Privacy Counsel, Americas

We are seeking an experienced Privacy Counsel to join our global Legal, Compliance & Risk team at an exciting period in Trustly's growth. Reporting directly to the Global Head of Privacy & DPO, you will support the implementation and adaptation of Trustly's global privacy framework across the Americas (US, Brazil and Canada), advise on data protection matters, and ensure compliance with the highest privacy standards.

Working closely with Product, Engineering, Marketing and Compliance teams, you will embed privacy by design throughout the organisation. This role requires strong expertise in US privacy laws and regulations with proven experience advising on cross-border data transfers.

The ideal candidate will be a strategic thinker with practical problem-solving abilities, who thrives on partnering closely with business teams to navigate the complex and rapidly evolving privacy landscape.

• →

  Support the execution of Trustly's privacy strategy for the Americas region, ensuring compliance with US federal and state privacy laws (including CCPA/CPRA, applicable state privacy laws, and federal sector-specific regulations such as GLBA and FCRA), Canadian privacy laws (including PIPEDA and Quebec Law 25), and Brazilian privacy law (LGPD);

• →

  Conduct privacy impact assessments for new products, services, features, and business initiatives.

• →

  Provide practical, business-focused legal advice on privacy matters to internal stakeholders.

• →

  Advise on data subject rights requests (including rights to access, opt out etc).

• →

  Support privacy breach preparedness and incident response efforts for the Americas region, including contributing to incident response plans, coordinating breach investigations, and managing notifications to supervisory authorities and communications to data subjects.

• →

  Advise on and support the negotiation of data processing agreements, data transfer mechanisms (including standard contractual clauses, adequacy decisions, and other transfer tools), and privacy terms with vendors, partners, and customers.

• →

  Monitor legislative and regulatory developments affecting privacy and data protection in the Americas, including tracking US federal and state developments, providing timely analysis and recommendations to senior leadership.

• →

  Collaborate closely with the global Privacy & DPO team to ensure alignment on privacy strategies, share best practices, and coordinate cross-regional privacy initiatives.

• →

  Develop and maintain privacy documentation, including records of processing activities, legal advice notes and privacy compliance registers.

• →

  Support privacy-related audits, assessments, and due diligence activities.

• Juris Doctor (JD) degree from an accredited law school and active bar admission in at least one US jurisdiction.

• Minimum of 3-5 years of experience as a privacy attorney (including demonstrated experience advising on GLBA, CCPA, and state data protection laws).

• Demonstrated experience in the FinTech or the payment services sector, with knowledge of the unique privacy challenges and regulatory landscape affecting payments and financial technology companies would be a bonus.

• Experience working as part of a global privacy team, with proven ability to collaborate effectively across multiple jurisdictions and time zones.

• Demonstrated experience handling data subject rights requests and data disclosure requests from law enforcement authorities.

• Strong knowledge of US privacy laws such as CCPA/CPRA, all major state privacy laws, and federal sector-specific regulations such as GLBA and FCRA.

• Some familiarity with Canadian privacy laws (including PIPEDA and provincial privacy laws such as Quebec Law 25) and Brazilian privacy law (LGPD), sufficient to identify relevant issues and support engagement with local counsel where needed.

• Experience advising on cross-border data transfers, including standard contractual clauses, adequacy decisions, and other transfer mechanisms.

• Relevant professional privacy certifications (e.g., CIPP/US, CIPM, CIPT) are highly desirable.

• Strong interpersonal and communication skills and the ability to explain complex legal issues in simple terms.

• Entrepreneurial and creative by nature, with a bias for action.

• Strong legal drafting skills, with experience developing privacy policies, notices, consent mechanisms, data processing agreements, and controller-processor agreements.

• Strong project management skills and ability to manage multiple complex privacy initiatives simultaneously.

• Proven ability to provide practical, business-oriented privacy advice that balances legal compliance with business objectives.

• Experience managing data breach incidents, including regulatory notifications to supervisory authorities and communications with affected data subjects.

• Strong analytical and problem-solving skills, with the ability to assess privacy risks and develop pragmatic solutions.

• Willingness to work flexible hours to collaborate with global privacy team members across different time zones