Data Privacy Engineer

About The Position

Requirements

• Bachelor's degree in Information Security, Privacy, Law, Business, Computer Science, or related field, or equivalent professional experience.
• 3-6+ years of experience in privacy engineering, data engineering, security engineering, or technical privacy/compliance programs.
• Working knowledge of U.S. state privacy regulations (e.g., CCPA/CPRA and other emerging frameworks) and the ability to translate requirements into technical controls.
• Experience implementing or supporting DSAR workflows, consent/preference enforcement, retention/deletion processes, and/or data discovery, classification, and data mapping initiatives.
• Experience partnering with Legal/Compliance, Security, Engineering, IT, and business units to deliver technical solutions under regulatory and delivery timelines.
• Strong understanding of privacy principles and regulatory requirements, with the ability to translate obligations into technical requirements and system controls.
• Ability to design, implement, and validate privacy controls across applications, APIs, data pipelines, and third-party integrations.
• Strong delivery skills (planning, prioritization, and execution) with experience working in Agile/SDLC processes and managing work through tickets/backlogs.
• Strong written and verbal communication skills, including the ability to document technical designs and explain privacy concepts to both technical and non-technical stakeholders.
• Detail-oriented with strong analytical and troubleshooting skills, including comfort working with datasets, logs, and system behavior to identify gaps and validate fixes.
• Ability to work independently while collaborating across engineering, security, and business teams to deliver scalable solutions.

Nice To Haves

• Experience in hospitality, retail, or consumer-facing industries where large volumes of consumer data are processed, including omnichannel and digital platforms.
• Hands-on experience with privacy and security tooling such as privacy management/consent platforms (e.g., OneTrust, TrustArc), data discovery/classification (e.g., BigID, Securiti), DLP, IAM, SIEM/logging, and/or ticketing/automation workflows.
• Certified Information Privacy Professional (CIPP/US)
• Certified Information Privacy Manager (CIPM)
• Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), or related security/cloud certification

Responsibilities

• Monitor and interpret evolving data privacy regulations including CCPA/CPRA, Virginia CDPA, Colorado CPA, Connecticut CTDPA, Texas TDPSA, Florida Digital Bill of Rights, and other emerging state privacy laws.
• Assist in the development, maintenance, and operationalization of the organization's data privacy program, policies, and procedures.
• Conduct privacy risk assessments and support Privacy Impact Assessments (PIAs) or Data Protection Impact Assessments (DPIAs) for new initiatives involving personal data.
• Maintain and update data inventories and data flow mappings to ensure visibility into how personal data is collected, stored, processed, and shared.
• Coordinate and manage Data Subject Access Requests (DSARs) and other consumer rights requests including access, deletion, correction, and opt-out requests.
• Work with internal stakeholders to ensure timely and compliant responses within statutory timelines.
• Maintain documentation and reporting related to privacy requests and regulatory obligations.
• Conduct vendor privacy reviews and assessments to evaluate third-party data protection practices.
• Support contract reviews and assist Legal in ensuring appropriate data protection and privacy clauses are included in vendor agreements.
• Monitor vendor compliance with data protection requirements and coordinate remediation efforts where necessary.
• Collaborate with IT, Marketing, HR, Product, and Digital teams to integrate privacy considerations into new technologies, campaigns, and business initiatives.
• Provide guidance on data minimization, consent management, retention policies, and responsible data use.
• Support implementation and operational management of privacy technology platforms (e.g., consent management, DSAR workflow tools, data discovery solutions).
• Track privacy program metrics, including DSAR volumes, response times, and vendor assessment outcomes.
• Prepare reports for leadership on privacy compliance posture, risks, and program maturity.
• Assist in developing and delivering privacy training and awareness programs for employees.