As the Sr. Counsel - Data Privacy, you will lead enterprise-wide compliance and governance about data privacy and assist with data privacy incident reporting requirements. You will assess current data privacy processes and policies, collaborate on risk assessments, and liaise with IT and other internal stakeholders to further develop and implement standard operating procedures and best practices across the organization. You will be also responsible for sustaining data privacy compliance through the development of training programs, communications, and audit procedures, and support contract review and own risk assessments in relation to data privacy.  

Responsibilities

Evaluate and Strengthen Privacy Frameworks: Conduct a comprehensive assessment of the organization's current data privacy posture. Design and implement a robust, scalable privacy program aligned with business goals and global regulations (e.g., GDPR, CCPA, LGPD), ensuring compliance and operational excellence.

Drive Strategic Privacy Leadership: Act as a trusted advisor to the business, offering forward-thinking guidance on emerging privacy laws and trends. Influence decision-making at all levels by translating complex legal requirements into actionable business strategies.

Collaborate on Risk Assessments and Mitigation: Partner with IT and cross-functional teams to lead Data Protection Impact Assessments (DPIAs) and other risk evaluations. Provide clear, practical recommendations to mitigate privacy risks and safeguard consumer trust.

Ensure Regulatory Compliance and Continuous Improvement: Monitor evolving privacy regulations and proactively update internal policies, procedures, and systems. Lead regular audits and risk assessments to identify gaps and implement corrective actions.

Champion Privacy Education and Awareness: Develop and deliver engaging training programs to promote a culture of privacy across the organization. Empower employees with the knowledge and tools to uphold data protection standards in their daily work.

Operationalize Privacy Across Channels: Ensure that all personal data collection and processing activities—across digital, in-store, and third-party channels—are compliant with privacy laws and reflected in company policies, contracts, and consumer rights responses.

Lead Governance and Cross-Functional Projects: Support ongoing data privacy governance initiatives. Manage complex projects involving legal, compliance, and business strategies in collaboration with internal stakeholders, external counsel, and service providers.

Serve as a Key Privacy Liaison: Act as the primary contact for vendor privacy inquiries. Coordinate with Legal and IT leadership on regulatory requests and maintain strong relationships with privacy advocacy groups and industry peers.

Enhance Incident Response Readiness: Partner with IT to maintain and evolve the data privacy incident response playbook. Lead coordinated responses to incidents, ensuring timely communication with stakeholders and regulators. Benchmark against industry best practices.

Provide Executive-Level Legal Counsel: Deliver strategic legal advice to senior leadership on complex privacy and regulatory matters. Support business growth while ensuring compliance and risk mitigation.

Manage Records Retention and Compliance: Implement and maintain the company’s records retention policy. Conduct training to ensure consistent understanding and application across departments.

Qualifications

• Juris Doctor (J.D.) from an accredited law school, and active membership in good standing with a U.S. State Bar
• 5–7 years of legal experience in a business environment (e.g., law firm, corporate legal department, or compliance function)
• Demonstrated expertise in global privacy laws, including but not limited to CCPA, CPRA, GDPR, and LGPD
• Proven ability to communicate effectively with senior leadership, including C-suite executives
• Experience delivering training on legal or compliance topics to diverse internal stakeholders
• Strong understanding of operationalizing privacy frameworks and advising organizations on compliance strategies

You’ll Go the Extra Mile if you have 

• In-house legal experience within e-commerce, technology, or social media industries
• Undergraduate degree in Computer Science, Information Systems, or a related technical field
• Professional fluency in Spanish or Portuguese, supporting global privacy initiatives and cross-border collaboration