Full-Time Privacy Counsel

Who You Are:

You are a self-starter who can help build and maintain a strong data privacy and security program.  You are not intimidated by handling both long- and short-term responsibilities with moving deadlines that impact multiple teams and the organization as a whole. Above all, you know how to use your sound business and legal judgment to guide the organization to pursue growth. 

What You Will Do:

As a Privacy Counsel, you will be the dedicated privacy and security expert to develop Formstack’s privacy and security programs in conjunction with our Security Team to ensure our customer's information is properly governed and secured. You will collaboratively work with other teams to build global guidelines and act as an escalation point on challenging data protection, privacy, and compliance matters. You will embody Formstack’s core values with internal and external stakeholders to build strong relationships that align with our business model.

How You Will Succeed:

- In conjunction with the General Counsel, develop and lead on strategic aspects of privacy, security, and compliance laws and their applicability to Formstack operations and agreements.

- Develop and maintain policies, workstreams, strategies, and tactics for Formstack privacy, security, and compliance program and contracting process.

- Collaborate across the organization to design and implement enhancements to our global privacy, security, and compliance program, to embed global privacy, security, and compliance best practices, standards, and guidance, as well as to manage incident response processes. 

- Review and negotiate agreements to ensure that contracts meet all requirements, policies, and practices, ensuring successful and timely implementations.

- Working closely with members of Formstack Sales and Support Teams, further develop privacy templates and playbooks for commercial transactions globally, and act as a source of expertise for privacy and data protection issues in the team.

- Advise on key privacy and data protection risks and devise effective risk minimization strategies and compliance initiatives.

- Advise and provide guidance on technical engineering proposals that involve privacy and data protection

- Advise on and negotiate complex data protection/privacy provisions within Formstack’s external agreements.

- Identify requirements of applicable data protection laws and regulations and coordinate to ensure proper data processing and transfer between jurisdictions.

- Evaluate projects involving personal data, ensure data registries are updated, conduct privacy impact assessments, develop practical risk mitigation strategies, and communicate clear requirements to stakeholders.

- Build strong relationships of trust and confidence with internal and external stakeholders to ensure early engagement and align business activities with Formstack policies, legal requirements, and best practices.

- Continuously develop skills and knowledge of the compliance landscape and relevant industries through research, due diligence, training, benchmarking, and other means.

What We Are Looking For:

- Juris Doctor (“JD”) degree from an ABA-accredited law school

- 5-10 years of direct experience in privacy, security, and compliance program management in a consumer-facing corporate environment or negotiating technology-related contracts preferred

- Certified Information Privacy Professional - US (CIPP/US) designation from the International Association of Privacy Professionals (IAPP) is preferred (or similar certification such as CIPM, CIPT, or CIPP/E)

- Experience advising on privacy and data protection, with an understanding of key global privacy regimes, in particular in GDPR and CCPA/CPRA

- Experience negotiating complex commercial contracts

- Strong drafting, analytical, and critical thinking skills as well as commercial acumen

- Fully fluent and able to draft contracts in English

- Excellent legal and business judgment to communicate effectively with all levels of the organization.

- Strong background in cybersecurity or technical implementation as it pertains to protecting and securing data within SaaS applications