You will be the primary in-house legal resource on regulatory and privacy matters, working closely with the SVP, Legal & Compliance and outside counsel to keep Greenlight moving at speed while managing risk thoughtfully.

Your day-to-day:

• Serve as primary in-house advisor on financial services regulation, including Reg E, Reg Z, UDAAP, GLBA, and state-level requirements
• Support bank partner relationships on regulatory compliance matters
• Partner with Product and Business Development on regulatory feasibility of new initiatives, ensuring compliance is built in from the start
• Own ongoing Terms of Service updates and cardholder agreement revisions for product launches
• Manage and direct outside regulatory counsel efficiently, serving as the primary in-house point of contact for outside counsel on regulatory matters
• Serve as in-house privacy counsel, owning day-to-day privacy matters including data subject requests, vendor DPAs, and AI addenda
• Manage ongoing COPPA compliance, including the 2025 COPPA amendments, and state privacy law compliance across applicable jurisdictions
• Oversee privacy tools including Transcend (data deletion automation) and TerraTrue (data mapping), in partnership with the security and engineering teams
• Support periodic privacy program reviews and manage outside privacy counsel engagement
• Provide legal support for hardware product launches, including consumer-facing terms, warranties, refund policies, and fee disclosures
• Partner with Product and Compliance on new product assessment and legal review through the product lifecycle
• Advise on packaging, export control, and regulatory considerations unique to physical consumer products
• Support regulatory review of new product initiatives from concept through launch

Who you are:

• You thrive in a high-growth environment where priorities shift quickly and the regulatory landscape is constantly in flux
• You are a clear communicator who can translate dense legal and regulatory requirements into practical, plain-English guidance for non-legal stakeholders
• You are comfortable working independently, managing outside counsel relationships, and making judgment calls without hand-holding
• You can juggle multiple workstreams simultaneously without losing track of the details
• You bring good judgment on when to escalate and when to run with something

What you’ll bring to the team:

• A J.D. from an accredited U.S. law school and active license to practice law in at least one U.S. jurisdiction.
• 5–8 years of legal experience, with meaningful in-house or law firm experience in fintech, consumer finance, or regulated financial services
• 2+ years of Law firm experience
• Prior experience in a consumer-facing fintech or regulated financial services environment strongly preferred; experience working with bank partners or in a program manager structure a plus.
• Hands-on experience with financial services regulation, including Reg E (including prepaid rules), Reg Z, UDAAP, and GLBA.
• Privacy experience including COPPA, CCPA/state privacy laws, and data processing agreements.
• Hardware, IoT, or consumer product legal experience is a plus but not required.
• Familiarity with legal operations tools (Ironclad or similar) a plus.

Additional Information

Our stance on salaries: Greenlight provides a competitive compensation package with a market-based approach to pay and will vary depending on your location, experience and skill set. The total compensation package for this position will also include a discretionary performance bonus, equity rewards, medical benefits, 401K match, and more. Greenlight conducts continuous compensation evaluations across departments and geographies to ensure we are keeping our pay current and competitive.

The estimated base pay range for this position in (NY, CA, WA): $165,000-220,000

The estimated base pay range for this position in (CO): $165,000-200,000

XML job scraping automation by YubHub

Your day-to-day will involve leading security architecture/design review and threat modeling sessions with product and engineering teams, translating threats into actionable, risk-rated engineering remediations prioritized by severity, conducting hands-on penetration testing and security assessments across our full product stack, and driving PSIRT operations by triaging incoming vulnerability reports, leading technical investigations, coordinating remediation with engineering, scoring severity (CVSS), managing coordinated disclosure with external researchers, and on-call incidents.

You will also shape the posture of our AI-assisted development environment, defining and enforcing enterprise policies for Claude and Cursor, and partner across the organization, sitting in design review with architects, advising product managers and engineering teams on security and compliance implications of new features, briefing executives on emerging AI threats, mentoring junior security engineers, and collaborating with the AI team on securing ML pipelines.

As a champion of security culture, you will run developer training on secure coding with AI assistants, evangelize security by design for products, and ensure every engineer understands that product security is an enabler and not a gate.

You will bring 10+ years of product security experience spanning application security, cloud security, and secure SDLC, expert-level threat modeling using STRIDE, PASTA, or equivalent across web, mobile, cloud, embedded, and AI systems, hands-on penetration testing skills across applications, API, cloud infrastructure, and hardware/firmware, and deep hands-down AI security expertise and expert-level understanding of OWASP Top 10 for LLM, API, Web, Mobile, and practical experience with MITRE.

You will have strong hands-on experience in security tools SAST, DAST, SCA, and securing AI development tools specifically Claude and Cursor, and understand MCP security risks and know how to architect enterprise guardrails that enable safe AI-assisted development.

You will also have strong programming ability and capability to review code, build security tools, automate workflows, and be credible with the engineering teams you partner with.

Preferred experience includes hardware and embedded security experience with knowledge of secure boot, firmware integrity, hardware root of trust, and IoT threat modeling experience, and experience in the Financial industry, knowledge of PCI DSS, COPPA, or demonstrated ability to learn regulated domains quickly.

Work perks at Greenlight include medical, dental, vision, and HSA match, paid life insurance, AD&D, and disability benefits, traditional 401k with company match, unlimited PTO, paid company holidays and pop-up bonus holidays, professional development stipends, mental health resources, 1:1 financial planners, fertility healthcare, 100% paid parental and caregiving leave, plus cleaning service and meals during your leave, flexible WFH, both remote and in-office opportunities, fully stocked kitchen, catered lunches, and occasional in-office happy hours, and employee resource groups.

XML job scraping automation by YubHub