Head of Legal & Compliance

Head of Legal & Compliance Location: Remote (Canada) Department: Legal Reports to: COO / Co-Founders Type: Full-time, Permanent Salary: CA$150,000 Website: https://prospeo.io About Prospeo Prospeo is a B2B SaaS sales intelligence platform used by over 2,000 companies worldwide. We help sales teams find verified contact data with 97%+ accuracy through triple verification, and Clay, the leading GTM data platform, ranks Prospeo as the most accurate provider in the industry. We are seeing massive growth and changing how the sales intelligence industry works.

Our team of 20 is scaling fast, and we are looking for our first dedicated legal hire to build and own the legal function as we scale.

The Role

You will build and own the legal function at Prospeo. Operating a data-driven product means legal, privacy, and compliance sit at the core of the business. This is a hands-on role: you will own our commercial contracts, run our data privacy program, serve as our Data Protection Officer, and lead our security certification work.

This is an individual contributor role with full autonomy, reporting directly to the co-founders. You will own a function that touches every part of the business, and you can bring in external specialists when a matter calls for it. The right person is a hands-on lawyer who thrives in ambiguity, uses AI as a daily tool to multiply their output.

The ideal candidate is able to build a legal function from the ground up and wants to grow in a fast-paced, well-recognized startup.

Responsibilities Commercial Legal

• Draft, review, and negotiate commercial contracts, terms of service, DPAs, NDAs, partnership agreements, and vendor agreements
• Own, improve, and standardize Prospeo's contract templates, and review existing agreements
• Serve as the go-to resource for all legal questions across the company
• Advise the founders on legal risk in product, sales, marketing, and partnership decisions
• Manage commercial and legal correspondence with partners and counterparties, and engage external counsel when specialist input is needed Data Privacy & DPO
• Serve as Prospeo's Data Protection Officer and run the data privacy program directly and hands-on
• Own GDPR, CCPA, PIPEDA, UK GDPR, and other applicable privacy frameworks end to end
• Handle data subject and deletion requests, and build scalable systems to manage them
• Maintain privacy policies, records of processing, and internal privacy training
• Manage data broker registrations and regulatory filings across the jurisdictions where Prospeo operates
• Develop and own the company's privacy and compliance risk-management approach Security Certification
• Lead Prospeo's SOC 2 Type II and ISO 27001 certification, working with an external auditor and a compliance automation platform (Vanta, Drata, or similar)
• Coordinate with engineering to scope and implement the security controls, policies, and monitoring required for certification
• Own audit readiness and the audit cycle relationship Requirements
• A law degree (JD or equivalent qualification to practice law)
• CIPP/E, CIPM, or equivalent data privacy certification
• 5+ years of hands-on experience in legal, privacy, or compliance work
• Hands-on experience with data privacy law, specifically GDPR and/or CCPA, including managing data subject requests and drafting DPAs
• The capability and willingness to serve as the company's Data Protection Officer and run data privacy directly
• Strong contract drafting, review, and negotiation skills (DPAs, NDAs, ToS, partnerships, vendor agreements)
• Working knowledge of the security compliance domain (security controls, policies, and how a SOC 2 or ISO 27001 audit runs), enough to lead the certification with an external auditor
• Proficient in using AI tools (e.g. ChatGPT, Claude) to accelerate legal research, contract drafting, policy writing, and compliance workflows, while applying your own expertise to validate every output
• Highly autonomous and self-directed, able to operate with minimal supervision in a fast-paced startup environment
• Fluent professional English Nice to Have
• Hands-on experience completing a SOC 2 or ISO 27001 certification
• Experience at a B2B SaaS company
• Experience in the sales intelligence, data enrichment, or data brokerage industry
• Prior experience as a designated Data Protection Officer
• Familiarity with Canadian corporate and employment law What We Offer
• Competitive salary: CA$150,000
• Full ownership of a critical function with a direct line to the co-founders
• Fully remote within Canada
• Growth opportunity in a fast growing company, with performance reviews every 6 months
• AI-forward environment: we actively encourage using AI tools to work smarter and faster Benefits:
• Extended health care
• Paid time off
• Work from home
• Gym Membership
• Toronto Office with On-site parking.