The Red Hat Legal team is looking for a motivated Corporate Attorney, focused on Product and Information Security to join us in Ireland (preferably Cork or Dublin) or Munich, Germany. In this global role, you will join Red Hat’s Security Legal team as a key member of a growing organisation. You will evolve into a trusted partner both for (i) the Commercial Legal team, helping them negotiate customer and vendor agreements with complex security obligations, and (ii) the Product and Information Security teams, assisting them in implementation, management, and continuous improvement of Red Hat’s Product and Information Security programs. You should have a passion for collaborating on cybersecurity, information security, and data protection and AI issues, managing multiple complex matters at the same time, and providing practical, often nuanced, security guidance to an entrepreneurial and rapidly expanding organisation across geographies, cultures, and functions.
What you will do:
Act as subject matter expert supporting the Commercial Legal team in complex contractual negotiations related to security obligations, focusing in particular on customers in regulated sectors such as financial services and telecommunications;
Serve as a security subject matter expert on security laws and regulations, advising on responses to customer security questions and requests;
Provide legal advice and support related to compliance with the EU Cyber Resilience Act, NIS2 Directive and other regulations applicable to Red Hat’s offerings;
Provide legal guidance during security incidents, including on compliance with breach notification processes and responses to regulatory inquiries;
Review security advisories and updates, related press releases, and certification and attestation communications;
Work closely with Red Hat’s Public Policy team to monitor and evaluate emerging legislative and policy initiatives in this area;
Work closely with the Product Security, Information Security, and Data Protection & AI teams on a range of matters impacted Red Hat’s business;
Create, maintain, and provide security-related awareness training, contract templates, playbooks, and governance documents;
Participate in periodic internal and external audits, reviews, and assessments of Red Hat’s offerings and controls and implement appropriate risk mitigations and lessons learned; and
Promote the importance of a solid culture of security.
What you will bring:
Fully qualified to practice law and in good standing in preferably Germany, England or Ireland;
3+ years of product or information security experience in a law firm, government entity, or in-house team;
Experience supporting the development of cloud applications and related software offerings are a plus;
English and another European language, preferably French, German, Italian or Spanish;
Experience negotiating security obligations in customer and vendor agreements;
Good analytical abilities to quickly understand complex cybersecurity concepts and regulatory requirements and support the development and appropriate communication of security bulletins, remedial measures, and controls;
Demonstrated ability to establish and maintain appropriate working relationships with all levels of an organization and external contacts, and to work effectively in a professional team environment;
Excellent writing and interpersonal skills, sound judgment, and ability to inspire and collaborate with others in a growing global business; and
Proactive approach to recognizing business and compliance needs, anticipating issues, and applying thorough and thoughtful analysis with exceptional sense of judgment in determining recommended steps and actions relative to product and information security matters.
About Red Hat
Red Hat is the world’s leading provider of enterprise open source software solutions, using a community-powered approach to deliver high-performing Linux, cloud, container, and Kubernetes technologies. Spread across 40+ countries, our associates work flexibly across work environments, from in-office, to office-flex, to fully remote, depending on the requirements of their role. Red Hatters are encouraged to bring their best ideas, no matter their title or tenure. We're a leader in open source because of our open and inclusive environment. We hire creative, passionate people ready to contribute their ideas, help solve complex problems, and make an impact.
Diversity, Equity & Inclusion at Red Hat
Red Hat’s culture is built on the open source principles of transparency, collaboration, and inclusion, where the best ideas can come from anywhere and anyone. When this is realized, it empowers people from diverse backgrounds, perspectives, and experiences to come together to share ideas, challenge the status quo, and drive innovation. Our aspiration is that everyone experiences this culture with equal opportunity and access, and that all voices are not only heard but also celebrated. We hope you will join our celebration, and we welcome and encourage applicants from all the beautiful dimensions of diversity that compose our global village.
Equal Opportunity Policy (EEO)
Red Hat is proud to be an equal opportunity workplace and an affirmative action employer. We review applications for employment without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, ancestry, citizenship, age, veteran status, genetic information, physical or mental disability, medical condition, marital status, or any other basis prohibited by law.
Red Hat does not seek or accept unsolicited resumes or CVs from recruitment agencies. We are not responsible for, and will not pay, any fees, commissions, or any other payment related to unsolicited resumes or CVs except as required in a written contract between Red Hat and the recruitment agency or party requesting payment of a fee.
Red Hat supports individuals with disabilities and provides reasonable accommodations to job applicants. If you need assistance completing our online job application, email application-assistance@redhat.com. General inquiries, such as those regarding the status of a job application, will not receive a reply.