Data Privacy Analyst

About us : We're looking for a Data Privacy Analyst to help build and mature our privacy program as we scale. This is a hands-on, mid-level role at the center of how we collect, use, and protect customer data working closely with product, engineering, legal, and compliance teams to embed privacy into everything we do. You'll bring both regulatory fluency and practical judgment, translating complex privacy requirements into clear, workable guidance for the business.What You'll Do Privacy Operations & Data Subject Rights • Work directly with General Counsel to comply with the latest Legal regulations as well as any privacy issues the company is facing. • Manage the end-to-end data subject request (DSAR) process — work with Customer Service teams to help refine the following workflows: deletion, correction, and opt-out requests — ensuring timely and accurate fulfillment in line with CCPA/CPRA and applicable state privacy laws. • Maintain and improve workflows, tooling (e.g., DataGrail, OneTrust, or similar), and internal documentation to support scalable, audit-ready privacy operations. • Serve as a point of contact for consumer privacy inquiries, coordinating across teams to resolve requests efficiently and transparently. • Partner with product and engineering teams to assess privacy implications of new features, data pipelines, and third-party integrations — providing practical, risk-based guidance early in the development lifecycle. • Conduct Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs) for high-risk processing activities, and track remediation of identified risks.Data Mapping & Governance • Own and maintain the organization's data inventory and data flow mapping — documenting what personal data we collect, where it lives, how it's used, and who it's shared with. • Identify gaps in data handling practices and work cross-functionally to drive remediation. • Support records of processing activities (RoPA) and ensure documentation stays current as the business evolves.Policy, Notices & Vendor Privacy • Work with Legal team to draft, review, and maintain privacy policies, cookie notices, internal data handling standards, and consumer-facing disclosures — ensuring accuracy and regulatory alignment. • Review and negotiate data processing agreements (DPAs) and vendor contracts from a privacy standpoint, in partnership with legal. • Conduct third-party privacy assessments to evaluate vendor data practices and flag risks before onboarding.Compliance & Cross-Functional Support • Monitor the evolving state privacy law landscape (CCPA/CPRA, VCDPA, CPA, and emerging state laws) and assess the impact of regulatory changes on business practices. • Collaborate with the GRC and security teams on overlapping compliance activities — including audit support, policy alignment, and risk reporting. • Collaborate with the GRC and security teams on overlapping compliance activities — including audit support, policy alignment, and risk reporting. • Contribute to privacy training and awareness programs to build a culture of responsible data handling across the organization.What We're Looking For • 3–5+ years of experience in data privacy, compliance, or a related field, with hands-on work in a consumer-facing or ecommerce environment. • Working knowledge of CCPA/CPRA and U.S. state privacy laws, with the ability to apply regulatory requirements to real business scenarios. • Experience managing DSARs and operating privacy tooling (e.g., DataGrail, OneTrust, Transcend, or similar).• Demonstrated ability to conduct PIAs/DPIAs and advise product and engineering teams on privacy risks.• Comfortable reviewing vendor contracts and data processing agreements. • Strong written and verbal communication skills — able to translate complex privacy requirements into clear, actionable guidance for non-legal audiences. • Bachelor's degree in Law, Information Systems, Business, or a related field, or equivalent professional experience.Preferred Qualifications • Familiarity with GDPR principles, even if not the primary regulatory focus. • Experience in ecommerce, marketplace, or consumer technology. • Exposure to GRC frameworks and ability to work across privacy and compliance functions. • Experience working with legal counsel on data agreements and regulatory inquiries.

Apply Now