Data Privacy & Compliance Officer

EverQuote is seeking a Data Privacy & Compliance Officer to join its growing and dynamic team. The Data Privacy & Compliance Officer’s primary job responsibility will be to provide privacy and compliance support to EverQuote’s General Counsel, Deputy General Counsel & Chief Compliance Officer, and Associate General Counsel for Business Development.

This is a small team, and any candidate must be a team player, able and willing to work on crossover projects and able to pick up complex concepts and communicate effectively to both internal and external constituents. The position will allow the candidate to work collaboratively with multiple internal teams (Sales, Business Development, Technology, Analytics) and external customers, and interface with government regulators. The ideal candidate will be intellectually curious, a self-starter, have a strong attention to detail, and be able to work under time sensitive deadlines. Excellent written and verbal communication skills are required.

This is a hybrid role that requires being in our Cambridge office several days a week.

What you’ll do:

• Assisting the Chief Compliance Officer/Deputy General Counsel on company regulatory, compliance and operational matters
• Developing and implementing comprehensive data protection and compliance policies and procedures in alignment with applicable privacy and advertising laws and regulations
• Conducting data protection impact assessments to identify and mitigate privacy risks associated with processing personal data
• Monitoring compliance with data protection and marketing laws, organizational policies, and data processing agreements
• Communicating with government regulators and B2B customers
• Acting as point of contact for data subjects regarding all issues related to their personal data and its processing and managing data subject access requests, such as access, rectification, erasure, or data portability, in a timely manner
• Collaborating with IT and security teams to ensure that technical and organizational measures for data protection are in place and effective
• Providing training and awareness programs for staff to promote a culture of compliance for data privacy and marketing throughout the organization
• Reporting to top management on data protection issues, risks, and the effectiveness of the data protection program
• Keeping abreast of changes and developments in data protection and marketing laws and practices to ensure ongoing compliance
• Providing assistance in connection with data security incidents
• Overseeing external vendors and work with HR to configure and track employee trainings on required compliance training and education programs
• Supporting litigation and responding to subpoenas, as needed
• Research and develop regulatory compliance checklists and workflows for FCC/TCPA regulations, FTC/Truth in Advertising requirements, CAN-SPAM, CCPA and other state privacy statutes, GDPR, and other compliance matters
• Direct liaison to business units for general legal support and regulatory advice
• Coordinate with external legal counsel as required
• Assisting with the periodic testing of the company’s compliance policies and procedures
• Supporting the company’s evaluation, adoption, and use of a third-party compliance technology platform
• AssistIng with the onboarding training of new employees
• Assist with the compliance review of the firm’s cybersecurity-related and technology infrastructure projects and initiatives
• Support additional compliance initiatives that may arise

• Help prepare, maintain and file corporate records, filings and organization documents for new and existing entities
• Assist with due diligence including document collection and review, and due diligence research and review for corporate transactions or as and when requested
• Assist with intellectual property, trademark and copyright portfolio management
• Coordinate and manage requests and communications with external legal counsel and service providers
• Assisting the Associate General Counsel with contract amendments, terminations and administration

Who you are:

• Must be able to work well with others and build effective team relationships
• Self-motivated with a high sense of professional ethics and integrity
• Highly organized with the demonstrated capability to handle multiple tasks and projects efficiently in a fast-paced and dynamic environment
• At least 7-10 years of experience in data privacy and/or marketing compliance
• Bachelor’s degree required, and relevant advanced degree (e.g., MBA or JD) viewed favorably
• IAPP certifications (e.g., CIPP-US) preferred
• Excellent written and verbal communication skills as well as analytical, problem solving and decision-making skills.
• Ability to work independently and maintain a high degree of confidentiality.
• Possess a strong working knowledge of Google suite programs in addition to IronClad, DocuSign
• Working knowledge of contracts, transactional, and general corporate and business areas
• Ability to compile and analyze data and furnish information in report format, written correspondence, email, or verbally
• Ability to review, analyze and summarize information from legal documents and materials
• Must deliver high quality work product and display ownership, having the ability to plan, organize and complete multiple related tasks and follow up and follow through.
• Comfortable taking ownership of projects, including appropriate follow-up.

We get it. Requirements can sometimes hold people back from applying to a job, but don’t let that be the case here. If you believe you have the skills it takes to elevate this role, team, and company, we encourage you to apply for this role.

About Us:

EverQuote (Nasdaq: EVER) operates the largest online marketplace for insurance shopping in the United States. We make insurance shopping easy, efficient and personal, saving consumers and providers time and money. Our goal is to reshape the way consumers shop and improve the way insurance providers attract and connect with customers as insurance shopping continues to shift online.

EverQuote is committed to building an equitable, diverse and inclusive workplace. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, marital status, national origin, genetics, disability, age, or veteran status.