on access, acceptable use, incident response and tooling decisions

• Own the legal lens on enterprise risk, surfacing what matters to the Founders and SLT clearly and early

Building the Legal Function

• Manage external counsel as a portfolio, picking the right firm for the right problem and keeping spend disciplined

• Build the next layer of legal infrastructure: playbooks, knowledge base, intake and metrics

• Use AI and modern tooling to scale your own output, you treat Claude and similar tools as coworkers, not novelties

🧳 What You Bring

Required Skills and Experience

• Qualified lawyer with strong commercial experience, ideally in-house at an international SaaS business going through fast growth

• Demonstrable experience working in an ISO certified environment, with practical exposure to SOC 2 implementation

• Track record of leading customer contracting with Government, Defence, Education, Financial Services or other regulated buyers, including the harder DPAs, security schedules and AI provisions

• Strong privacy and data protection grounding across GDPR, UK GDPR, CCPA / CPRA and the broader international landscape

• Hands-on experience supporting US, EU, UK and APAC operations, and ideally direct experience with a US entity launch or equivalent international expansion

• Comfortable owning Privacy Policy, Terms of Use (including AI), Acceptable Use Policy and Cookie Policy as living documents, not as one-off projects

• Proven ability to manage external counsel commercially and keep spend in check

• AI-native, you actively use Claude and similar tools to draft, review, summarise and pressure-test your own work

• Excellent written and verbal communication, with the ability to give a clean, commercial answer to a non-lawyer in two sentences

Nice to Have

• Cybersecurity, developer tools, or edtech background

• Experience with procurement frameworks, public sector tendering or defence contracting

• Familiarity with AI-specific regulation (EU AI Act, US state AI laws) and emerging customer AI clauses

• Prior experience as the first or second legal hire at a scaling business

🔧 Attributes We Value

• Commercial first: you weigh risk against reward and the cost of slowing the business down, you do not default to "no"

• Founder mindset: you treat THM like it's yours, you take ownership, you make the call

• Bias for action: you ship a v1 in days, then improve from live feedback

• Risk-literate, not risk-averse: you can size, name and price risk so the SLT can decide with clarity

• Operator energy: you build playbooks, templates and processes that make the next hundred deals faster, not slower

• Plain English: complex law translated into commercial, decision-ready guidance every time

• High-trust partner: Founders, SLT, Sales, Finance, People, IT and Security all want you in the room early

• AI-native: you adopt new tooling fast and turn it into leverage for the whole legal function

• Resilient and adaptable: you thrive in ambiguity, in a fast-changing regulatory environment, and at THM's pace

• Always be learning: you stay ahead of legal, regulatory, AI and product trends and feed that back into how we operate

🎯 What Success Looks Like

Within 30 days you will have:

• Built a clear map of the legal landscape at THM: contracts in flight, policies, regulatory commitments, ISO and SOC 2 obligations, US entity status, and top open risks

• Met the Founders, SLT, Contracts Manager, Finance, People, Data Protection and IT Management, and aligned on priorities

• Reviewed our public-facing policies (Privacy, Terms of Use including AI, AUP, Cookie) and surfaced the highest-priority changes

• Taken first ownership of the most important live deal or regulator-facing item

• Surfaced at least one material risk or accelerant the business was not aware of

Within 60 to 90 days you will have:

• Refreshed the Privacy Policy, Terms of Use (including AI), AUP and Cookie Policy in line with US, EU, UK and APAC requirements

• Stood up customer contracting playbooks for Government, Defence, Education, Financial Services and other regulated buyers, with the Contracts Manager running the day-to-day

• Operationalised a clean vendor and procurement review motion that does not slow the business down

• Provided clear legal cover for the US entity launch and any near-term cross-border people, IP and tax questions

• Embedded a working partnership with Finance, HR, Data Protection and IT Management, with clear lanes and escalation paths

📄 Role Details

• Type: Permanent, full-time / FTC / Contractor - TBD

• Location: Fully remote

• Working pattern: Flexible hours with core collaboration time aligned to UK business hours and reasonable overlap with US and APAC where required

• Salary: Competitive, commensurate with experience (TBD)

• Reports to: Founders / CEO

🔥 Why This Role Matters

You are the legal partner the Founders rely on as TryHackMe scales internationally, sells into the most demanding regulated industries on earth, and ships AI-shaped product into a fast-moving regulatory environment. Get this right and you will:

• Unlock deals with Government, Defence, Education and Financial Services that would otherwise stall

• Keep our public-facing terms and AI posture sharp, credible and current

• Make the US entity launch and our wider international footprint clean and durable

• Protect THM through ISO and SOC 2, and keep our compliance posture a sales accelerant, not a tax

• Free the Founders and SLT to make faster, sharper commercial decisions because legal is in the room early

How to Apply

Please include:

1. Your CV highlighting in-house SaaS, regulated-sector contracting, and international privacy / data protection experience

2. A brief cover note explaining:

   • An example of a commercial legal call you made under pressure and the business outcome it drove

   • How you partner with non-lawyers (Founders, Sales, Finance, People, Security) to keep the business moving

   • Your availability and any geographical or working-pattern considerations

We are moving quickly on this hire. Strong candidates will be contacted within 48 hours for an initial conversation.