Manager, Privacy Compliance
About the role
The Compliance Manager, Privacy operates within the second line of defense and is responsible for oversight and governance of the Privacy compliance program. This role translates legal and regulatory requirements into policies, standards, and control expectations, and provides independent monitoring and challenge to support effective implementation by first-line teams.
In alignment with the company’s privacy operating model, Legal retains responsibility for regulatory interpretation and legal advisory, while Product, Engineering, and Operations own the implementation and execution of controls. This role partners with those teams to drive compliant outcomes while maintaining second-line independence.
Responsibilities
- Support oversight of the existing Privacy compliance program across jurisdictions, with primary focus on U.S. requirements and alignment to global privacy obligations, where required suggest improvements.
- Translate Legal guidance and regulatory requirements into policies, standards, and control expectations, ensuring clear articulation of compliance requirements for first-line teams.
- Provide oversight and maintain existing governance frameworks and standards for core privacy program areas, including:
- Data subject rights (DSAR) processes and SLAs
- Data protection impact assessment (DPIA) governance and documentation standards
- Consent and preference management expectations
- Data retention and deletion requirements
Requirements
- 6–10+ years of experience in privacy compliance, regulatory compliance, risk management, or a related control function, preferably within financial services, fintech, or a regulated environment.
- Strong understanding of U.S. privacy laws (e.g., CCPA/CPRA, GLBA) and familiarity with international regimes (e.g., GDPR, UK GDPR).
- Experience operating within a second-line of defense model, including governance, oversight, and independent challenge of first-line control environments.
- Demonstrated ability to translate regulatory requirements into policies, standards, and control expectations (not direct control ownership or legal interpretation).
- Experience reviewing control design and effectiveness, including participation in audits, regulatory exams, or control testing programs.
- Strong cross-functional partnership skills, with the ability to influence Product, Engineering, and Operations without direct ownership.
- Sound judgment and ability to escalate and manage regulatory risk appropriately.
- Bachelor’s degree or equivalent practical experience; relevant certifications (e.g., CIPP, CIPM) are a plus.
Qualifications
- Passion for privacy and security, with a deep understanding of privacy laws and regulations.
- Excellent communication and collaboration skills, with the ability to work effectively with cross-functional teams.
- Ability to manage multiple projects simultaneously and meet tight deadlines.
- Strong analytical and problem-solving skills, with the ability to identify and address complex privacy challenges.
- Experience working in a fast-paced, dynamic environment with a high level of confidentiality and sensitivity.
Skills
- Knowledge of privacy laws and regulations, particularly in the U.S. and internationally.
- Experience in privacy program development, implementation, and governance.
- Strong project management and stakeholder engagement skills.
- Ability to communicate complex technical concepts to non-technical stakeholders.
- Experience with privacy risk assessments and incident response planning.
Benefits
Base pay is part of a total compensation package that may include equity rewards, monthly stipends for health, wellness and tech spending, and benefits (including 100% subsidized medical coverage, dental and vision for you and your dependents.)
USA base pay range (CA, WA, NY, NJ, CT) per year: $165,000 - $225,000
USA base pay range (all other U.S. states) per year: $146,000 - $206,000