Privacy and AI Governance Jobs

Our client, a global and highly diversified technology organization, is seeking a Privacy Attorney to support its team on a long-term contract basis. This role will focus on drafting and reviewing privacy-related provisions across SaaS agreements, marketing agreements, and software licensing matters, with the opportunity to contribute to broader legal work depending on experience. The ideal candidate brings strong privacy expertise, and any litigation background is a plus, as there may be occasional support needed on motions and briefs. This engagement is expected to be up to 20 hours per week as an ongoing contract. This is a fully remote position and candidates must be licensed attorneys with the requisite skills and experience.

#LI-MF1 #LI-REMOTE Job ID: 7551

Our client is immediately seeking a Contract Privacy Analyst, PIA Consultant. This privacy analyst will report directly to the Chief Privacy Officer and be responsible for managing and executing all aspects of the Privacy Impact Assessment (PIA) process. This role will oversee the intake, review, risk identification, stakeholder coordination, documentation, and follow-up activities associated with PIAs to ensure compliance with organizational privacy requirements and policies. The Privacy Analyst will collaborate with business units, technology teams, legal counsel, and project stakeholders to evaluate new and existing initiatives involving the collection, use, sharing, and protection of personal information. The ideal candidate will have experience conducting Privacy Impact Assessments, preferably within a government or public-sector environment, and familiarity with privacy management platforms such as OneTrust. This position requires strong analytical, communication, and organizational skills, the ability to work independently with minimal supervision, and the capability to manage multiple concurrent assessments while working effectively as part of a collaborative privacy team. Any individual with hands-on OneTrust experience will be considered first. #LI-MS1 #LI-REMOTE Job ID: 7555

What you'll do

Support the execution of Trustly's privacy strategy for the EU and UK region, ensuring compliance with the EU GDPR, UK GDPR, Data Protection Act 2018, ePrivacy Directive, and national data protection laws across EU member states.

Conduct privacy impact assessments and DPIAs for new products, services, features, and business initiatives.

Provide practical, business-focused legal advice on privacy matters to internal stakeholders.

Advise on data subject rights requests (including rights to access, erasure, portability etc).

Support privacy breach preparedness and incident response efforts for the EU and UK region, including contributing to incident response plans, coordinating breach investigations, and managing notifications to supervisory authorities and communications to data subjects.

Advise on and support the negotiation of data processing agreements, data transfer mechanisms (including standard contractual clauses, adequacy decisions, and other transfer tools), and privacy terms with vendors, partners, and customers.

Monitor legislative and regulatory developments affecting privacy and data protection in the EU and UK, including tracking national implementations of EU directives and regulations, providing timely analysis and recommendations to senior leadership.

Collaborate closely with the global Privacy & DPO team to ensure alignment on privacy strategies, share best practices, and coordinate cross-regional privacy initiatives.

Develop and maintain privacy documentation, including records of processing activities, legal advice notes and privacy compliance registers.

Support privacy-related audits, assessments, and due diligence activities.

Who you are

Law degree (LLB, LLM, or equivalent) and qualified solicitor, barrister, or equivalent legal qualification in an EU member state or the UK.

Minimum of 3-5 years of experience as a privacy lawyer (including demonstrated experience advising on GDPR, UK GDPR, and national data protection laws).

Demonstrated experience in the FinTech or the payment services sector, with knowledge of the unique privacy challenges and regulatory landscape affecting payments and financial technology companies would be a bonus.

Experience working as part of a global privacy team, with proven ability to collaborate effectively across multiple jurisdictions and time zones.

Demonstrated experience handling data subject rights requests and data disclosure requests from law enforcement authorities.

Strong knowledge of EU and UK privacy laws and regulations, including GDPR, UK GDPR, Data Protection Act 2018, ePrivacy Directive, and national data protection laws across the EU

Experience advising on cross-border data transfers, including standard contractual clauses, adequacy decisions, and other transfer mechanisms.

Relevant professional privacy certifications (e.g., CIPP/E, CIPM, CIPT) are highly desirable.

Strong interpersonal and communication skills and the ability to explain complex legal issues in simple terms.

Entrepreneurial and creative by nature, with a bias for action.

Strong legal drafting skills, with experience developing privacy policies, notices, consent mechanisms, data processing agreements, and controller-processor agreements.

Strong project management skills and ability to manage multiple complex privacy initiatives simultaneously.

Proven ability to provide practical, business-oriented privacy advice that balances legal compliance with business objectives.

Experience managing data breach incidents, including regulatory notifications to supervisory authorities and communications with affected data subjects.

Strong analytical and problem-solving skills, with the ability to assess privacy risks and develop pragmatic solutions.

Willingness to work flexible hours to collaborate with global privacy team members across different time zones.

Posting Open Date: 6/22/26

Anticipated Posting Close Date*: 8/22/26

*Job posting may close early due to the volume of applicants.

Senior Privacy and Regulatory Counsel

We are looking for a Senior Privacy and Regulatory Counsel to join our Legal team. The person will lead our privacy program and provide legal guidance around artificial intelligence, data protection, and other emerging regulatory topics. This is a great opportunity for a thoughtful, pragmatic, and collaborative attorney with strong business instincts who wants to help shape innovative edge cloud technologies. We are seeking candidates who value working on a strong and diverse team and want to contribute to creating a welcoming, inclusive and supportive environment. This position reports to the Assistant General Counsel leading the Product, Technology, and Regulatory team, and will be based out of one of our offices with a preference for San Francisco, CA.

What You'll Do:

• Domain Leadership: Architect, scale, and lead a global privacy program, managing stakeholder engagement across the company
• Regulatory Strategy: Manage compliance strategy for emerging regulatory and technical issues related to cutting-edge products and new jurisdictions, including evolving cybersecurity, critical infrastructure, and AI regulations (e.g., NIS2, CRA, ISP-specific frameworks, global privacy laws)
• Policy Management: Design and drive internal company policies, external assets, and sales collateral addressing global privacy, data protection, and other regulatory frameworks (e.g., GDPR, EU Data Act, EU AI Act)
• Regulator Engagement: Respond to regulatory inquiries and investigations, and collaborate with outside counsel where specialized jurisdictional expertise is required
• Product Counseling: Partner closely with product and engineering teams to provide end-to-end legal guidance on product and feature development, incorporating "privacy by design" and similar principles
• Commercial Negotiations: Serve as our subject matter expert on privacy and other relevant regulations in complex customer, partner and vendor negotiations, including reviewing, drafting and negotiating agreements in collaboration with other Legal and business partners
• Talent Support: Partner with our People team to advise on global employee data protection, workforce privacy initiatives, and talent-related privacy matters.
• Incident Management: Independently manage the legal response to privacy-related incidents
• Process & Training: Draft and maintain policies, playbooks, checklists, FAQs, and training materials to improve process and streamline stakeholder engagement on privacy and regulatory matters
• Operational Support: Oversee and conduct Data Protection Impact Assessments (DPIAs), maintain Records of Processing Activities (RoPAs), and support audits, law enforcement requests, and platform-abuse process and policy

What We're Looking For:

• Education & Credentials: JD from a respected institution and membership in good standing with at least one U.S. state bar
• Experience: 8+ years of relevant legal experience, with significant in-house experience advising on global privacy and regulatory matters at a technology company, especially in the cloud or SaaS space
• Regulatory Expertise: Advanced knowledge of U.S. and global privacy and data protection laws and experience with emerging technology regulations, including AI regulatory schemes
• Program Management: Experience building and managing a privacy program and providing clear, actionable legal guidance to business, product, and engineering teams
• Technical Literacy: Technology industry experience and familiarity with technical concepts such as APIs, encryption, LLMs, and cloud architecture
• Problem-Solving: A pragmatic, solution-oriented approach to problem-solving
• Communication: Excellent written and verbal communication skills and the ability to simplify complex legal issues for a business audience
• Execution: Ability to own matters and prioritize, manage, and complete projects independently in a dynamic, evolving environment
• Collaboration: A collaborative team player who enjoys working across disciplines and values building relationships and improving processes

Work Hours:

• This position will require you to be available during core business hours.

Work Location(s) & Travel Requirements:

This position has one opening and can be hired in the following preferred office locations:

• San Francisco, CA
• New York, NY

Fastly currently embraces a largely hybrid model for most roles which allows employees flexibility to split their time between the office and home.

SF / LA Fair Chance Ordinance Statement

Pursuant to the San Francisco Fair Chance Ordinance and the Los Angeles Fair Chance Initiative for Hiring Ordinance, we will consider for employment qualified applicants with arrest and conviction records.

Salary:

The estimated salary range for this position is $211,370.00 - $253,644.

Starting salary may vary based on permissible, non-discriminatory factors such as experience, skills, qualifications, and location.

This role may be eligible to participate in Fastly’s equity and discretionary bonus programs.

Benefits:

We care about you. Fastly works hard to create a positive environment for our employees, and we think your life outside of work is important too. We support our teams with great benefits that start on the first day of your employment with Fastly. Curious about our offerings?

We offer a comprehensive benefits package including medical, dental, and vision insurance. Family planning, mental health support along with Employee Assistance Program, Insurance (Life, Disability, and Accident), a Flexible Vacation policy and up to 18 days of accrued paid sick leave are there to help support our employees. We also offer 401(k) (including company match) and an Employee Stock Purchase Program. For 2026, we offer 12 paid local holidays, 12 paid company wellness days.

