Privacy Manager
BitGo · San Francisco, CA · 2 wk ago
Legal$140k–$165k/yrFull-time
About the role
This role will require being full-time onsite at our San Francisco office to support collaborative team dynamics and innovative problem-solving.
Responsibilities
- Partner with BitGo Legal Department to build a global privacy program and execution for all internal and external privacy needs and requests.
- Privacy is an explicit, designated Security responsibility. BitGo is global and needs a single, accountable owner to operationalize privacy, reduce reliance on contractors, and meet regulatory requirements.
- Run privacy request operations end-to-end
- Serve as the Data Protection Officer where required by law
- Lead the preparation and submission of mandatory data protection impact assessments (DPIAs) and/or privacy risk assessments (PRAs) to supervisory authorities when required by law.
- Partner with Legal in lock step
- Build and maintain core privacy program governance (lean but audit-ready)
- Vendor and procurement privacy
- Personal data incident support
- Metrics and continuous improvement
What success would look like (first 6 months)
- A single global intake and case workflow is live, with documented triage rules, deadlines, templates, and evidence retention.
- Contractor reliance is materially reduced for routine privacy requests and program maintenance.
- Data inventory and processing records are maintained and used in real workflows (requests, product reviews, vendor reviews).
- Privacy reviews are embedded into product and vendor change processes with predictable turnaround.
- Executive-ready metrics exist and show improving cycle time and decreasing backlog.
Required qualifications
- 7 or more years with proven ability to build and run a privacy program with operational responsibility and hands-on execution of privacy requests at scale.
- Strong experience partnering with attorneys and translating legal requirements into operational controls.
- Oversee the formal creation and maintenance of the Record of Processing Activities (ROPA), including its periodic review and updates to ensure compliance with Article 30 of the GDPR (or equivalent local mandates).
- Excellent writing and documentation discipline (regulator-ready and audit-ready records).
Preferred qualifications
- Prior experience formally serving as a Data Protection Officer.
- Experience in financial services, payments, custody, or other highly regulated environments.
- Experience building privacy workflows in ticketing and documentation systems and producing evidence packages for audits and regulators.