Senior Privacy Counsel, Americas

WHAT YOU'LL DO

• Work closely with Product Counsel across the Americas region, serving as the specialist privacy resource to be engaged on complex privacy matters, regulatory queries, and high-risk data processing activities.
• Develop and execute Trustly's privacy and data protection strategy for the Americas region, ensuring compliance with US federal and state privacy laws (CCPA, state privacy laws), Canadian privacy laws (PIPEDA, Quebec Law 25), and Brazilian privacy law (LGPD).
• Provide specialist, in-depth privacy advice, ensuring complex privacy issues are resolved effectively.
• In collaboration with the wider Privacy & DPO Team, implement and adapt Trustly's global privacy framework to ensure compliance with US, Canadian, and Brazilian requirements.
• Conduct and oversee privacy impact assessments (PIAs) and data protection impact assessments (DPIAs) for new products, services, features, and business initiatives.
• Provide specialist privacy by design guidance to embed into product and engineering workstreams as required.
• Manage data subject rights requests and handle data disclosure requests from federal law enforcement agencies, ensuring timely and compliant responses.
• Lead privacy breach preparedness and incident response efforts for the Americas region, including developing incident response plans, coordinating breach investigations, and managing regulatory notifications.
• Monitor legislative and regulatory developments affecting privacy and data protection in the Americas, providing timely analysis and recommendations to senior leadership.
• In collaboration with the DPO, manage engagements with privacy regulators in the Americas, including US state attorneys general offices, federal agencies, the Office of the Privacy Commissioner of Canada (OPC), and the Brazilian National Data Protection Authority (ANPD).
• Collaborate closely with the global Privacy & DPO team to ensure alignment on privacy strategies, share best practices, and coordinate cross-regional privacy initiatives.
• Develop and maintain privacy documentation, including data inventories, records of processing activities, and privacy compliance registers.

WHO YOU ARE

• Juris Doctor (JD) degree from an accredited law school and active bar admission in at least one US jurisdiction, with 7-10 years of experience as a privacy lawyer at a technology company, including strong training at a reputable law firm.
• Proven experience in a consumer-facing environment, with deep understanding of consumer privacy expectations and regulatory requirements in the FinTech or payment services sector.
• Experience working as part of a global privacy team, with proven ability to collaborate effectively across multiple jurisdictions and time zones.
• Deep expertise in US privacy laws and regulations, including CCPA/CPRA, all major state privacy laws, and federal sector-specific regulations such as GLBA and FCRA, with the ability to advise on novel and complex US privacy issues without external support.
• Working knowledge of Canadian privacy laws (including PIPEDA and provincial privacy laws such as Quebec Law 25) and Brazilian privacy law (LGPD), sufficient to identify issues and engage local counsel where needed.
• Experience handling data subject rights requests and data disclosure requests from federal law enforcement agencies.
• Experience implementing privacy by design principles and working closely with Product and Engineering teams to embed privacy into technology development, with excellent legal drafting skills for privacy policies, notices, consent mechanisms, and data processing agreements.
• Entrepreneurial and creative by nature with a bias for action, strong project management skills to manage multiple complex privacy initiatives simultaneously, and proven ability to provide practical, business-oriented privacy advice that balances legal compliance with business objectives.
• Exceptional interpersonal and communication skills with the ability to explain complex legal issues in simple terms, strong understanding of international privacy frameworks including GDPR, and experience advising on cross-border data transfers.
• Relevant professional privacy certifications (e.g., CIPP/US, CIPP/C, CIPM, CIPT) are highly desirable.
• Willingness to work flexible hours to collaborate with global privacy team members across different time zones and travel occasionally for meetings.