At Mitratech, we are a team of innovators focused on building world-class products that simplify operations in the Legal, Risk, Compliance, and HR functions. We are a close-knit, globally dispersed team that thrives in an ecosystem that supports individual excellence and takes pride in its diverse and inclusive work culture centered around great people practices, learning opportunities, and having fun! Our culture is the ideal blend of entrepreneurial spirit and enterprise investment, enabling the chance to move at a rapid pace with some of the most complex, leading-edge technologies available.

For over 35 years, the experts at Mitratech have been focused on solving the complex needs. Today, we serve 20,000 client companies of all sizes globally, representing 30% of the Fortune 500 and over 500,000 users in over 160 countries.

As we continue to grow, we’re always looking for resourceful, enthusiastic, and fresh perspectives. Join our global team and see what makes Mitratech a truly exceptional place to work!

About the AI Platform Organization

Mitratech’s AI mission is to turn its legal data and products into a unified, safe AI platform that powers the top legal workflows in every core solution and drives meaningful gains in legal team productivity and AI-influenced revenue.

The mandate is not just to ship isolated AI features. The AI organization owns the platform, standards, and integration patterns that make it possible for product teams to ship safe, impactful AI that improves customer outcomes. The organization is designed using Team Topologies: stream-aligned product teams sit at the top, an AI Platform layer sits in the middle, and Cloud & Data Foundation sits below. This role sits in the middle layer and builds the connective tissue that powers AI across Mitratech.

About the Role

This role leads the combined AI Quality & Governance function, initially bringing together two closely related areas: Governance & Policy, and Evaluations & Observability. Over time these may grow into separate teams with separate leaders, but today they are tightly linked in both problem space and execution model.

You will own the platform that makes AI systems at Mitratech measurable, observable, governable, and production ready. The role combines platform engineering, applied AI quality, incident ownership, and practical governance implementation.

This is explicitly a hands-on leadership role. The team begins small — likely one to two direct reports — and you are expected to spend roughly half of your time writing and reviewing production code while the organization scales. Near-term success depends on a leader who wants to build as well as manage.

What You Will Do

• Own the AI evaluations and observability platform — tracing, logs, dashboards, quality signals, and operational feedback loops for prompts, model calls, tool use, and user outcomes

• Design and operationalize automated and human-in-the-loop evaluation strategies, integrating regression checks for quality, safety, latency, and cost into engineering and release processes

• Establish the standards that define production-ready AI across the organization — evaluation criteria, release gates, incident playbooks, and long-term quality metrics

• Build and operate AI guardrails and policy enforcement capabilities: content controls, PII detection and redaction, audit logging, and request- or workflow-level policy checks

• Translate emerging governance and risk expectations into working engineering systems and platform controls rather than static documentation

• Own platform-level SLOs and tier-two incident support for AI behavior issues, partnering with product teams who remain first-line owners for features they ship

• Act as an internal authority on AI quality and governance and participate in customer-facing conversations where product quality, safety, observability, or governance posture must be explained credibly

• Hire, mentor, and grow the team over time — the combined function may later evolve into separate Quality/Observability and Governance/Policy teams

What We Are Looking For

You have 8+ years of software engineering experience including meaningful experience leading engineers as a manager or technical lead. You have shipped production AI systems and have hands-on experience with the operational complexity they introduce.

• Strong experience designing and operating production backend systems and APIs

• Demonstrated hands-on experience building, shipping, or operating production AI systems — ideally including LLM-powered or agentic workflows

• Experience with AI observability, evaluation, or debugging systems — whether through platforms such as LangSmith or LangFuse, or through internally built equivalents

• Practical experience designing or operating AI guardrails: content filtering, redaction, access controls, or other controls around model or agent behavior

• Familiarity with AI governance and risk frameworks such as NIST AI RMF or ISO/IEC 42001, and the ability to engage thoughtfully with legal, compliance, and security stakeholders

• A strong bias toward hands-on execution, platform thinking, and creating paved roads for other teams

Nice to Have

• Experience in legal technology, regulated SaaS, or other environments where auditability and defensibility matter

• Experience with privacy-sensitive systems and PII handling

• Experience participating in AI incident reviews, red-team exercises, or internal review boards for production AI systems

The Stack Context

• Engineering environment primarily uses Python and TypeScript

• Platform operates across AWS and OCI

• Observability tooling is being established — LangFuse experience relevant but not required

Why This Role

This is a high-impact role at the center of Mitratech's AI engineering organization. You will define what production-ready AI means across the platform, build the systems that enforce it, and serve as the senior authority on AI quality, safety, and observability. You will work closely with product and platform teams, set standards that apply org-wide, and help Mitratech ship AI that customers can trust. If building that kind of foundational capability appeals to you, this role is worth a serious look.

We will disclose intended pay ranges in our job ads for US-based opportunities – This role can be performed 100% remote anywhere in the US. Anticipated Pay Range: $210K – $230K Annually USD

Total compensation includes US employee benefits and annual bonus eligibility.

Benefits we offer:

• Health, Dental & Vision Insurance *
• 401 (k) + Employer Match *
• Unlimited PTO + 11 Paid Holidays + 4 Annual Paid Global Wellness Days Off
• STD, LTD & Group Life Insurance
• Paid Parental Leave
• Pet Insurance
• FSA & HSA Options
• Employee Assistance Program

Perks we offer:

• Remote Work
• Career Advancement & Professional Development Opportunities
• Employee Recognition
• LinkedIn Learning Platform

Mitratech is proud to be an EEOE, M/F/D/V, and we are committed to diversity both in practice and spirit at the corporate level. Mitratech participates in the Electronic Employment Verification Program. E-Verify is an Internet-based system that compares information from an employee’s I-9 to data from the U.S. Department of Homeland Security and Social Security Administration Records. To learn more, visit: everify.com

We are an equal-opportunity employer that values diversity at all levels. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, national origin, age, sexual orientation, gender identity, disability, or veteran status.

Team Description

We are a small, dedicated legal team deeply embedded in the business. You will be a vital part of a collaborative and adaptive team that embraces a growth mindset. We handle a wide range of legal issues, and you will have the opportunity to take ownership of key projects and make a tangible, company-wide impact on the business.

Job Description and Responsibilities

Neuralink is hiring an Associate General Counsel to build and lead the company’s privacy and compliance program end-to-end. You will own the privacy strategy across our most sensitive data — neural recordings, clinical trial data, and the health information of the patients we serve — and stand up the compliance program that governs how Neuralink interacts with clinical investigators, physicians, hospitals, patients, and federal healthcare programs.

You will report to the General Counsel and partner closely with Clinical, Regulatory, and Engineering. You will set the privacy and compliance posture, design the program, and translate complex global obligations into clear guardrails the team can move quickly within. We are looking for an operator-attorney who is excited to roll up their sleeves, not someone who wants to manage a program from a distance.

As our Associate General Counsel, Privacy & Compliance, you will:

• Lead Neuralink’s privacy program across the United States and international jurisdictions, including governance, policies, training, vendor diligence, incident response, and data subject rights.
• Serve as the company’s subject-matter authority on HIPAA and clinical trial data. Partner with Clinical, Regulatory, and research ethics committee liaisons to ensure informed consent, BAAs, and study protocols are aligned with patient privacy expectations, best practices, and regulatory requirements.
• Own global privacy compliance and the full set of US state privacy laws. Drive privacy compliance for new market entry as Neuralink expands clinical trials and product availability internationally.
• Drive Privacy by Design with Product and Engineering, including conducting PIAs and DPIAs for new features and clinical study protocols, advising on data minimization and retention, and helping engineering teams ship faster by giving clear, early, implementable guidance.
• Lead vendor privacy reviews and DPA negotiations, including BAAs, SCCs, transfer impact assessments, and subprocessor management, and own the data flow map for the company.
• Maintain the company’s privacy notices, internal data handling standards, employee privacy policies, and DSAR/data rights response process.
• Lead the privacy incident response function in partnership with Security; own breach assessment, notification analysis, and regulator-facing communications.
• Lead Neuralink’s healthcare compliance program, including the policies, training, monitoring, auditing, and reporting infrastructure of a company operating in a federally regulated healthcare environment (OIG Seven Elements framework).
• Advise on interactions with healthcare professionals, hospitals, and clinical investigators, including AdvaMed Code adherence, Sunshine Act reporting, state HCP-interaction laws
• Track and translate regulatory developments and enforcements into concrete operational changes.

Key Qualifications

• A J.D. from an accredited law school and active membership in at least one state bar (California or Texas preferred).
• Privacy experience at a medical device company or high-growth health technology company (e.g., digital health, wearable tech, or life science company specializing in devices or advanced clinical data systems).
• A minimum of 10 years of privacy-focused legal practice, with substantial in-house experience leading a privacy program. CIPP/US and CIPP/E (or equivalent) strongly preferred.
• Deep, hands-on expertise with HIPAA (Privacy, Security, and Breach Notification Rules), including BAA negotiation and the privacy dimensions of clinical research (IRB processes, informed consent).
• Demonstrated command of GDPR, UK GDPR, and the US state privacy law landscape, including international data transfers and DPO/representative obligations.
• Track record of running Privacy by Design with engineering and product teams — PIAs, DPIAs, data mapping, and embedding privacy into product development.
• Strong contracts background: DPAs, BAAs, vendor privacy provisions.
• Operational fluency. You can build a program, not just advise on one. You have personally stood up policies, processes, and tooling, and you know how to measure whether they’re working.
• Excellent judgment under ambiguity. You can take a novel question with no clean regulatory analog and produce a clear, defensible answer that the business can act on.
• Clear writing, rigor, and direct communication. You can translate privacy law into guidance engineers and clinicians can actually use.

