GRC Analyst, Privacy

About The Position

Requirements

• Strong understanding of global privacy laws and frameworks, with the ability to apply them practically
• Excellent analytical and problem-solving skills, with attention to detail in documenting processes and evidence
• Proficiency in escalating technical compliance issues and collaborating with engineering teams
• Effective communication skills for interacting with customers, stakeholders, and internal teams
• Ability to work independently in a fast-paced environment while prioritizing compliance tasks
• Bachelor's degree in Information Security, Law, Business, or a related field; relevant certifications (e.g., CIPP, CIPM, or CISSP) are highly preferred
• 2+ years of experience in GRC, privacy, or compliance roles, ideally in a SaaS or tech environment handling sensitive personal data
• 2+ years of experience in managing high-volume data subject access requests (DSARs) and opt-out processes under GDPR, CCPA, and similar regulations
• Familiarity with compliance tools like Vanta or similar platforms for evidence management and policy updates
• Experience responding to customer security questionnaires and vendor risk assessments

Nice To Haves

• Knowledge of additional compliance standards (e.g., ISO 27001, SOC 2)
• Experience with data mapping, privacy impact assessments (PIAs), or incident response in a privacy context
• Technical aptitude for understanding SaaS infrastructure and data flows

Responsibilities

• Data Subject Request Management: Execute and optimize processes for handling data subject requests, including data deletion, opt-out from data sharing, and access inquiries, ensuring timely and accurate responses in line with legal requirements
• Privacy and Compliance Expertise: Stay current with and interpret various privacy and compliance frameworks (e.g., GDPR, CCPA/CPRA, and applicable state laws) to guide company practices and ensure ongoing adherence
• Customer Security Support: Assist in responding to security and privacy questionnaires from prospective and existing customers, with a particular focus on privacy, data protection, and compliance-related questions
• Compliance Maintenance and Remediation: Monitor and maintain compliance using our platform (Vanta), including uploading evidence of controls, refreshing policies as needed, and escalating technical issues to engineering teams for remediation when flagged
• Third-Party Risk Management: Work with our partners and vendors to identify and monitor third-party risk, and guide them to improve over time
• Risk Assessment and Reporting: Conduct regular reviews of privacy risks, contribute to internal audits, and prepare reports on compliance status for leadership
• Cross-Functional Collaboration: Work closely with legal, engineering, and customer success teams to integrate privacy-by-design principles and resolve compliance gaps efficiently