Sr. Privacy Program Specialist

About The Position

Requirements

• Bachelor's degree
• 5 years of experience in privacy program operations, with hands-on responsibility for DSRs, privacy assessments, or DPA management
• Experience with consent management platforms (OneTrust, TrustArc, Transcend, or similar)
• Understanding of GDPR, CCPA/CPRA, and other major privacy regulations, sufficient to operationalize legal requirements
• Familiarity with tracking technologies, cookies, and tag management from a compliance perspective
• Strong project management skills and attention to detail with the ability to manage multiple concurrent workstreams
• Hands-on experience using AI tools to build automations or streamline compliance workflows and scale operations
• Strong written communication skills for documentation, reporting, and cross-functional coordination

Nice To Haves

• CIPP/US, CIPP/E, or CIPM certification
• Experience at a SaaS, marketing technology, or B2B platform company
• Familiarity with HIPAA privacy requirements
• Experience building or improving privacy program automation
• Exposure to privacy engineering concepts or technical privacy implementations
• Experience at a public company or company preparing for IPO

Responsibilities

• Own the day-to-day operation of HighLevel's privacy program, ensuring compliance processes run smoothly and efficiently
• Manage and optimize our consent management platform, ensuring it accurately reflects HighLevel's data practices and regulatory requirements
• Build and maintain privacy program documentation, including records of processing activities, data inventories, and compliance evidence
• Monitor for new privacy regulations and assess their impact on HighLevel, working with legal counsel to determine necessary changes
• Track regulatory deadlines, certification renewals, and compliance milestones
• Own the end-to-end data subject rights request (DSR) process, from intake through fulfillment and response
• Build and refine DSR workflows to improve response times, reduce manual effort, and ensure consistent handling
• Coordinate with engineering and product teams to fulfill complex requests requiring technical data retrieval
• Maintain DSR metrics and reporting to demonstrate compliance and identify process improvements
• Own the operational workflow for Data Protection Impact Assessments (DPIAs) and Privacy Impact Assessments (PIAs), creating and managing the end-to-end process from intake through completion.
• Develop and maintain assessment templates, intake processes, and taking systems that enable assessments to scale without bottlenecks.
• Work with product and engineering teams to gather necessary information and document privacy considerations
• Track assessment findings and ensure remediation items are addressed
• Coordinate DPA reviews with commercial counsel, managing the intake, tracking, and completion of data processing agreements
• Maintain DPA templates and clause libraries, flagging deviations for legal review
• Support vendor privacy assessments, ensuring third parties meet HighLevel's data protection requirements
• Track DPA obligations and renewal dates
• Own the operational process for managing tracking technologies, pixels, and cookies deployed across HighLevel properties, building workflows that give the legal team visibility without creating bottlenecks for marketing
• Work with the marketing team to establish a process for identifying and flagging new tracking technologies as they’re added to the consent management platform
• Ensure tracking implementations align with consent requirements and privacy disclosures
• Coordinate cookie banner updates and consent preference changes with relevant teams
• Monitor for unauthorized tracking deployments and coordinate remediation
• Continuously improve tracking compliance processes, identifying opportunities for automation and clear handoffs between teams