Preferred Qualifications

• Familiarity with the privacy issues unique to neural, biometric, and other sensitive categories of data.
• Working knowledge of AI/ML governance and the privacy interplay with model training data, including EU AI Act obligations.
• Experience supporting international expansion (clinical trial site activation, data localization, cross-border transfers).
• Comfort engaging directly with regulators.
• Experience running a compliance hotline and privileged internal investigations, and evaluating OIG/CMS self-disclosure pathways.

What You’ll Find Here

A mission you can’t get anywhere else. A small, dense team that ships, gives you real ownership, and expects you to think for yourself. The hardest privacy problems in the industry, and the trust to solve them.

Figure is an AI Robotics company developing a general purpose humanoid. Our humanoid robot, Figure 02, is designed for commercial tasks and the home. We are based in San Jose, CA and require 5 days/week in-office collaboration. It’s time to build.

We are looking for a Software Engineer to join the Security & Privacy team at Figure, focusing on the Privacy aspects for the robot as well as associated backend services. You will be instrumental in implementing privacy-enhancing technologies (PETs) and ensuring our products adhere to the highest standards of data protection and regulatory compliance. This role is centered on building privacy into the core architecture of our product, along with experience in AI and embedded systems.

Responsibilities

• Design and implement new technical features that embed privacy controls and data minimization techniques into our product and tech stack (privacy-by-design)
• Develop and maintain core privacy engineering services, including systems for user control, anonymization/pseudonymization, and data retention/deletion
• Collaborate with AI, engineering, and security teams to define and enforce robust data governance and data protection practices
• Develop and deploy custom tooling (scripts, APIs, libraries) to standardize privacy enforcement across the technology stack and monitor compliance
• Partner with technical stakeholders to translate privacy requirements into clear, actionable technical specifications and scalable software solutions
• Be a champion for user privacy and security

Requirements

• Experience in several of the following privacy and security domains: anonymization / de-identification, data retention and deletion, data lineage or governance, data protection fundamentals, data minimization privacy-by-design, privacy-preserving techniques
• Strong software engineering (not scripting or automation) skills in C/C++, Rust, Golang, Python or similar
• Prior experience building APIs or microservices specifically for data governance or privacy controls
• Ability to collaborate with internal and external stakeholders whilst prioritizing tasks and work independently under minimal supervision.
• BS in Computer Science, Engineering, Information Systems, or equivalent years of experience in a related technical field
• 8+ years of experience in the field of privacy engineering or related security or software engineering role
• Passion for learning and helping others
• Excellent verbal and written communication skills, with high attention to detail

The US base salary range for this full-time position is between $150,000 - $350,000 annually.

The pay offered for this position may vary based on several individual factors, including job-related knowledge, skills, and experience. The total compensation package may also include additional components/benefits depending on the specific role. This information will be shared if an employment offer is extended.

Position

Chief Privacy Officer (Director, Security Engineering)

Company Introduction

About Rocket Now

Rocket Now is a food delivery service with no delivery or service fees. Consumers can enjoy a wide variety of cuisines, from Japanese and Western food to healthy options, as well as desserts and drinks, quickly and affordably. The service is currently available mainly in Hokkaido, Tohoku (Sendai), Kanto (Tokyo, Kanagawa, Saitama, Chiba), Chubu (Aichi, Shizuoka), Kansai (Osaka, Kyoto, Hyogo), Hiroshima, and Kyushu (Fukuoka). Rocket Now won the Excellence Award in the Shopping Category at the Best App Awards 2025. Furthermore, it has achieved the No. 1 ranking in the Food Delivery App category for nine consecutive months on both the iOS and Android app stores (*1), and the app continues to grow, surpassing 5 million downloads in just 15 months since its launch (*2). *1 Based on integrated iOS and Android data from July 2025 to March 2026. *2 As of January 14, 2025, service release date (Source: Global Market Intelligence: Sensor Tower)

About CP One Japan

CP One Japan LLC is the Japanese subsidiary of Coupang, Inc. (NYSE: CPNG), a US-based company listed on the NYSE (New York Stock Exchange) and one of the Fortune 150 companies, known as a technology company. CP One Japan operates the "Rocket Now" brand food delivery service in Japan, leveraging Coupang's technological capabilities and innovative logistics solutions to provide fast, reliable, and customer-oriented food delivery services to Japanese consumers.

Role Overview

We are looking for a Privacy and Security Leader to build and lead the Digital Trust team in Japan. This role will initially operate as a highly autonomous individual contributor, with a clear mandate to design the privacy and security operating model in Japan and progressively build a dedicated team as the business scales. Reporting directly to the Digital Trust Leader based in Taiwan, this role will govern internal security practices and operations while protecting customer trust and empowering business growth for Rocket Now and Coupang Japan. As the primary owner of security-related engagements with regulatory and government entities, you will combine hands-on execution of Privacy Information Management Systems (PIMS) with strategic influence across regulators, operations, product teams, and regional teams (KR/TW).

What You Will Do

• Own and maintain privacy and security policies aligned with the Japan Act on the Protection of Personal Information (APPI) and global industry standards.
• Lead the Privacy Information Management System (PIMS) lifecycle and Privacy Mark (P-Mark) certification process, including documentation, internal audits, and remediation.
• Drive privacy reviews and impact assessments across products and business operations in Japan.
• Manage the end-to-end privacy/security incident lifecycle, encompassing assessment, regulatory reporting, and remediation.
• Partner with KR and TW regional teams to implement and localize privacy and security programs.
• Serve as the primary liaison with regulatory bodies, including the Personal Information Protection Commission (PIPC).
• Engage with government and policy stakeholders to promote Coupang’s cybersecurity and privacy posture.
• Build long-term trust and credibility with Japanese authorities while ensuring strategic alignment with evolving regulatory expectations.

Basic Qualifications

• More than 5 years of experience in privacy/security compliance, including practical experience in leading large-scale privacy/security solutions involving cross-functional teams.
• Strong understanding of privacy and security related regulatory requirements in Japan, including APPI.
• Experience in privacy review and incident management.
• Excellent communication and interpersonal skills with the ability to communicate effectively with stakeholders at all levels of the organization.
• Excellent analytical and problem-solving skills and the ability to anticipate and address project-related challenges.
• Fluent-level Japanese and business-level English.

Preferred Qualifications

• Holds security related certifications or licenses, e.g., 個人情報保護士 / 個人情報保護実務専門家 / Certified Information Privacy Professional / Certified Information Privacy Manager / Certified Information Privacy Technologist.
• Experience in engaging with government or regulators on privacy/security topics.
• Have fundamental technical understanding and experience in the security space, especially in the field of data protection and the defensive side of security engineering.
• Background in e-commerce or cross-border environments.

Recruitment Process and Others

Recruitment Process

• Application Review - Phone Interview - Onsite (or Virtual Onsite) Interview – Offer
• The exact nature of the recruitment process may vary according to the specific job and may be changed due to scheduling or other circumstances.
• Interview schedules and the results will be informed to the applicant via the e-mail address submitted at the application stage.

Working Conditions

• Employment Type: Full time employee
• Probationary Period: 3 Months
• Other details will be provided separately

Details to Consider

• This job posting may be closed prior to the stated end date for application if all openings are filled.
• Coupang has the right to rescind an offer of employment if a candidate is found to have submitted false information as part of the application process.
• Those eligible for employment protection (recipients of veteran’s benefits, the disabled, etc.) may receive preferential treatment for employment in accordance with applicable laws.
• Job titles and responsibilities may be subject to change depending on the candidate’s overall experience and/or the necessity of business, etc. at the time of joining Coupang and/or after joining Coupang. The job title/duties and responsibilities after such change shall not be subject to any special restriction. The job titles and responsibilities at the time of joining Coupang will be communicated to the candidate at the appropriate time before the offer.
• Details will be provided separately after receiving your application by email and/or during the job interview.

Equal Opportunities

Rocket Now is an Equal Opportunity Employer committed to fair and inclusive hiring practices in accordance with Japanese labor laws. We welcome applications from all qualified individuals and ensure that employment decisions are made without discrimination based on unreasonable grounds, including the following grounds:

• Labor Union Membership: Employment is not conditioned on membership or non-membership in any labor union. We respect the rights of individuals to freely associate, as protected under the Labor Union Act.
• Gender: We do not discriminate based on sex or gender in recruitment, hiring, etc., in compliance with the Act on Equal Opportunity and Treatment between Men and Women in Employment.
• Age: We do not set age limits or discriminate based on age in our hiring processes, except where legally justified under the Act on Comprehensively Advancing Labor Measures, and Stabilizing the Employment of Workers, and Enriching Workers' Vocational Lives.
• Disability: We provide equal opportunities to individuals with disabilities and offer reasonable accommodations as required under the Act on the Facilitate the Employment of Persons with Disabilities.
• Fair Hiring Process: We conduct a fair hiring process that respects the fundamental human rights of all employees. We do not discriminate based on race, nationality, ideology, religion, etc. during the recruitment or hiring process.

