Data Governance Lead

About The Position

Requirements

• 5+ years in data governance, data privacy, or a closely related discipline — with meaningful experience at a technology company handling large-scale or sensitive datasets.
• Hands-on experience conducting and owning DPIAs, privacy assessments, and data protection documentation — ideally in a context where these were reviewed by external auditors or regulators.
• Deep working knowledge of GDPR, CCPA/CPRA, and the EU AI Act — and the ability to translate regulatory requirements into concrete, operationalizable policies and controls.
• Experience with training data provenance, dataset licensing, and consent management in an ML or AI context — you understand why labeler provenance and data lineage matter for model accountability, not just compliance.
• Familiarity with compliance-as-code approaches: you've worked with or built automated data validation gates, policy-enforcement pipelines, or pre-deployment checks tied to data quality and compliance metadata.
• Technical fluency with cloud data infrastructure (AWS, GCP, or Azure), data warehouses (BigQuery, Snowflake), and data cataloging or lineage tools — enough to design controls and engage credibly with engineering teams.
• Experience building and maintaining risk registers, evidence stores, and audit documentation — you know what "regulator-grade" evidence looks like in practice.
• Demonstrated ability to drive cross-functional alignment across Legal, Security, Research, and Engineering, including influencing without formal authority in a fast-moving environment.
• A builder's mindset: you're energized by 0→1 work, comfortable creating structure where little exists, and pragmatic enough to ship imperfect-but-useful processes on the way to ideal ones.

Nice To Haves

• Relevant certifications (CDMP, CIPP/E, or similar) are a plus — but track record and demonstrated impact matter more than credentials.

Responsibilities

• Produce audit-ready data provenance records and training-data summaries for every production model — documenting origin, transformations, labeler provenance, and data quality so we can satisfy auditors, enterprise customers, and regulators on demand.
• Own Data Protection Impact Assessments (DPIAs) end-to-end: drive them to completion with Legal, and publish DPIA outputs alongside model documentation to meet EU AI Act and GDPR expectations.
• Enforce prohibited-source and license controls at data intake — preventing risky or non-compliant data from ever reaching a training run — and maintain a verified provenance and approval log for all vendor datasets.
• Keep the company DSAR-ready by producing lineage reports that map model outputs back to source data and subject controls, enabling timely and accurate responses to data subject requests.
• Assemble and maintain defensible evidence bundles — data manifests, DPIAs, consent and license records — into the enterprise evidence store so that audits and customer security reviews are straightforward and fast.
• Log data findings in the risk register, drive remediation with the relevant owners, and report residual risk to governance forums and senior leadership on a regular cadence.
• Partner with Research, Engineering, Legal, and Security to establish data ownership structures, access controls, and stewardship practices across all training, evaluation, and internal data assets.
• Champion a culture of data literacy and responsible data use — building runbooks, intake checklists, and guidelines that help teams make confident, compliant decisions without bottlenecking on you.

Benefits

• Comprehensive medical, dental, vision, life, and disability insurance.
• Fully paid parental leave for all new parents, including adoptive and surrogate journeys.
• Financial support for family planning.
• Paid time off when you need it.
• Relocation support.
• Lunch and dinner are provided daily.
• Regular off-sites and team celebrations.