Data Governance Lead
Reflection · San Francisco, CA · 3 wk ago
On-siteInformation TechnologyFull-time
About the role
Own dataset provenance, training-data summaries, DPIAs, and the privacy and compliance posture of Reflection AI's training and evaluation data — so that every model we ship has auditable, regulator-grade evidence of its data lineage, licensing, privacy posture, and risk mitigations.
Responsibilities
- Produce audit-ready data provenance records and training-data summaries for every production model — documenting origin, transformations, labeler provenance, and data quality so we can satisfy auditors, enterprise customers, and regulators on demand.
- Own Data Protection Impact Assessments (DPIAs) end-to-end: drive them to completion with Legal, and publish DPIA outputs alongside model documentation to meet EU AI Act and GDPR expectations.
- Enforce prohibited-source and license controls at data intake — preventing risky or non-compliant data from ever reaching a training run — and maintain a verified provenance and approval log for all vendor datasets.
- Keep the company DSAR-ready by producing lineage reports that map model outputs back to source data and subject controls, enabling timely and accurate responses to data subject requests.
- Assemble and maintain defensible evidence bundles — data manifests, DPIAs, consent and license records — into the enterprise evidence store so that audits and customer security reviews are straightforward and fast.
- Log data findings in the risk register, drive remediation with the relevant owners, and report residual risk to governance forums and senior leadership on a regular cadence.
- Partner with Research, Engineering, Legal, and Security to establish data ownership structures, access controls, and stewardship practices across all training, evaluation, and internal data assets.
- Champion a culture of data literacy and responsible data use — building runbooks, intake checklists, and guidelines that help teams make confident, compliant decisions without bottlenecking on you.
Requirements
- 5+ years in data governance, data privacy, or a closely related discipline — with meaningful experience at a technology company handling large-scale or sensitive datasets.
- Hands-on experience conducting and owning DPIAs, privacy assessments, and data protection documentation — ideally in a context where these were reviewed by external auditors or regulators.
- Deep working knowledge of GDPR, CCPA/CPRA, and the EU AI Act — and the ability to translate regulatory requirements into concrete, operationalizable policies and controls.
- Experience with training data provenance, dataset licensing, and consent management in an ML or AI context — you understand why labeler provenance and data lineage matter for model accountability, not just compliance.
- Familiarity with compliance-as-code approaches: you've worked with or built automated data validation gates, policy-enforcement pipelines, or pre-deployment checks tied to data quality and compliance metadata.
- Technical fluency with cloud data infrastructure (AWS, GCP, or Azure), data warehouses (BigQuery, Snowflake), and data cataloging or lineage tools — enough to design controls and engage credibly with engineering teams.
- Experience building and maintaining risk registers, evidence stores, and audit documentation — you know what "regulator-grade" evidence looks like in practice.
- Demonstrated ability to drive cross-functional alignment across Legal, Security, Research, and Engineering, including influencing without formal authority in a fast-moving environment.
- A builder's mindset: you're energized by 0→1 work, comfortable creating structure where little exists, and pragmatic enough to ship imperfect-but-useful processes on the way to ideal ones.
Qualifications
- Relevant certifications (CDMP, CIPP/E, or similar) are a plus — but track record and demonstrated impact matter more than credentials.
Skills
- Data Governance
- Data Privacy
- Data Protection Impact Assessments (DPIAs)
- GDPR, CCPA/CPRA, EU AI Act
- Data Provenance
- Dataset Licensing
- Consent Management
- Compliance-as-Code
- Cloud Data Infrastructure
- Data Warehouses
- Data Cataloging
- Data Lineage Tools
- Risk Registers
- Evidence Stores
- Audit Documentation
- Collaboration Across Teams
- Builder's Mindset
Benefits
- Top-tier compensation
- Stock options
- Health & wellness benefits
- Meals provided in the office daily
- Paid parental leave
- Unlimited paid time off in the U.S. and 30 days in the U.K.
- Sponsorship support
- Team building activities
Pay
Salary and equity structured to recognize and retain our talent globally.
Schedule
Not specified.