We are committed to fostering a respectful, inclusive, and diverse workplace where all individuals can thrive. Selection for employment is based solely on individual merit, qualifications, and business needs. The personal information you provide when applying will be collected and managed by Coupang in accordance with the following privacy https://www.coupang.jobs/jp/privacy-policy/

Privacy Notice​

• Your personal information will be collected and managed by Coupang as stated in the Application Privacy Notice located below: https://www.coupang.jobs/privacy-policy/

Equal Opportunities for All (Drafter: Default setting from Coupang.jobs - no need to add)

• Coupang is an equal opportunity employer. Our unprecedented success could not be possible without the valuable inputs of our globally diverse team.

You Will:

Corporate & Commercial
• Draft, review, and negotiate a broad range of commercial agreements including supplier contracts, real estate leases, licensing arrangements, and partnership agreements.
• Support corporate governance activities including board meeting preparation, entity management across multiple jurisdictions, and subsidiary structuring.
• Advise on regulatory compliance matters affecting multi-state retail operations, food and beverage regulations, and franchise law.
• Work closely with Finance, Operations, and Business Development teams to provide timely, practical legal guidance on day-to-day transactions.
Labor & Employment
• Manage a wide range of labor and employment matters including wage and hour compliance, workplace investigations, disciplinary actions, and terminations.
• Advise HR on hiring practices, employee classification (exempt/non-exempt, employee/contractor), leave administration, and accommodation requests.
• Handle employment-related disputes including demand letters, EEOC charges, state agency complaints, and civil litigation, coordinating with outside counsel as appropriate.
• Draft and maintain employment policies, handbooks, and training materials that reflect current federal, state, and local law requirements.
• Monitor legislative and regulatory developments in employment and labor law across key operating states and proactively advise the business on required adjustments.
• Support union-related matters and collective bargaining processes where applicable.
Data Privacy & Technology
• Serve as a primary legal resource on data privacy and security matters, advising on compliance with CPRA, CCPA, and other applicable US and international privacy regulations.
• Review and negotiate data processing agreements, SaaS contracts, and technology vendor agreements with a focus on data risk allocation and security obligations.
• Partner with the Technology, Marketing, and Customer Loyalty teams to conduct privacy impact assessments and implement privacy-by-design principles.
• Develop and maintain internal data privacy policies, records of processing activities, and incident response protocols.
• Lead the company's response to data subject requests and coordinate breach notification procedures in compliance with applicable law.
• Monitor emerging privacy legislation and regulatory guidance, advising leadership on compliance implications and required policy updates.
General Legal Support
• Manage outside counsel relationships and legal spend across practice areas.
• Assist the General Counsel with special projects, board-level matters, and cross-functional legal initiatives.
• Contribute to building and refining legal department processes, templates, and knowledge management systems.

You Are:

• Comfortable with Structured Autonomy. You are confident in managing the full breadth of day-to-day US legal matters independently, and equally comfortable operating within a clear governance framework where material decisions are made in partnership with senior management. You escalate proactively and see close collaboration with leadership as a strength, not a constraint.
• A Cross-Cultural Communicator. You possess exceptional communication skills and emotional intelligence, enabling you to translate complex U.S. legal concepts into clear business guidance for global stakeholders across cultures and time zones.
• A Collaborative Partner. You enjoy mentoring business teams, increasing legal and risk awareness, and building trusted relationships across corporate and retail functions. You are viewed as a strategic business partner who enables informed decision-making.
• Committed to Excellence. You have developed deep legal expertise throughout your career and are motivated by ownership, continuous learning, and the opportunity to serve as the primary legal advisor supporting a dynamic and growing U.S. business.

You Have:

Required
• Juris Doctor (J.D.) from an accredited law school, active bar admission, and good standing to practice law in California or New York.
• 8-10 years of post-qualification experience (PQE), with a meaningful mix of law firm and in-house legal experience preferred.
• Demonstrated expertise across at least two of the three core practice areas: corporate/commercial, labor and employment, and data privacy.
• Strong transactional skills with hands-on experience drafting and negotiating complex commercial agreements.
• Solid understanding of US employment law across multiple jurisdictions, including familiarity with California employment requirements.
• Practical knowledge of US data privacy frameworks, particularly CCPA/CPRA, and experience advising on digital products and consumer data programs.
• Excellent written and oral communication skills with the ability to explain legal concepts clearly to non-legal business partners.
• Highly organized, self-directed, and comfortable managing multiple priorities in a fast-paced, growth-oriented environment.
Preferred
• In-house experience at a consumer retail, food and beverage, restaurant, hospitality, or franchise business.
• Familiarity with franchise disclosure documents (FDDs), franchise regulation, and multi-unit franchise operations.
• Proficiency in Mandarin Chinese (written and spoken) is a plus, as the role involves communication with counterparts and stakeholders in connection with the company's international sourcing operations and business expansion activities.

A few benefits we offer:

• Comprehensive health, dental, and vision coverage for eligible employees starting on your first day
• 401(k) plan
• Paid time off & paid volunteer hours
• 50% discount on all products, both online and in-cafe; this includes food, beverages, whole-bean coffee, and merchandise
• Flexible spending account & commuter benefits
• Employee Assistance Program
• Additional benefits information

Summary

The VHA Privacy and FOIA Program establishes standardized policies and processes to ensure the proper management, protection, and transparency of information in compliance with federal laws and regulations. It supports accountability by governing how data is collected, used, shared, and disclosed while ensuring timely and accurate responses to information requests.

Duties

Duties: The facility Privacy/FOIA Officer has oversight for the data governance program and initiatives in the Washington DC VA Medical Center, it's Community Based Outpatient Clinics and its supporting catchment area. The position makes unique facility-level determinations about disclosures, issuance of denials, redactions, access, use and dissemination of federal agency records. The position formulates policy, ensures compliance with federal and state laws and conducts thorough research of federal implementing regulations. Major duties include but are not limited to: Implements unique policies and procedures to manage agency information, providing assistance and services to the public and an organization, agency or facility staff members. Supports developing a local level strategy for data governance, which includes leading from the executive office and creating a unique program that includes diverse processes and specific policies which are independent of other facilities. Monitors and covers all aspects of the collection, use, dissemination, disclosure and destruction of information within an organization, agency or facility. Develops and integrates policy-based processes, roles and controls that influence how data is created, collected, used, stored and destroyed throughout the organization. Adjudicates complex privacy and FOIA decisions that affect employees, customers and commercial businesses in the absence of supervision. Performs in-depth legal research that pertains to both federal and state statutes to render expertise, provide solutions and facilitate corrective action. Safeguards information while supporting accountability and transparency initiatives. Analyzes all the interrelated issues that affect the privacy/FOIA program and plans and conducts monitoring activities which measure the overall level of operational compliance by the facility. Teaches and trains employees on general data protection procedures and detailed service specific practices for daily operations and uses technology to provide required privacy/FOIA training and supplemental education. Perform assessment of privacy-related risks associated with business activities that involve processing of personal and sensitive data. Investigates non-compliance of privacy related issues at all levels of an organization, agency or facility and outside of these entities when information is involved. Strengthens and sustains the operational life cycle of the privacy/FOIA program by developing a communication strategy that fosters awareness for both internal and external partners to improve compliance, provide training and engage the public. Ensures that organization, agency or facility correspondence for data governance is transparent, timely, accurate and complete in response to requests for information from the general-public, Congressional representatives, law enforcement, courts and commercial business. Creates a communications process and tools that are flexible, customizable and interactive to address unique compliance challenges and educational/training needs. Work Schedule: Monday Friday, 8:00am - 4:30pm (Tour can be negotiated) Virtual: This is not a virtual position. Position Description/PD#: Privacy Officer (Government Information Specialist)/PD99843S Relocation/Recruitment Incentives: Not Authorized Critical Skills Incentive (CSI): Not Approved Permanent Change of Station (PCS): Not Authorized OUR MISSION: To fulfill President Lincoln's promise "To care for those who have served in our nation's military and for their families, caregivers, and survivors" - by serving and honoring the men and women who are America's Veterans. How would you like to become a part of a team providing compassionate whole health care to Veterans. Whole Health is an approach to health care that empowers and equips people to take charge of their health and well-being and live their life to the fullest. VA is committed to Whole Health and values Veteran and Employee health and wellbeing. As a VA employee, you will practice Whole Health in an environment that supports personalized and proactive care.

Job Requirements

You must be a U.S. Citizen to apply for this job To be considered for this position, you must complete all required steps in the process. In addition to the application and questionnaire, this position requires an online assessment. The online assessment measures critical general competencies required to perform the job. Selective Service Registration is required for males born after 12/31/1959 Physical Requirements: The work required does not inherently include any physical requirements essential for successful job performance that could not otherwise be performed with accommodation or workplace adjustment. A pre-placement physical examination is not required. Subject to background/security investigation. A current valid state driver's license is required. Note: We cannot accept photographs. Therefore, please do not submit a copy of your license with your application package. If an interview is requested, you will be required to provide your driver's license for verification of required endorsements. Selected applicants will be required to complete an online onboarding process. Acceptable form(s) of identification will be required to complete pre-employment requirements (https://www.uscis.gov/i-9-central/form-i-9-acceptable-documents). Effective May 7, 2025, driver's licenses or state-issued identification cards that are not REAL ID compliant cannot be utilized as an acceptable form of identification for employment. Participation in the seasonal influenza vaccination program is a requirement for all Department of Veterans Affairs Health Care Personnel (HCP) As a condition of employment for accepting this position, you will be required to serve a 1-year probationary period or 2-year trial period during which we will evaluate your fitness and whether your continued employment advances the public interest. In determining if your employment advances the public interest, we may consider: your performance and conduct; the needs and interests of the agency; whether your continued employment would advance organizational goals of the agency or the Government; and whether your continued employment would advance the efficiency of the Federal service. Upon completion of your probationary period, your employment will be terminated unless you receive certification, in writing, that your continued employment advances the public interest.

