Privacy Counsel

Privacy Counsel

at Square

San Francisco, CA

Company Description

We believe everyone should be able to participate and thrive in the economy. So we’re building tools that make commerce easier and more accessible to all. We started with a little white credit card reader but haven’t stopped there. Our new reader helps our sellers accept chip cards and NFC payments, and our Cash app lets people pay each other back instantly. We’re empowering the independent electrician to send invoices, setting up the favorite food truck with a delivery option, helping the ice cream shop pay its employees, and giving the burgeoning coffee chain capital for a second, third, and fourth location. Let’s shorten the distance between having an idea and making a living from it. We’re here to help sellers of all sizes start, run, and grow their business—and helping them grow their business is good business for everyone.

Job Description

As Privacy Counsel, you’ll have a broad range of responsibilities providing legal guidance on global initiatives impacting privacy, data protection and security. You will partner cross-functionally with our InfoSec, procurement, engineering, product and other teams to advise on data uses while managing legal risk and ensuring regulatory compliance. You will also be called upon to provide privacy and data security subject matter expertise to our commercial attorneys as they negotiate complex commercial deals that contribute to our products’ success. As we expand our offerings, your ideas and contributions will make an immediate impact.  

You Will:

  • Provide privacy and data security subject-matter expertise and guidance to cross-functional legal colleagues (including product, employment and commercial counsel), InfoSec, procurement, product, and engineering teams

  • Respond to privacy and security-related customer and regulatory inquiries and investigations, and draft regulatory filings, coordinating such responses with global positions

  • Draft external privacy notices and disclosures, and manage/update internal policies and procedures to ensure compliance with global laws bearing on privacy and cybersecurity

  • Help develop, enhance, scale and run the existing global privacy program, including privacy operations and documentation; employee training; policy enforcement, monitoring and auditing; and incident response.  Ensure the program’s ongoing, consistent and efficient operation

  • Work with the Data Security Governance, Compliance, Trust & Safety and InfoSec teams to scope and perform periodic data privacy risk assessments, mitigation and remediation, including data control design and monitoring, as well as the mitigation of privacy and security risks.

  • Remain up-to-date on relevant consumer protection, privacy and data security laws and regulations, as well as on technological developments, threat vectors, and evolving industry standards to ensure an ongoing ability to provide sound compliance advice


You Have:

  • 6+ years of combined, relevant experience in law firms, governmental agencies, and/or in-house legal departments

  • Experience providing pragmatic and actionable advice to clients on various legal risks and obligations under privacy and data security laws in the U.S., Canada, and Europe (including Privacy Shield and GDPR).  Experience with APAC privacy and data security laws a plus

  • Developed and implemented external privacy notices

  • Advised on and managed internal policies and procedures on data use, security, and privacy  

  • Fluency translating legal advice into actionable guidance for innovative product, engineering, InfoSec, and business teams.  Product counseling experience is a plus

  • Technophilia, and a desire to learn and understand technology as well as you understand the law.  Experience advising on data uses in artificial intelligence and machine learning a plus

  • Experience driving, prioritizing, and effectively managing cross-functional initiatives, and an ability to both work independently and with large multi-stakeholder teams

  • Sharp analytical and communication skills, are diligent, proactive, collaborative, and have demonstrated excellent legal and business judgment and strategic thinking

  • Experience advising on privacy and data security in commercial transactions a plus

  • Sound and practical business judgment, intellectual creativity, strong ethical compass, and problem-solving skills

  • A JD and active membership in at least one state bar