Shopify's Privacy Team works on cutting-edge technology issues alongside product and engineering teams to help them build and protect the innovative products that Shopify offers. The team is responsible for advising the business and other legal teams on privacy and data protection law, and continuing to mature our privacy program.
Success on the Shopify Legal Team requires intellect, humility and a sense of humor. You need to take the work seriously, but not take yourself too seriously. You also need to be comfortable with being uncomfortable, able to work with many different types of personalities, really connect with people and earn their trust, and enjoy working as a team player. You will handle complicated matters with empathy and professionalism, striking a balance between legal requirements while maintaining our incredible workplace.
We are looking for an experienced privacy attorney who is able to both work independently and collaborate across functions, including product, legal, compliance, and engineering teams. You'll need to be energized by working in a fast-paced environment and tackling complex problems without clear answers. You need to be enough of a generalist to issue spot and triage a broad range of privacy risks globally, with the ability to go deep and learn quickly when needed. Seeking high performing team players, not wannabe superstars. This role reports to the Director, Privacy Legal.
Responsibilities:
Providing expert privacy support for complex product counseling and commercial negotiations with strategic partners.
Developing cross-functional resources that scale the privacy function.
Identifying and managing cross-functional strategic initiatives that will substantially push Shopify's privacy and data protection practices forward.
Serving as subject matter expert assisting in commercial negotiations with merchants, vendors, and partners.
Collaborating with senior leaders on the Legal Team and around the company to appropriately train Shopifolk to identify, respond to, and properly escalate privacy and data protection issues.
Maintaining subject matter expertise in new and evolving areas of global privacy law.
Requirements:
A J.D. or LL.B with a license to practice law in the United States or in Canada.
8+ years of relevant legal experience, ideally having started out at a law firm, followed by in-house experience.
Substantial experience advising on a broad spectrum of privacy and data protection matters, including GDPR and CCPA compliance.
Proven ability to create strategy and vision, as well as manage the execution of the work.
Exceptional business judgment, analytical thinking, problem-solving and relationship-building skills.
Experience managing external legal counsel.
Technical literacy - must be curious and engaged in learning about technology, and able to parse and understand engineers' descriptions of technical systems.
A privacy certification (e.g., CIPP/US, CIPP/E, CIPM) is a plus but not required.