Qualifications

To qualify for this position, applicants must meet all requirements by the closing date of this announcement, 06/26/2026. Time-In-Grade Requirement: Applicants who are current Federal employees and have held a GS grade any time in the past 52 weeks must also meet time-in-grade requirements by the closing date of this announcement. For a GS-12 position you must have served 52 weeks at the GS-11. The grade may have been in any occupation, but must have been held in the Federal service. An SF-50 that shows your time-in-grade eligibility must be submitted with your application materials. If the most recent SF-50 has an effective date within the past year, it may not clearly demonstrate you possess one-year time-in-grade, as required by the announcement. In this instance, you must provide an additional SF-50 that clearly demonstrates one-year time-in-grade. Note: Time-In-Grade requirements also apply to former Federal employees applying for reinstatement as well as current employees applying for Veterans Employment Opportunities Act of 1998 (VEOA) appointment. You may qualify based on your experience as described below: Specialized Experience: You must have one year of specialized experience equivalent to at least the next lower grade GS-11 in the normal line of progression for the occupation in the organization. Examples of specialized experience would typically include, but are not limited to: : experience as a Privacy/FOIA officer working independently with little supervision, formulating policy, ensuring compliance with federal and state laws and conducts thorough research of implementing regulations and policies and procedures to manage agency/organization information; providing assistance and services to the general public, staff members and communicated information to the Executive leadership, facility staff and outside stakeholders. You will be rated on the following Competencies for this position: Competencies Bullets Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., Peace Corps, AmeriCorps) and other organizations (e.g., professional; philanthropic; religions; spiritual; community; student; social). Volunteer work helps build critical competencies, knowledge, and skills and can provide valuable training and experience that translates directly to paid employment. You will receive credit for all qualifying experience, including volunteer experience. Note: A full year of work is considered to be 35-40 hours of work per week. Part-time experience will be credited on the basis of time actually spent in appropriate activities. Applicants wishing to receive credit for such experience must indicate clearly the nature of their duties and responsibilities in each position and the number of hours a week spent in such employment. Best Qualified: The position serves as the facility-level lead for privacy, FOIA, and data governance, with responsibility for strategic planning, policy development, compliance oversight, investigations, disclosure decisions, training, and stakeholder engagement. The best qualified factors are: Data governance program leadership Privacy and FOIA subject-matter expertise Legal and regulatory research Policy development and implementation Compliance monitoring and performance improvement Training, communication, and change management Investigations and adjudication Stakeholder engagement and executive advising Data lifecycle and risk management Organization, strategic planning, and workload management Physical Requirements: The work is primarily sedentary. There will be episodes of moderate lifting or prolonged periods of standing and bending in searching various files. There is lifting and carrying of such items as record boxes and bulky files. The work involves considerable walking, standing and bending conducting rounds, auditing and providing training to both on-site and off-site personnel. There is also occasional lifting and carrying of such items as boxes and files, weighing up to 30 pounds. The work may be performed in an office setting with adequate light, heat, air conditioning and ventilation. Traveling off-station to VA outpatient clinics, contracted community-based clinics, business associate offices and between campuses to provide training and attend/conduct meetings is necessary. May require occasional travel. Work Environment: The work may be performed in an office setting with adequate light, heat, air conditioning and ventilation. Traveling off-station to VA outpatient clinics, contracted community-based clinics, business associate offices and between campuses to provide training and attend/conduct meetings is necessary. May require occasional travel. For more information on these qualification standards, please visit the United States Office of Personnel Management's website at https://www.opm.gov/policy-data-oversight/classification-qualifications/general-schedule-qualification-standards/.

Education

There is no educational substitution at this grade level.

How you’ll make an impact

Lead and support privacy reviews for new products, features, and data uses. 

Conduct and manage Data Protection Impact Assessments (DPIAs) and Legitimate Interests Assessments (LIAs) as required under global privacy laws. 

Partner with product managers, engineers, data scientists, and legal teams to identify and mitigate privacy risks early in the development lifecycle

Translate complex legal and regulatory requirements into practical, product-focused guidance. 

Help build scalable processes, templates, and tools to support efficient and consistent privacy reviews

Support data incident response processes, including breach assessment, regulatory notification timelines, and remediation guidance.

Contribute to privacy governance initiatives, including documentation, playbooks, and internal guidance

Stay current on global privacy developments and help operationalize requirements into product workflows

Support audits and assessments of privacy practices in collaboration with cross-functional partners

Provide support to the implementation of Match Group’s global privacy program.

We could be a match if you:

Have a background in privacy, law, public policy, or a related field.

Have experience supporting or conducting PIAs, DPIAs, LIAs, or product privacy reviews.

Understand how digital products work (e.g., data flows, APIs, SDKs, AI/ML use cases).

Are comfortable working closely with technical and product teams.

Have strong analytical and problem-solving skills, with attention to detail.

Are an effective communicator who can translate legal concepts into clear, actionable guidance. 

Thrive in a fast-paced, collaborative environment and can manage multiple priorities 

Are a self-starter who takes initiative in driving privacy reviews and projects forward, exercising sound judgment on when to seek guidance and escalate issues

Are digitally literate, preferably with a proficiency in Google Workspace.

Are comfortable with and interested in applying AI tools in your everyday work, such as ChatGPT, Gemini, and Zoom AI Companion to automate repetitive tasks and improve output quality such as in drafting documents, generating structured outputs and improving workflows.

Are committed to continuous learning and development.

What’s the team like?

On this close-knit global team, you will have the opportunity to work both collaboratively and independently on exciting privacy challenges.

Individuals on this team manage multiple projects simultaneously, are autonomous and self-motivated team players with a keen interest in privacy, possess superior communication skills, collaborate effectively with stakeholders, and have excellent project management skills.

A successful Privacy Analyst will be trusted to approach their work methodically, managing multiple demands while aiming for continuous improvement.

This role is for one of Weekday’s clients

Min Experience: 6+ years
Location: Bangalore, Delhi
JobType: full-time

Requirements

The main responsibilities in the role are:

• Compliance: Ensure compliance with relevant external regulations and internal standards, such as GDPR, ISO 27001, and others.
• Govern and oversee GDPR / AAS / DORA / SCHREMS compliance for Application Security and Third-Party Risk Management
• Monitor ITRM KRIs and deliver remediation plans
• Ensure availability and maintenance of NIST control evidence.
• Develop, implement, and manage comprehensive security compliance programs.
• Policy Development: Create and enforce security policies, procedures, and guidelines to maintain compliance.
• IAM topics: Oversee the IAM NIST Controls, Recertification campaigns and ad hoc KRI mitigation actions.
• Audit and Assessment: Collaborate to conduct regular audits and assessments to identify compliance gaps and ensure adherence to security standards.
• Risk Management: Identify, assess, and mitigate compliance risks to the organisation.
• Deliver Risk analysis on business requests (new apps, new projects, new vendors…)
• Ensure Risk Acceptances are registered, and follow-up actions are tracked to closure.
• Lead Security exception Validation.
• Conduct awareness sessions to LOD1 Infosec team on Risk Management
• RFP Support
• Respond to customer security questionnaires and review security clauses.
• Incident Response: Lead the response to security incidents, ensuring proper documentation and resolution in line with compliance requirements.
• Training and Awareness: Develop and deliver training programs to increase awareness of security compliance across the organisation.
• Design, launch and reporting of phishing campaigns and conduct awareness sessions.
• Monitoring and Reporting: Monitor IT systems for potential risks and vulnerabilities and provide regular reports to senior management.
• Responsible for internal/external audit monitoring and reporting – global CISO ownership.
• Ensure the follow-up of audit recommendations (Inspection, external auditors, regulators, etc.).
• Monitor and coordinate the timely closure of audit recommendations.
• Work closely with IT, legal, and business teams to integrate compliance requirements into business processes.

 

Technical Skills:

• Knowledge of Microsoft Defender Phishing Module or a similar platform.
• Proficiency in MS Office, particularly MS Excel and PowerPoint.

Behavioural Skills on the job:

• Strong understanding of security awareness, incident management, and crisis management principles.
• Proactive communication, presentation, and stakeholder‑management skills.
• Proven leadership and project‑management abilities.
• Ability to work independently and make effective decisions under pressure.
• Strong organisational, analytical, presentation, and reporting skills.
• Capacity to challenge local stakeholders’ arguments and action plans.
• Excellent organizational and cross‑functional coordination skills.
• Strong adaptability, openness to feedback, and willingness to continuously learn.
• Results‑driven mindset with strong planning and execution discipline.

