Senior Privacy Counsel

About the Role:

Gusto is looking for a Senior Privacy Counsel to help execute on the objectives and strategy for our Privacy Program. Gusto customers trust us with highly-sensitive, personally identifiable information (PII) and protected health information (PHI) when they sign up for or use our services. As a result, safeguarding our customers' data privacy is a top consideration in everything we do here at Gusto. This requires Gusto to be innovative, forward thinking, and transparent about privacy and our commitment to compliance. While reporting to our Global Head of Privacy, this person will play a critical support role in creating, implementing, and driving internal adoption of our privacy here at Gusto.

About the Team:

You will be joining the Legal & Compliance team at Gusto, reporting to the Global Head of Privacy and helping to build out a larger Privacy team and function. You will work closely with members of the Legal team, as well as various cross-departmental partners throughout the business.

Here's what you'll do day-to-day:

• Assist with the design and implementation of our Global Privacy Program at all levels

• Advise on various applicable laws and regulations, including CCPA/CPRA and other state variations, HIPAA-HITECH, GDPR, and help to address and mitigate gaps

• Play a key role in maintaining strong elements of a Privacy Program, including data mapping, vendor onboarding, record retention, data subject access requests, privacy notices

• Help build strong cross-departmental relationships with key stakeholders at all levels

• Get in the weeds with technical partners across Security & IT, Product, Engineering, Design, and Data to discuss trade offs, define the optimal path, and help advance great decisions

• Work with the Privacy Office and our Legal team to drive quick but informed decision making, and help them get unblocked

Here's what we're looking for:

• J.D. from an accredited law school and admitted to practice law in at least one state

• 5-7 years of relevant, dedicated privacy experience (preferably including at a late-stage, private and/or public SaaS company), with at least 3 years of relevant in-house experience

• Demonstrable expertise in responding and handling security incidents and data breaches

• Experience implementing technical and organizational solutions for downstream legislative requirements

• Strong negotiation skills specific to data processing agreements and business associate agreements

• Exemplary communication skills and proven ability to educate, inspire, and drive support for the privacy function

• Strong problem solving skills to evaluate solutions and then empower others to deliver

• The ability to produce work product that demonstrates subject matter expertise in a detail-oriented fashion

• Ability to independently drive accountability and influence outcomes, while balancing legal risk mitigation against key business objectives and risks

• A strategic mindset with respect to long-term privacy compliance

• CIPP/US, CIPP/E, CIPM, or other relevant privacy certifications

• Collegiality, accountability, and a sense of humor

Our cash compensation amount for this role is targeted at $190,000 - $236,000 in San Francisco. Final offer amounts are determined by multiple factors including candidate location, experience and expertise and may vary from the amounts listed above.