Compliance Officer, ECRM

About The Position

Requirements

• A Proven Project Manager: You have experience managing complex regulatory or privacy related projects end to end, coordinating multiple stakeholders and work-streams to deliver on time and to a high standard. You can prioritize competing privacy initiatives and you are comfortable tracking actions, owners, and deadlines. You have a minimum of 2 years of experience in a regulated environment such as financial services, healthcare, or another highly regulated sector.
• A Regulatory Compliance Specialist: You have a solid understanding of privacy and data protection concepts, and how they intersect with broader compliance obligations. You are familiar with frameworks such as GDPR and key US privacy laws, and are interested in or exposed to related regimes. You are comfortable interpreting policy and regulatory guidance into practical controls, procedures, and documentation that can be embedded into day to day operations.
• An Advocate for the Client: You can empathize with internal and external stakeholders who rely on trustworthy data handling, including customers and internal business teams. You understand how privacy commitments, notices, and contractual obligations translate into operational requirements, and you can articulate privacy impacts in clear, business friendly language. You can take stakeholder feedback on privacy risks and turn it into clear requirements for product, engineering, and process owners.
• Communication and Collaboration oriented: You are skilled at gathering information from business owners, product teams, data owners, and champions, and converting that into accurate playbooks. You are comfortable using written communication, collaboration tools, and video calls so that stakeholders feel heard and understand what is required of them.
• Entrepreneurial: You can see beyond current constraints in tools or processes and spot opportunities to make privacy operations scalable and repeatable. Where others see manual work arounds, you see the chance to improve templates, build better workflows, and partner with product and engineering to integrate privacy into systems by design. You are motivated by building or refining privacy capabilities in emerging areas.
• Passionate: You understand the value that a strong privacy posture brings to the business, especially in regulated and enterprise client contexts. You take pride in helping the organization earn and maintain trust by reducing privacy risk and ensuring that privacy by design principles are embedded into new products, features, and data uses.
• A Problem-Solving Investigator: You are comfortable tracing data flows across systems, teams, and vendors to understand where data originates, how it is processed, and where risks may arise. You are willing to dive into details to support remediation work, using your knowledge of internal systems and stakeholders to surface root causes and practical solutions. You can synthesize findings into clear documentation that supports both management decision making and regulatory readiness.

Responsibilities

• Support investigations into privacy related inquiries and issues, including potential incidents, near misses, and data handling concerns, ensuring responses are timely, structured, and well documented.
• Work with business and technical owners to capture accurate, current information on data uses, purposes, legal bases, transfers, and retention.
• Support on privacy assessment processes, including scoping, information gathering, risk analysis, documentation of mitigations, and follow up on agreed actions.
• Partner closely with colleagues in ECRM, Legal, Security, Product, Engineering, and relevant business units, as well as the data privacy champion network, to embed privacy controls into day to day operations.
• Develop and improve privacy related policies, standards, procedures, and model responses, including playbooks for incident response, data subject rights, and regulatory inquiries.
• Serve as a go to privacy resource for the wider organization when questions arise about new data uses, system changes, third party processors, or potential privacy risks, escalating complex matters to Senior Management and Legal as appropriate.
• Diagnose privacy issues across processes and systems, propose pragmatic remediation steps, and track completion of those actions to closure, including for RoPA and DPIA related findings.
• Perform analysis on privacy metrics and trends to identify opportunities to improve processes, system configurations, and training for the data privacy champion network and broader teams.
• Communicate clearly and effectively, both verbally and in writing, including preparing concise summaries, dashboards, and reports for Senior Management in ECRM.
• Measure and report on the impact of privacy initiatives and projects, including progress on RoPA completeness, DPIA coverage, incident response timelines, and the maturity of new domains such as HIPAA and AI governance.

Benefits

• You may also be offered equity, and a generous benefits program.