About Nothing
Nothing exists to make tech feel exciting again.
We’re building a different kind of technology company, one that puts design, emotion, and human creativity at the heart of everything we do. From the way our products look and feel to how we communicate and show up in culture, we believe technology should make you feel something.
Founded in London in 2020, we’ve grown from idea to global challenger in just a few years. Backed by GV (Google Ventures), EQT Ventures, and C Ventures, and investors like Tony Fadell (iPod), Casey Neistat, and Kevin Lin (Twitch), we’re now sold in 40+ markets with millions of users worldwide.
The Role
Essential is Nothing’s suite of AI tools and services: on-device intelligence, cloud-assisted features, memory, search, and eventually ambient experiences across our OS and device ecosystem. For users to lean into this, they need confidence that we treat their data with precision, restraint, and respect. Your job is to make that system even more robust and understood across the market.
As Technical Product Manager for Privacy & Security, you are the owner of how we collect, move, store, and expose user data across Essential and its connected OS surfaces. More broadly, you connect three worlds: (1) security engineering, (2) privacy-by-design, and (3) regulatory reality, into one clear, opinionated system that lets us move fast without being reckless.
This is an individual contributor role for someone technical, product-minded, and systems-oriented. You see the whole stack, design pragmatic guardrails, help teams ship safely, and over time define where dedicated engineering investment is needed.
What you’ll do
1. Map the system. Build an end-to-end view of data flows across Essential and the OS (signals, SDKs, telemetry, identity, cloud services, AI features, storage). Define what we collect, why, where it lives, who can access it, and how long we keep it. Maintain a single source of truth.
2. Define guardrails. Create clear, risk-based rules for when privacy/security review is required. Turn them into simple requirements for PRDs, designs, and launches.
3. Close the right gaps. Work with engineering to prioritise and deliver high-impact fixes. Access and secrets hygiene, pipelines, storage configuration, consent flows, auditability. Use external specialists where needed. Keep a transparent backlog.
4. Build compliant-by-design flows. Partner with Legal on GDPR and similar frameworks and express them as concrete product and technical decisions (consent, minimisation, retention, deletion, data subject rights). Ensure what we document matches what we do.
5. Shape how trust appears in-product. Collaborate with Design, Brand, and Product to create understandable prompts, clear controls, and sensible defaults, so that privacy and security are integrated into the Essential experience.
6. Prepare for scale. As priorities solidify, define the profiles for a focused privacy/security engineering function to support Essential and OS surfaces.
What we’re looking for
7. Deeply technical & system-minded. Comfortable with architecture diagrams, data flows, APIs, storage, IAM, encryption, and logging; able to separate real risk from noise.
8. Product-led view on privacy. You think in user journeys and trade-offs and can propose safe, minimal changes that keep features shippable.
9. Regulatory fluency. Experience with GDPR or similar: lawful basis, minimisation, DPIAs, controller/processor roles, deletion and DSR workflows; you know when to pull in counsel.
10. Operational sharpness. You turn ambiguity into plans. Inventories, gaps, owners, timelines; you drive follow-through without heavy process.
11. Clear communication. Concise writing, strong documentation, ability to align product, engineering, legal, and leadership on “how we handle data here”.
12. High ownership. Hands-on, detail-aware, calm. Comfortable being accountable while others execute parts of the work.
You’ll bring
13. 5-8+ years in roles such as privacy engineer, security engineer/architect, or technical product manager in a data-rich or consumer tech environment.
14. Experience with modern cloud stacks (AWS/GCP), analytics/event pipelines, and API-driven architectures.
15. A track record of implementing pragmatic privacy/security practices in fast-paced teams.
16. Experience collaborating with legal/privacy counsel on live products.