Legal Counsel - Data & Information Security (f/d/m)

Reports to: Philip Ihde, Chief Operating Officer
Talent Partner:Celia Nielsen, People & Talent Partner
Salary Band:
IC L1 Junior: 49-57k € + VSOP (5% of annual gross salary)
IC L2 Mid-Level: 64-76k € + VSOP (10% of annual gross salary)
Remote Policy: Remote-first culture with offices in Berlin and Hamburg

Must-Haves:

• Law degree (at least 1st state exam) or equivalent European qualification.
• 3+ years of post-qualification experience in a data protection or technology-focused legal role, either in-house or at a reputable law firm.
• Demonstrable experience in managing and maintaining a data protection management system and/or providing legal counsel on an information security management system, including extensive experience managing audits.
• In-depth experience in handling data subject requests and managing security/privacy incidents from a legal perspective.
• Excellent organisational and project management skills, with the ability to manage multiple tasks and deadlines effectively.
• Strong communication and negotiation skills, with the ability to collaborate effectively with both technical and non-technical stakeholders.
• A proactive and solution-oriented mindset, with a keen eye for detail.
• Fluency in English and German (both written and spoken, including legal and business proficiency).

Nice-to-Haves:

• A recognised certification in data protection or information security
• Experience working in the healthcare or technology sector.
• Experience with legal ticket management systems and supplier relationship management.
• A keen interest in the legal and ethical implications of artificial intelligence (AI).

Meaningfulness

• Mental health is a human right: we help thousands of people each month who struggle with depression, stress, insomnia, burnout, and other mental health issues

Research & Evidence

• We have a unique product and are at the forefront of research in digital health applications
• The effectiveness of our product is continuously evaluated and efficacy studies have been published in international and high-impact journals since 2014
• Data is of great importance to us and we are transparent about our strategy, goals and results.

Growth

• As pioneers in the development of applications for various mental health conditions, we are at the forefront of innovation
• We operate in an extremely exciting and emerging market
• Annual training budget of 1,000 euros - we place great emphasis on the personal growth of our employees and actively support their development

Remote-First

• Remote-first culture - we hire globally, considering a time window of +/- 4.5 hours CET
• Use of our offices in Berlin and Hamburg if you prefer to work on-site
• Relocation option and support

Diversity & Inclusion

• Fair and equal treatment are the standards of our Anti-Harassment Policy
• Flexible working hours - shape your own day
• Company language English, with a strong emphasis on inclusive language
• Transparent salary bands
• Additional 10 paid leave days for non-birth parents after the birth or adoption of a child

Other Benefits

• 28 vacation days + compensation for holidays that fall on weekends
• Tenure based paid time off - up to three additional days
• Permanent employment contract
• Attractive VSOP (Virtual Stock Option Plan) for all employees
• Tax-deductible pension plan with an above-average employer contribution
• Free or subsidized fitness memberships
• Regular team events

HelloBetter is an equal opportunity employer and encourages applicants of any national origin, gender, sexual orientation, religious background, gender identity, and people with disabilities to apply

Privacy Policy for Applicants

HelloBetter is a pioneer in the field of digital healthcare. For more than 10 years, we have been developing evidence-based digital health applications for the prevention and treatment of mental health conditions. Our applications cover a variety of areas, including stress management, depression, problematic alcohol use, panic disorder and anxiety, vaginismus, and sleep disorders.
Six of HelloBetter's ten applications are approved as digital health applications. They are available free of charge by prescription to all insured adults in Germany.

For more information about HelloBetter, see ourHelloBetter Handbook.

TheLegal Counsel will be a key legal advisor and a central figure in our efforts to maintain and enhance our data protection and information security posture. This role is responsible for providing expert legal guidance and overseeing the operational management of our data protection and information security management systems, ensuring compliance with GDPR, DiGAV, and other relevant regulations. The ideal candidate will be a fully qualified lawyer with a strong background in data privacy law, a proactive and organised approach, and a commitment to fostering a culture of security and compliance within the organisation.

1. Screening Interview with People team (30 min)
2. Take-home Case Study (2 hours)
3. Case Study & Technical Interview with the Legal team (60 min)
4. Hiring Manager Interview with Philip, Chief Operating Officer (60 min)
5. Offer Talk (15 min)

Data Protection Management:

• Provide legal guidance on and oversee the data protection management system, including retention policies, Data Protection Impact Assessments, Technical and Organisational Measures, and records of processing activities.
• Drive data protection certification process pursuant to Article 42 GDPR (once available)
• Manage and respond to data subject requests received through various channels, ensuring timely and accurate resolution.
• Serve as the primary point of contact for our external Data Protection Officer.

Information Security Management System (ISMS):

• Provide legal support for the management and monitoring of the ISMS (ISO 27001), including legal aspects of supplier management, incident management, and risk management.
• Advise on the implementation of information security norms and standards throughout the organisation to ensure legal and regulatory adherence.
• Organise, execute, and follow up on internal and external audits, including the implementation of opportunities for improvement.
• Serve as the primary point of contact for our external Data Protection Officer.

Compliance and Training:

• Monitor legal and regulatory developments in data privacy and information security, providing strategic updates and recommendations to the management team.
• Develop, implement, improve, and monitor data privacy and information security training programs for all employees.
• Contribute to a quarterly leadership newsletter with a focus on GDPR and other relevant topics.

Legal & Contract Management:

• Draft, review, and negotiate a variety of commercial contracts, with a particular focus on data processing agreements, supplier agreements, and technology licensing.
• Provide pragmatic legal advice to various teams on contract law, corporate governance, and other legal matters as they arise.

Project Management and Collaboration:

• Contribute legal expertise to various internal projects related to data protection and information security.
• Collaborate with cross-functional teams to ensure that "privacy and security by design" principles are embedded in all new projects and initiatives.
• Participate in relevant industry groups and forums to stay abreast of best practices and emerging legal trends.