Qualifications:

• Bachelor’s or master’s degree preferred.
• Relevant certifications such as CISSP, CISM, ISO 27001 Lead Implementer/Lead Auditor, CompTIA Security+, etc.
• At least 7 years of work experience in Cybersecurity operations (Risk management, Data security, Network security, IAM).

Must-have skills

GDPR, cissp

Good-to-have skills

Cyber Security, RFP

Summary

Join a dynamic team of information law attorneys providing fast-paced legal advice and guidance to clients at U.S. Immigration and Customs Enforcement's (ICE) Office of the Principal Legal Advisor (OPLA) Government Information Law Division (GILD) as Counsel and leverage your legal experience to protect the homeland in this ever-evolving area of law.

Duties

OPLA is the largest legal program in the Department of Homeland Security (DHS), employing over 3,000 attorneys nationwide to provide a full range of legal services to all ICE programs and offices. OPLA's Enforcement, General Law, and Litigation (EG&L) divisions, through close client engagement, advance ICE's homeland security and public safety mission by providing expert legal advice and guidance to ICE personnel enforcing our nation's immigration, customs, and criminal law and policies. Counsel in EG&L also defend the operational authorities and decisions of ICE officers and agents in federal courts and support the advocacy of ICE attorneys before immigration courts and the Board of Immigration Appeals, with special emphasis on cases involving criminal aliens, human rights violators, and aliens who threaten our national security. EG&L divisions also advise and provide legal and prudential counsel to an array of operational and policy clients within ICE on contracts, fiscal, and information law issues, as well as ethics and regulatory matters. GILD attorneys advise all ICE program offices on matters relating to the disclosure of agency information, both within DHS and to external entities. Specifically, they support agency compliance with legal obligations under the Freedom of Information Act (FOIA), the Privacy Act of 1974 (PA), the E-Government Act of 2002, the Federal Records Act of 1950, and the Paperwork Reduction Act of 1995. GILD adjudicates administrative FOIA appeals and assists U.S. Attorneys' Offices in defending information-related litigation under the FOIA, PA, and the Administrative Procedure Act. GILD attorneys also engage with local law enforcement about state sunshine laws and disclosure of information, coordinate responses to agency requests for information, respond to congressional inquiries, and review ICE information-sharing agreements with external agencies. Selected attorneys will immediately be given significant responsibilities and will be expected to craft persuasive, legally supportable positions to address the needs of agency operational components. Selected attorneys will be expected to routinely provide timely legal opinions to ICE officers and agents, division management, and leadership within OPLA, ICE, and the DHS Office of the General Counsel Headquarters.

Job Requirements

Qualifications

Applicants should be able to efficiently produce quality legal analyses of complex and novel issues, exercise sound legal judgment, prioritize competing assignments, and work effectively independently, as part of a team, and across work units. Applicants should be detail-oriented and have a strong interest in supporting and providing stellar client services to program offices, including law enforcement officers, policymakers, attorneys, and agency senior leadership, and must be able to tailor communications to a particular audience. Applicants should be able to take initiative and work in a reliable, decisive, and professional manner. Applicants should possess the following characteristics and competencies: integrity, sound professional judgment, organizational skills, decisiveness, initiative, stellar client services, the ability to function independently and cooperatively, and superior written and oral advocacy skills.

Education

Applicants must be graduates of an accredited law school with a Juris Doctor (J.D.) or LLM degree. Please see Required Documents for more information.

This role is for one of Weekday’s clients

Min Experience: 6+ years
Location: Bangalore, Delhi
JobType: full-time

Requirements

The main responsibilities in the role are:

• Compliance: Ensure compliance with relevant external regulations and internal standards, such as GDPR, ISO 27001, and others.
• Govern and oversee GDPR / AAS / DORA / SCHREMS compliance for Application Security and Third-Party Risk Management
• Monitor ITRM KRIs and deliver remediation plans
• Ensure availability and maintenance of NIST control evidence.
• Develop, implement, and manage comprehensive security compliance programs.
• Policy Development: Create and enforce security policies, procedures, and guidelines to maintain compliance.
• IAM topics: Oversee the IAM NIST Controls, Recertification campaigns and ad hoc KRI mitigation actions.
• Audit and Assessment: Collaborate to conduct regular audits and assessments to identify compliance gaps and ensure adherence to security standards.
• Risk Management: Identify, assess, and mitigate compliance risks to the organisation.
• Deliver Risk analysis on business requests (new apps, new projects, new vendors…)
• Ensure Risk Acceptances are registered, and follow-up actions are tracked to closure.
• Lead Security exception Validation.
• Conduct awareness sessions to LOD1 Infosec team on Risk Management
• RFP Support
• Respond to customer security questionnaires and review security clauses.
• Incident Response: Lead the response to security incidents, ensuring proper documentation and resolution in line with compliance requirements.
• Training and Awareness: Develop and deliver training programs to increase awareness of security compliance across the organisation.
• Design, launch and reporting of phishing campaigns and conduct awareness sessions.
• Monitoring and Reporting: Monitor IT systems for potential risks and vulnerabilities and provide regular reports to senior management.
• Responsible for internal/external audit monitoring and reporting – global CISO ownership.
• Ensure the follow-up of audit recommendations (Inspection, external auditors, regulators, etc.).
• Monitor and coordinate the timely closure of audit recommendations.
• Work closely with IT, legal, and business teams to integrate compliance requirements into business processes.

 

Technical Skills:

• Knowledge of Microsoft Defender Phishing Module or a similar platform.
• Proficiency in MS Office, particularly MS Excel and PowerPoint.

Behavioural Skills on the job:

• Strong understanding of security awareness, incident management, and crisis management principles.
• Proactive communication, presentation, and stakeholder‑management skills.
• Proven leadership and project‑management abilities.
• Ability to work independently and make effective decisions under pressure.
• Strong organisational, analytical, presentation, and reporting skills.
• Capacity to challenge local stakeholders’ arguments and action plans.
• Excellent organizational and cross‑functional coordination skills.
• Strong adaptability, openness to feedback, and willingness to continuously learn.
• Results‑driven mindset with strong planning and execution discipline.

Qualifications:

• Bachelor’s or master’s degree preferred.
• Relevant certifications such as CISSP, CISM, ISO 27001 Lead Implementer/Lead Auditor, CompTIA Security+, etc.
• At least 7 years of work experience in Cybersecurity operations (Risk management, Data security, Network security, IAM).

Must-have skills

GDPR, cissp

Good-to-have skills

Cyber Security, RFP

Job Description

Als Policy & Privacy Specialist speel je een sleutelrol in het versterken van policy governance en privacy binnen Athora Netherlands.

Wat je over ons moet weten?

Wij zijn Athora Netherlands, een verzekeringsbedrijf met de bekende merken Zwitserleven en Reaal. Wij houden ons voornamelijk bezig met pensioenen en levensverzekeringen op de Nederlandse markt. Dat doen wij als onderdeel van een Europese groep met vestigingen in Ierland, het Verenigd Koninkrijk, België, Duitsland en Italië. Wij zijn een sterk bedrijf met ruim één miljoen klanten en wij willen de komende jaren doorgroeien tot een van de belangrijkste spelers in de snel veranderende pensioenmarkt. Daarom zoeken wij mensen die niet terugdeinzen voor verandering, die van aanpakken weten, die de ambitie hebben om resultaten neer te zetten en die daarom het beste uit zichzelf en hun team weten te halen. Slimmer samen, noemen wij dat.

Wat ga je doen?

Je beweegt je op het snijvlak van strategie en uitvoering en vertaalt wet- en regelgeving naar werkbare oplossingen voor de business. Je adviseert over privacy en compliance, ontwikkelt en implementeert beleid, monitort naleving en signaleert risico's. Daarnaast draag je bij aan het beheer van de uitbestede levensverzekeringportefeuille (TCS) en fungeer je als verbindende schakel tussen Business, Compliance en Legal. Je doet dit op een proactieve en pragmatische manier, door stakeholders actief te betrekken, complexe vraagstukken te structureren en te sturen om concrete, organisatie brede verbeteringen.

1. Privacy governance & ondersteuning

• Faciliteren en ondersteunen van business-privacyvraagstukken via de privacy champions

• Adviseren van proceseigenaren en business owners over AVG-compliance

• Adviseren en ondersteuning bieden bij privacy assessments

• Fungeren als schakel tussen 1e lijn, 2e lijn en Legal

  2. Beleidsontwikkeling en implementatie

• Initiëren, opstellen en onderhouden van beleid (Operations/ generieke diensten)

• Vertalen van wet- en regelgeving en interne eisen naar toepasbaar en uitvoerbaar beleid

• Beantwoorden en analyseren van beleidsvraagstukken vanuit stakeholders

• Borgen van consistentie en samenhang binnen het beleidslandschap
  
  3. Governance en compliance monitoring

• Monitoren van naleving en signaleren van risico's

• Rapporteren aan interne stakeholders (o.a. management, risk, compliance)

• Ondersteunen bij audits, monitoring en reviews

• Bijdragen aan de inrichting en versterking van het Privacy-framework
  
  4. Uitbestedingsmanagement (TCS - Levensverzekeringen)

• Monitoren van wet- & regelgeving met betrekking tot de serviceprovider

• Afstemmen met interne stakeholders (Management, Operations, Risk, Legal)

• Signaleren en initiëren van verbetermaatregelen

  5. Stakeholdermanagement & regie

• Optreden als sparringpartner voor senior management op het gebied van privacy en beleid

• Verbinden van verschillende disciplines (IT, Operations, Legal, Compliance)

• Regie voeren op complexe, multidisciplinaire vraagstukken

#LI-DNI

Job Requirements

Wat vragen we van jou?

