Privacy Counsel, Americas

Support the execution of Trustly's privacy strategy for the Americas region, ensuring compliance with US federal and state privacy laws (including CCPA/CPRA, applicable state privacy laws, and federal sector-specific regulations such as GLBA and FCRA), Canadian privacy laws (including PIPEDA and Quebec Law 25), and Brazilian privacy law (LGPD);

Conduct privacy impact assessments for new products, services, features, and business initiatives.

Provide practical, business-focused legal advice on privacy matters to internal stakeholders.

Advise on data subject rights requests (including rights to access, opt out etc).

Support privacy breach preparedness and incident response efforts for the Americas region, including contributing to incident response plans, coordinating breach investigations, and managing notifications to supervisory authorities and communications to data subjects.

Advise on and support the negotiation of data processing agreements, data transfer mechanisms (including standard contractual clauses, adequacy decisions, and other transfer tools), and privacy terms with vendors, partners, and customers.

Monitor legislative and regulatory developments affecting privacy and data protection in the Americas, including tracking US federal and state developments, providing timely analysis and recommendations to senior leadership.

Collaborate closely with the global Privacy & DPO team to ensure alignment on privacy strategies, share best practices, and coordinate cross-regional privacy initiatives.

Develop and maintain privacy documentation, including records of processing activities, legal advice notes and privacy compliance registers.

Support privacy-related audits, assessments, and due diligence activities.

Juris Doctor (JD) degree from an accredited law school and active bar admission in at least one US jurisdiction.

Minimum of 3-5 years of experience as a privacy attorney (including demonstrated experience advising on GLBA, CCPA, and state data protection laws).

Demonstrated experience in the FinTech or the payment services sector, with knowledge of the unique privacy challenges and regulatory landscape affecting payments and financial technology companies would be a bonus.

Experience working as part of a global privacy team, with proven ability to collaborate effectively across multiple jurisdictions and time zones.

Demonstrated experience handling data subject rights requests and data disclosure requests from law enforcement authorities.

Strong knowledge of US privacy laws such as CCPA/CPRA, all major state privacy laws, and federal sector-specific regulations such as GLBA and FCRA.

Some familiarity with Canadian privacy laws (including PIPEDA and provincial privacy laws such as Quebec Law 25) and Brazilian privacy law (LGPD), sufficient to identify relevant issues and support engagement with local counsel where needed.

Experience advising on cross-border data transfers, including standard contractual clauses, adequacy decisions, and other transfer mechanisms.

Relevant professional privacy certifications (e.g., CIPP/US, CIPM, CIPT) are highly desirable.

Strong interpersonal and communication skills and the ability to explain complex legal issues in simple terms.

Entrepreneurial and creative by nature, with a bias for action.

Strong legal drafting skills, with experience developing privacy policies, notices, consent mechanisms, data processing agreements, and controller-processor agreements.

Strong project management skills and ability to manage multiple complex privacy initiatives simultaneously.

Proven ability to provide practical, business-oriented privacy advice that balances legal compliance with business objectives.

Experience managing data breach incidents, including regulatory notifications to supervisory authorities and communications with affected data subjects.

Strong analytical and problem-solving skills, with the ability to assess privacy risks and develop pragmatic solutions.

Willingness to work flexible hours to collaborate with global privacy team members across different time zones