Manager, Privacy Compliance
Affirm · New York, NY · 1 wk ago
RemoteRemoteLegal$165k–$225k/yrFull-time
About the role
The Compliance Manager, Privacy operates within the second line of defense and is responsible for oversight and governance of the Privacy compliance program. This role translates legal and regulatory requirements into policies, standards, and control expectations, and provides independent monitoring and challenge to support effective implementation by first-line teams.
Responsibilities
- Support oversight of the existing Privacy compliance program across jurisdictions, with primary focus on U.S. requirements and alignment to global privacy obligations, where required
- Suggest improvements
- Translate Legal guidance and regulatory requirements into policies, standards, and control expectations, ensuring clear articulation of compliance requirements for first-line teams
- Provide oversight and maintain existing governance frameworks and standards for core privacy program areas, including:
- Data subject rights (DSAR) processes and SLAs
- Data protection impact assessment (DPIA) governance and documentation standards
- Consent and preference management expectations
- Data retention and deletion requirements
- Partner with Product and Engineering to advise on and review the design and implementation of privacy controls, ensuring alignment to regulatory expectations while maintaining second-line independence
- Provide independent oversight and effective challenge of first-line privacy control environments, including review of control design, identification of gaps, and tracking of remediation actions
- Oversee privacy incident and breach response processes from a governance perspective, including review of escalation, documentation, and outcomes, in coordination with Legal on notification requirements
- Maintain privacy risk registers and support risk assessment processes, including DPIA oversight, issue identification, and remediation tracking
- Monitor adherence to privacy requirements and control expectations, including data subject rights processes, consent management, and regulatory obligations, and escalate issues where gaps are identified
- Coordinate second-line input, review materials, and track remediation actions for audits, regulatory examinations, and bank partner reviews
- Partner with third-party risk functions to provide second-line oversight of privacy considerations in vendor and merchant onboarding and monitoring processes
- Collaborate with international compliance and DPO functions to support consistent application of privacy governance frameworks, without assuming DPO accountability
- Support privacy training and awareness by defining requirements and reviewing program effectiveness in coordination with first-line execution teams
Requirements
- 6–10+ years of experience in privacy compliance, regulatory compliance, risk management, or a related control function, preferably within financial services, fintech, or a regulated environment
- Strong understanding of U.S. privacy laws (e.g., CCPA/CPRA, GLBA) and familiarity with international regimes (e.g., GDPR, UK GDPR)
- Experience operating within a second-line of defense model, including governance, oversight, and independent challenge of first-line control environments
- Demonstrated ability to translate regulatory requirements into policies, standards, and control expectations (not direct control ownership or legal interpretation)
- Experience reviewing control design and effectiveness, including participation in audits, regulatory exams, or control testing programs
- Strong cross-functional partnership skills, with the ability to influence Product, Engineering, and Operations without direct ownership
- Sound judgment and ability to escalate and manage regulatory risk appropriately
Qualifications
- Bachelor’s degree or equivalent practical experience; relevant certifications (e.g., CIPP, CIPM) are a plus
Skills
- Excellent communication and collaboration skills
- Ability to work independently and as part of a team
- Strong analytical and problem-solving skills
- Knowledge of regulatory compliance frameworks
Benefits
- Competitive base pay range
- Flexible spending wallets
- Time off
- Employee Stock Purchase Plan (ESPP)
- Health care coverage
- Subsidized medical, dental, and vision coverage for you and your dependents
- Remote work options