• Academisch werk- en denkniveau

• Ongeveer 5 jaar relevante werkervaring, bij voorkeur in financiële dienstverlening/ verzekeringen of IT & Operations
  Aantoonbare kennis van:

  • Privacy wet- en regelgeving (AVG)

  • Governance, Risk & Compliance

• (Pré) kennis van levensverzekeringen en uitbesteding

• Ervaring met beleidsontwikkeling en implementatie

• Sterke communicatieve vaardigheden (NL + EN)

Wat krijg je van ons?

Je krijgt pakweg 900 collega's die allemaal vinden dat ze bij een bijzonder bedrijf werken. Je krijgt de mogelijkheid om een belangrijke bijdrage te leveren aan het maatschappelijk relevante thema van pensioenen. Wij zorgen ervoor dat je pensioen goed geregeld is, zodat je zorgeloos kan genieten van je oude dag.

Jij krijgt de kans om echt het verschil te maken als het gaat om duurzaamheid, omdat we in onze bedrijfsvoering en onze beleggingen al jaren de toon aangeven. Uiteraard krijg je een (flexibele) werkplek op een van onze kantoren die behoren tot de beste 7% van de wereld, echt waar. En omdat je ook regelmatig thuis zult werken, ontvang je een budget om je thuiswerkplek goed in te richten.

In ruil voor jouw inzet, talent en vaardigheden krijg je naast je salaris plus een vakantietoeslag en een dertiende maand, 27 vakantiedagen (bij een contract van 36 uur) en een OV-kaart of reiskostenvergoeding voor de dagen dat je naar kantoor komt. En, niet onbelangrijk vinden wij, je krijgt elk jaar een goed opleidingsbudget, zodat je jezelf kunt blijven ontwikkelen. Zo krijg je de kans om door te groeien, binnen ons bedrijf of daarbuiten.

Salaris per maand:
Op basis van cao schaal 17 HAY is de range € 5.991,23 tot € 7.988,31 op basis van 36 uur.

Enthousiast?

Reageer dan snel via de sollicitatie button!

Company Description

Devoteam est une entreprise de conseil en technologies, cloud, cyber, IA et développement durable. Avec plus de 11 000 collaborateurs dans plus de 25 pays, nous guidons nos clients depuis près de 30 ans dans la transformation technologique de leurs activités. En France, nous sommes 4500 Digital Architects répartis dans + de 50 tribus d’expertises et coachés par + de 400 managers experts. Nous rejoindre c’est : travailler sur des projets innovants et durables pour mettre la Technologie au service de l’humain, se certifier en continu sur les nouvelles tech du marché et partager des moments uniques entre collègues ! 

Pour en découvrir plus sur Devoteam, rendez-vous ici.

Job Description

Dans le cadre du renforcement de sa stratégie de protection des données sensibles, notre client, acteur majeur du secteur bancaire international, poursuit l'évolution de son socle de sécurité autour des technologies de Data Loss Prevention (DLP).

Pour accompagner cette transformation, nous recherchons un Expert Cybersécurité spécialisé en Data Protection et DLP afin de contribuer à la définition, à l'implémentation et à l'amélioration continue des contrôles de protection des données à l'échelle du Groupe.

Au sein des équipes Cybersecurity & Data Protection, vous interviendrez sur les sujets de protection des données sensibles et contribuerez à l'évolution des dispositifs DLP permettant de prévenir les risques de fuite ou d'exposition des informations critiques.

Vous participerez à l'ensemble du cycle de vie des contrôles de sécurité, depuis leur conception jusqu'à leur mise en production et leur amélioration continue.

Vos principales responsabilités

• Participer au déploiement des contrôles de protection des données à l'échelle internationale.
• Concevoir et définir de nouveaux cas d'usage DLP répondant aux besoins de sécurité et de conformité.
• Contribuer au design des contrôles avant leur passage en exploitation (« Run »).
• Définir et optimiser les règles de détection, de classification et de protection des données sensibles.
• Analyser les alertes, les incidents et les tendances afin d'améliorer l'efficacité des contrôles DLP.
• Produire les indicateurs de suivi et tableaux de bord associés aux dispositifs de protection des données.
• Réaliser des analyses de risques portant sur la sécurité des données sensibles.
• Participer aux ateliers techniques avec les équipes cybersécurité, infrastructures et métiers.
• Contribuer à l'amélioration continue du programme de Data Protection du Groupe.

Livrables attendus

• Dashboard de suivi des contrôles DLP.
• Documentation de conception et de paramétrage des contrôles.
• Modes opératoires et procédures associées.
• Analyses de risques et recommandations de sécurisation.
• Comptes rendus de workshops et ateliers techniques.
• KPI et reporting liés à la protection des données.

Qualifications

Compétences requises

• Expérience significative en cybersécurité avec une expertise forte en Data Loss Prevention (DLP).
• Maîtrise des problématiques de protection des données sensibles et de prévention des fuites d'information.
• Expérience de conception et de mise en œuvre de contrôles DLP.
• Bonne connaissance des mécanismes de classification et de gouvernance des données.
• Connaissance des méthodologies d'analyse de risques en cybersécurité.
• Capacité à évoluer dans des environnements complexes et internationaux.
• Excellentes capacités d'analyse, de communication et de collaboration.

Environnement technique

• Symantec Data Loss Prevention (DLP)
• Microsoft Purview DLP
• Microsoft Purview Information Protection
• Data Classification
• Data Protection
• Environnement Microsoft 365

Langues

• Anglais courant indispensable (écrit et oral).
• Échanges quotidiens avec des équipes internationales anglophones.

Additional Information

Pourquoi nous rejoindre ? 

• Un suivi de carrière réalisé par un manager tech avec des échanges réguliers ; 

• Des certifications techniques et soft skills en libre accès avec un objectif de 2 certifications minimum par an, des vouchers fournis et du coaching d’experts ; 

• Des partenaires technologiques de choix : Google, AWS, Microsoft, ServiceNow, Snowflake, MuleSoft, Outsystems, SAP, Databricks, Gitlab, … ; 

• Une trajectoire aux possibilités variées via la mobilité interne géographique, fonctionnelle et inter entité / tribu ou squad. 

• Des rôles internes pour construire votre carrière au sein du Groupe : manager, formateur interne, tech leader, digital champion, squad leader, … 

• Des contributions internes pour élargir vos compétences telles que les relations écoles, le recrutement, le commerce, la rédaction d’articles, l’animation de meet up ou de communauté, … 

• Un esprit de communauté fort, au travers d’événements internes et d’activités sportives et culturelles grâce à plus de 30 clubs Happiness@Devoteam, vous permettant de rencontrer vos collègues régulièrement et de partager vos passions ; 

• Une vision Tech for People qui s’incarne dans nos valeurs, nos pratiques responsables, notre programme de développement durable récompensé par le label Ecovadis et nos engagements forts avec notamment la Fondation Devoteam.

Comment se déroule le processus de recrutement chez Devoteam ?

Il comporte 2 à 3 entretiens :

• Talent Acquisition Interview : l'objectif est de faire le point sur vos compétences, votre niveau d'anglais et de valider vos éléments de motivation 

• Tech & Business Interview : cet entretien vise à approfondir vos compétences techniques et à vérifier leur adéquation avec nos besoins lors d'un échange avec un expert métier

• Leadership Interview : il permet d'évaluer votre potentiel, vos ambitions et d'envisager votre évolution au sein de Devoteam.

Nous privilégions au moins un entretien en présentiel. Une prise de référence est demandée et, selon votre profil, des tests (techniques, anglais, personnalité...) peuvent vous être adressés. Si votre candidature est retenue, nous vous faisons parvenir une proposition présentant les conditions d'embauche. En cas d'acceptation, le contrat de travail est formalisé.

Si vous partagez notre passion pour la technologie et que vous souhaitez construire le monde numérique responsable de demain, alors vous êtes peut-être le passionné que nous recherchons chez Devoteam.

Le Groupe Devoteam oeuvre pour l'égalité des chances, pour la promotion de ses collaboratrices et de ses collaborateurs au mérite et lutte activement contre toute forme de discrimination. Nous sommes persuadés que la diversité contribue à la créativité, au dynamisme et à l'excellence de notre organisation. Tous nos postes sont ouverts aux personnes en situation de handicap.

Responsibilities

• Pipeline Generation – Source and qualify new business opportunities that fit our ICP. Develop roughly 30% of your annual book of business. Advance inbound and partner generated opportunities. Maintain appropriate pipeline hygiene and coverage.
• Relationship Development – Gain a deep understanding of the target customer’s business, relevant processes and challenges. Ensure the right questions are being asked and answered. Bring unique value to every interaction.  Develop relationships with multiple buying personas within the account.
• Value Framing – Connect a prospect’s business objectives (both functional and corporate) with the Ketch solution. Do the math. Construct a compelling business case. Pain the picture of a better future. Tell the story.
• Sales Execution – Conduct effective account discovery. Apply MEDDPICC throughout the sales cycle. Develop pitch and proposal material as appropriate. Make responsible, effective use of company assets. Handle objections. Document activities in Salesforce. Drive opportunities to Closed/Won.
• Product Knowledge – Develop high-level functional and technical understanding of Ketch products.  Align product demonstrations to customer needs. 

