Privacy Senior Associate

About The Position

Requirements

• Bachelor's degree required; advanced degree (Master's or JD) a plus.
• 2–3 years of experience in global privacy, data protection, or risk/governance roles.
• Certification strongly preferred: AIGP, CIPP/US, CIPP/E, CIPP/A, CIPP/AI, CIPM, or equivalent.
• Strong understanding of global privacy regulations (GDPR, CCPA/CPRA, DPDP Act, etc.).
• Strong analytical, research, and critical-thinking skills.
• Excellent written and verbal communication skills.
• Ability to work independently with limited oversight (required for Senior Associate), prioritize tasks, and manage ambiguity.

Nice To Haves

• Experience with privacy tools (OneTrust, TrustArc, Collibra, DataGrail, etc.).
• Experience collaborating with Marketing teams.
• Experience reviewing contracts, DPAs, and technical documentation.

Responsibilities

• Respond to internal inquiries submitted to [email protected], providing foundational assessments and escalating to senior SMEs where needed.
• Developing Firmwide Training and supporting related training activities.
• Support internal privacy awareness initiatives, including training materials, intranet updates, and knowledge articles.
• Create and maintain documentation, including policies, standards, and risk mitigation plans.
• Prepare metrics, dashboards, and reports for privacy program operations and leadership updates.
• Continuously track and assess evolving global privacy regulations, guidance from data protection authorities, and industry standards, translating developments into actionable compliance recommendations. Scoping and executing internal compliance monitoring activities.
• Maintain and update privacy notices and consent mechanisms.
• Operate with the independent judgment expected at the Senior Associate level.
• Create, maintain, and enhance data flow diagrams and data inventories for various business processes.
• Conduct and document Privacy Impact Assessments (PIAs), Data Protection Impact Assessments (DPIAs), AI Risk Assessments, and transfer impact analyses (TIAs).
• Analyze data lifecycle processes to identify gaps, privacy risks, and areas requiring remediation.
• Assist in monitoring compliance with global data protection regulations (GDPR, CCPA/CPRA, DPDP Act, HIPAA, PCI DSS etc.).
• Demonstrate familiarity with Governance, Risk, and Compliance (GRC) software—preferably ServiceNow GRC or similar platforms—to support workflow management, risk tracking, and documentation within privacy and AI governance processes.
• Work autonomously to deliver assessments and provide recommendations.
• Work collaboratively with Legal, InfoSec, Firm IT, Data Governance, and other enabling functions.
• Participate in meetings with business unit leaders as needed.
• Support enterprise-level privacy initiatives, including cross-BU project coordination.
• Collaborate with Marketing functions to review and advise on privacy requirements for email campaigns, consent management, cookie compliance, ad targeting, and other marketing activities involving personal data.
• Acts as a trusted subject-matter contributor rather than an entry-level support role.
• Support product, engineering, and business teams by advising on privacy-by-design practices throughout the product lifecycle.
• Perform privacy reviews of new software, systems, and tools, especially those involving personal or sensitive personal data and/or AI capabilities.
• Document identified risks and propose practical mitigation strategies.
• Assist with evaluating privacy/security terms in vendor contracts, Data Protection Agreements, and other related artifacts.
• Partner with Legal, InfoSec, IT, and Crowe Studio to ensure alignment with Crowe policies and standards.
• This role performs these assessments independently with limited oversight, consistent with Senior Associate expectations.
• Maintain regulatory watchlists and contribute to policy updates.
• Provide support for audits and evidence collection for compliance reviews.
• Contribute proactively as expected of a Senior Associate.