Data Privacy Officer (DPO)

Job Summary

We are seeking an experienced Data Privacy Officer to lead the company’s privacy program and ensure compliance with applicable data protection laws, regulations, and internal policies. The successful candidate will develop, implement, and maintain privacy governance, risk management, and data protection controls across the organization. This role will partner with Legal, Security, Compliance, IT, HR, Product, and business stakeholders to manage privacy risks, support privacy-by-design initiatives, respond to data subject rights requests, and prepare for regulatory inquiries and assessments.

Key Responsibilities

Privacy Program Development & Governance

• Design, implement, and maintain a comprehensive privacy program aligned with global data protection frameworks (e.g., GDPR, CCPA/CPRA, LGPD) and industry best practices.

• Develop and maintain privacy policies, procedures, standards, and playbooks; ensure documentation is current and accessible to relevant stakeholders.

• Establish and chair cross-functional privacy governance forums to oversee data protection initiatives, risk remediation, and accountability mechanisms.

Risk Assessment & Compliance

• Conduct privacy risk assessments, DPIAs (Data Protection Impact Assessments), and vendor privacy reviews to identify and mitigate privacy risks associated with new and existing products, services, and third-party relationships.

• Map data flows and maintain records of processing activities (RoPA); classify personal data and recommend appropriate retention, minimization, and protection measures.

• Monitor regulatory developments and perform gap assessments against applicable legal requirements; drive remediation plans to achieve and sustain compliance.

Privacy Operations & Incident Response

• Manage processes for handling data subject access requests, erasure requests, objection requests, and other privacy-related inquiries in accordance with legal timelines and internal SLAs.

• Lead privacy aspects of incident response activities, coordinate cross-functional investigations for data breaches, assess risk, and advise on regulatory notification and remediation steps.

• Oversee privacy-related vendor contracts, data processing agreements, and ensure appropriate technical and organizational measures are in place with third parties.

Training, Awareness & Advisory

• Develop and deliver privacy training, awareness campaigns, and role-based guidance to employees, contractors, and business partners.

• Provide practical privacy advice to Product, Engineering, Marketing, HR, and other teams to enable privacy-by-design and privacy-friendly feature development.

• Act as the primary internal advisor on privacy requirements for new projects, major releases, and cross-border data transfers.

Required Qualifications - Skills & Experience

• Bachelor’s degree in Law, Information Security, Privacy, Business, or a related field, or equivalent practical experience.

• 5+ years of experience in privacy, data protection, compliance, or related roles with demonstrated ownership of privacy program activities.

• Strong knowledge of global privacy laws and frameworks (e.g., GDPR, CCPA/CPRA) and experience applying them in a commercial environment.

• Proven experience conducting DPIAs, vendor privacy assessments, and managing data subject rights processes.

• Excellent written and verbal communication skills with the ability to explain complex privacy requirements to technical and non-technical audiences.

• Demonstrated ability to work cross-functionally, influence stakeholders, and manage competing priorities in a fast-paced environment.

• Familiarity with privacy-enhancing technologies, data mapping tools, GRC platforms, and incident response processes.

Preferred Qualifications

• Relevant certifications such as CIPP/US, CIPP/E, CIPM, CIPT, or equivalent privacy certifications preferred.

• Experience working with multinational organizations and managing cross-border data transfer mechanisms (e.g., SCCs, BCRs, Adequacy assessments).

• Background in information security, compliance, or legal functions with prior exposure to security controls and cloud-native environments.

• Experience supporting regulatory investigations, audits, or responding to supervisory authority inquiries is a plus.

Work Environment & Compensation

• Full-time role with a hybrid onsite/remote work model; occasional travel may be required for stakeholder meetings or regulatory engagements.

• Competitive salary commensurate with experience and a comprehensive benefits package, including health insurance, retirement plan options, and paid time off.

• Opportunities for professional development, certification support, and career progression within Privacy, Legal, Compliance, and Risk functions.

• Inclusive, respectful workplace culture that values diversity, equity, and work-life balance.