Experience

• 5+ years of quota-carrying, consultative sales at a SaaS company in the data privacy or adtech/martech sectors

• 2+ years of average deal sizes in range from $150K to $500K

• 3 + years of proposal writing and pitch material development

Qualifications and Characteristics

• Demonstrated ability to translate a technical solution into measurable business value
• Results-driven mindset and proven ability to beat sales targets
• History of success in working as part of a virtual global team environment 
• Exceptional time management and people alignment skills
• Bachelor’s degree or equivalent
• Able to legally work in the United States
• English language fluency (spoken and written) 

TechOp Solutions International is seeking a Privacy Compliance Analyst to support a federal/DHS privacy and compliance program. The Privacy Compliance Analyst will assist with the development, review, coordination, and maintenance of federal privacy documentation and compliance artifacts, including Privacy Impact Assessments (PIAs), Privacy Threshold Analyses (PTAs), System of Records Notices (SORNs), Privacy Office Memoranda (POMs), and Authority to Operate (ATO)-related privacy documentation.

This role requires strong writing, attention to detail, and the ability to work with program offices, system owners, privacy officials, cybersecurity teams, and other stakeholders to ensure privacy compliance requirements are documented, tracked, and maintained in accordance with federal and DHS policy.

Responsibilities

• Support the preparation, review, and update of Privacy Impact Assessments (PIAs), Privacy Threshold Analyses (PTAs), and System of Records Notices (SORNs).
• Assist with privacy compliance reviews for federal systems, programs, initiatives, and data collections.
• Support privacy documentation related to ATO packages, including reviewing system information, data flows, personally identifiable information, and compliance requirements.
• Assist with drafting, updating, and coordinating Privacy Office Memoranda (POMs) and related compliance materials.
• Review program documentation to identify privacy risks, data handling concerns, and required privacy compliance actions.
• Coordinate with federal stakeholders, system owners, information security teams, and program offices to gather required information.
• Track privacy compliance deliverables, deadlines, approvals, and documentation status.
• Support internal privacy reporting, compliance tracking, and records management.
• Ensure documentation is clear, accurate, consistent, and aligned with applicable federal privacy policies and requirements.
• Assist with general privacy compliance support, research, meeting preparation, and action item tracking as needed.

Requirements

Minimum 2 years of experience supporting the federal government as a federal employee, contractor, or consultant.

Experience supporting federal privacy, compliance, information governance, cybersecurity compliance, records, or related program functions.

Working knowledge of one or more federal privacy compliance artifacts, including:

• Privacy Impact Assessments
• Privacy Threshold Analyses
• System of Records Notices
• Privacy Office Memoranda
• ATO/privacy compliance documentation

Strong technical writing, editing, and document review skills.

Ability to gather information from multiple stakeholders and turn it into clear compliance documentation.

Strong attention to detail and ability to manage multiple deadlines.

Proficiency with Microsoft Office, especially Word, Excel, Outlook, and Teams.

Ability to work professionally with federal clients, contractors, and cross-functional teams.

Preferred Qualifications

• Prior experience supporting DHS or a DHS component.
• Experience working with privacy offices, cybersecurity teams, system owners, or compliance programs.
• Familiarity with federal privacy laws, policies, and guidance, including the Privacy Act, E-Government Act, OMB privacy guidance, and DHS privacy policy.
• Experience reviewing system documentation, data flows, PII handling, or records notices.
• Experience supporting ATO, FISMA, RMF, or security authorization documentation from a privacy perspective.
• Active Public Trust or higher preferred.

Benefits

TechOp Solutions is an Equal Opportunity Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status.

At UniSystems, we are working towards turning digital visions into reality. We are continuously growing and we are looking for a Data Protection Compliance Expert to join our UniQue team.

What will you be doing in this role:

• Ensure compliance of IT operations with data privacy and data protection standards, laws and regulations.
• Assist in designing, implementing, auditing and compliance testing activities in order to Ensure data and privacy compliance.
• Advise on data protection matters, in particular in the context of personal data processing.
• Conduct privacy impact assessments.
• Write and/or review records of processing activity on personal data for data controllers and privacy statements.
• Develop, maintain, communicate and train upon the data privacy policies and procedures.
• Provide legal advice and guidance on data privacy and data protection standards, laws and regulations.
• Enforce and advocate organization’s data privacy and protection program.
• Ensure that data owners, holders, controllers, processors, subjects, internal or external partners and entities are informed about their data protection rights, obligations and responsibilities.
• Monitor audits and data protection related training activities.
• Develop and propose staff awareness training to achieve compliance and foster a culture of data protection within the organization.

Requirements

What do you need to succeed in this position?

• A Master's degree in a relevant field and at least 5 years of IT relevant professional experience and 4 years in a similar position.
• At least 5 years of personal data protection compliance experience in an ICT, EU institutional, public-sector or similarly technology-heavy environment, including hands-on work with real systems, services or processing activities.
• At least 3 years of hands-on experience preparing, updating or reviewing RoPAs, DPIAs, DPA, TIA or related personal data protection documentation for real systems or processing activities, including data mapping and obtaining or validating input from system owners, technical owners, architects, operations, cybersecurity/SOC teams or vendors.
• At least 2 years of experience analysing and documenting technical arrangements relevant to personal data protection, including access rights, privileged access, logs or SIEM/log exports, retention, hosting, data flows, support access, transfers, processors or subprocessors.
• Excellent knowledge and understanding of the EU data protection legislation and regulations.
• Excellent knowledge of data protection standards, policies, methodologies and frameworks.
• Excellent knowledge and understanding of legal, regulatory and legislative compliance requirements, recommendations and best practices.
• Excellent knowledge and understanding of IT Operations and IT Services delivery.
• Practical experience with privacy impact assessment standards, methodologies and frameworks .
• Practical experience writing and reviewing records of processing activity on personal data for data controllers and privacy statements.
• Required certificates, at least 3 of the among: CISA (Certified Information Systems Auditor), CISM (Certified Information Security Manager), GSNA (GIAC Certified Systems and Network Auditor), GCCC (GIAC Certified Critical Controls), ISO 27001 Lead implementer, ISO 27001 Lead Auditor, ISO 27005 Risk Manager, CAP ((ISC)2 Certified Authorization Professional), CRISC (ISACA Certified in Risk and Information Systems Control), CISSP-ISSMP ((ISC)2 Certified Information Systems Security Management Professional), GIAC Certified ISO-27000 Specialist or equivalent certification recognized internationally.
• Excellent command of spoken and written English (C1).

At Uni Systems, we are providing equal employment opportunities and banning any form of discrimination on grounds of gender, religion, race, color, nationality, disability, social class, political beliefs, age, marital status, sexual orientation or any other characteristics. Take a look at our Diversity, Equality & Inclusion Policy for more information.

Coinbase's Privacy team is hiring a Privacy Analyst to own the Privacy Incident Management function, reporting to the Head of Privacy. You'll partner across Privacy, Privacy Legal, Security, Product, Engineering, and Communications to triage incidents involving personal data, drive privacy analysis, coordinate remediation, and continuously improve how Coinbase responds to privacy incidents. This role is built for someone who thrives in ambiguity, drives cross-functional coordination during time-sensitive events, and builds durable process improvements in a fast-moving environment.

What you'll do:

• Own the end-to-end Privacy Incident Management program, including notification workflows, escalation paths, process documentation, responder enablement, and automation opportunities.
• Lead privacy incident response as the DRI and Incident Commander, coordinating across Privacy, Privacy Legal, CSIRT, Product, Engineering, and Communications to drive analysis, remediation, and follow-through.
• Maintain on-call readiness to support privacy incident triage, severity classification, and urgent escalations, ensuring incidents are correctly assessed and routed.
• Drive privacy incident retrospectives, track resulting remediation items and control gaps, and deliver incident metrics and reporting covering trends, remediation status, and process health.
• Build and maintain strong cross-functional and cross-geography stakeholder relationships to improve readiness, response quality, and business accountability.
• Support broader Privacy initiatives during lower-volume periods, including cross-functional efforts, tooling development, and automation projects.

Required Skills and Experience:

• 3+ years of experience in privacy, security, incident response, technology risk, or a related operational risk function, including direct experience leading or supporting incident, issue, or risk workflows requiring structured analysis, documentation, and cross-functional coordination.
• Strong incident management skills with experience communicating privacy risk and incident findings to both technical and non-technical audiences, including producing written incident analyses, retrospective documentation, and executive-level summaries.
• Proven track record of leading technical investigations within cloud-native architectures, with hands-on proficiency in SQL, Python, and data analysis tools (e.g., Postgres, MongoDB, Airflow, Looker, Snowflake).
• Demonstrated experience building automation to reduce manual operational tasks and improve incident response efficiency.
• Working knowledge of privacy regulations and frameworks (e.g., GDPR, CCPA, PIPEDA, ePrivacy, DPIAs/PIAs, ROPA, data subject rights) data subject rights, privacy controls, and privacy issue management.
• Utilizes and builds generative AI responsibly, maintaining human oversight to deliver business-ready outputs and drive measurable improvements in workflow efficiency, cost, and quality.

Position ID: P77364

#LI-Remote