Privacy and AI Governance Jobs

Solutions Lead, GRC & Trust (SOC 2, Privacy, & AI)

Location: Remote or Raleigh, NC

About Greenplaces

We’re on a mission to make sustainability and compliance a competitive advantage for businesses of all sizes - not just the Fortune 500. As global supply chains become increasingly scrutinized, Greenplaces helps companies navigate the complex web of reporting requirements from their own customers. Through our innovative software and services, we empower businesses to measure their carbon emissions and act as the definitive source of truth for all sustainability and compliance activity.

Headquartered in Raleigh, NC, with a distributed team across the country, we’re backed by world-class investors including Redpoint, Felicis, and Tishman Speyer. As our customers face mounting pressure to prove their "trustworthiness" to retain major contracts - responding to exhaustive questionnaires ranging from carbon footprints to data privacy - we are expanding our platform to become the comprehensive hub for corporate ESG and InfoSec compliance.

About the Role

We are looking for a Solutions Lead to help scale our delivery and execution as we expand into SOC 2, Data Privacy, and AI Security. This role is execution-heavy and hands-on. You will own the strategy for our compliance offerings, partner deeply with Engineering and Design, and help bring more predictability to how we solve complex trust hurdles for our customers.

You will work closely with the VP of Product and Tech to shape how compliance and privacy are practiced across the team. This is a senior individual contributor role with strong influence - acting as a consultant, entrepreneur, and project manager to build this function from the ground up.

What You’ll Own

• Ownership of our SOC 2 and Privacy compliance roadmap, from problem framing to tracking adoption.
• Gap analysis and consulting with clients to assess their InfoSec posture and provide actionable paths to certification.
• Internal playbook development, creating the checklists, policy templates, and controls that will be automated within our software.
• AI Security frameworks, defining security controls for AI implementation to help us and our clients manage the risks of emerging technology.
• Cross-functional collaboration with Design, Engineering, and Leadership to translate manual compliance tasks into scalable product features.

How You’ll Work

• Bring structure and clarity to the ambiguous and evolving space of AI security and data privacy.
• Focus on outcomes, ensuring our customers actually achieve compliance goals rather than just following "process theater".
• Operate pragmatically for a small, scrappy team, adapting formal audit processes to work for high-growth startups.
• Partner closely with Leadership to identify market needs and "sell" the value of our new GRC (Governance, Risk, and Compliance) offerings.

What Success Looks Like (First 6 Months)

• Client Confidence: Pilot customers feel aligned and effective in their journey toward SOC 2 or Privacy certification.
• Predictable output: Our compliance service is easier to plan around and consistently delivers value to clients.
• Healthy backlogs: You have identified and prioritized the technical and policy requirements needed for our platform expansion.
• Strong partnerships: You have built low-friction working relationships internally and externally.

About You

• Professional Services Excellence: 4+ years of experience in SOC 2, IT Audit, or Privacy consulting - ideally from a high-rigor environment (e.g., Big 4 / established regional firm) or a fast-paced compliance startup.
• Proven ability to own execution: You have a track record of building programs or products from scratch, not just providing high-level strategy.
• Entrepreneurial Mindset: You are comfortable working in ambiguity and enjoy the "zero-to-one" phase of a scale-up environment.
• AI Savvy: You have a solid understanding of how AI systems work and are comfortable collaborating on the technical tradeoffs of AI security risks.
• Analytical Skills: Strong ability to reason about complex data, workflows, and reporting requirements.

Nice to Haves

• Experience with compliance or other regulated product areas.
• Background in B2B software and an understanding of software infrastructure.
• Experience helping teams mature their practices during periods of rapid growth.
• CISA, CISSP, or CIPP certifications.

What We Offer

• A chance to make a meaningful impact on climate action and corporate trust.
• Flexible, unlimited paid time off and generous benefits.
• Equity packages for all employees.
• Annual team and department retreats.

Compensation: Base salary plus early-stage company equity.

Collective Health seeks a qualified, experienced Privacy Program Manager (Privacy Manager) to join our team. The Privacy Manager will manage day-to-day operations of the organization’s privacy program, including development and capture of program analytics, managing and performing privacy-related audits, responding to privacy incidents, and developing and implementing privacy-related policies and procedures. This role will focus on privacy issues relevant to health claims administration, data aggregations, and HIPAA business associate and state privacy law obligations. This role will act as a subject matter expert on health care privacy and technology. This role works cross-functionally with other members of the Legal, Compliance and Privacy teams and with business teams including Security, Engineering, Product, Customer Experience, and Data Analytics.

What you'll do:

• Manage and oversee the Privacy Program in collaboration with the Chief Compliance Officer
• Lead a small privacy team
• Act as a subject matter expert on HIPAA and state privacy laws and related internal processes to educate on and ensure compliance with applicable regulations
• Monitor and respond to privacy questions and incidents, including conducting investigations and documenting findings
• Develop and implement privacy-related policies, procedures, controls, and training materials
• Develop and lead privacy monitoring and auditing activities
• Develop and track data analytics related to success of the privacy program and regulatory compliance
• Guide and support staff and management on privacy-related matters
• Collaborate with the organization's legal and compliance teams to identify and mitigate privacy risks
• Conduct periodic assessments of the organization's privacy practices according to industry standards and best practices to identify areas for improvement
• Stay up-to-date on privacy-related laws, rules, and regulations that impact health care and technology organizations
• Maintain confidentiality and privacy of member health information
• Provide other support for the organization's privacy program as needed

To be successful in this role, you'll need:

• Bachelor's degree
• Master’s in Public Health, Health Care administration or a related field strongly preferred
• Minimum of 10 years of experience in healthcare privacy compliance
• Strong knowledge of HIPAA and state privacy laws
• Excellent analytical and problem-solving skills
• Ability to communicate effectively with all levels of the organization
• Strong attention to detail and ability to work independently while supporting a team
• Experience with health care claims administration preferred
• Certification in healthcare privacy compliance (CHPC) or health care compliance (CHC) preferred

Pay Transparency Statement

This is a hybrid position based out of one of our offices: Plano, TX, or Lehi, UT. Hybrid employees are expected to be in the office two days per week. #LI-hybrid

The actual pay rate offered within the range will depend on factors including geographic location, qualifications, experience, and internal equity. In addition to the salary, you will be eligible for 200,000 stock options and benefits like health insurance, 401k, and paid time off. Learn more about our benefits at https://jobs.collectivehealth.com/benefits/.

The Role

The Senior GRC Privacy Analyst sits within the Security Governance, Risk, and Compliance (GRC) team and plays a key role in advancing Iterable’s privacy program and supporting the organization’s security and compliance risk management efforts.

This hands-on, senior individual contributor is responsible for privacy operations and participates in rotational responsibilities, including third-party risk reviews, audit support, and customer trust and privacy inquiries. The role partners closely with Legal, the DPO, Security, Product, and business teams to ensure privacy and security risks are identified, assessed, and managed consistently, in alignment with privacy and regulatory requirements.

Key Responsibilities:

• Lead privacy operations within the Security GRC function by developing, implementing, and maintaining privacy program processes and documentation, including:
• Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs)
• Records of Processing Activities (ROPA) and data inventories
• Data Subject Access Requests (DSARs), in coordination with Legal, HR, and Marketing
• Privacy and compliance risk assessments aligned with GDPR, CCPA/CPRA, HIPAA, and other applicable global privacy laws
• Support privacy-by-design practices by embedding privacy considerations into GRC workflows, risk assessments, and third-party reviews
• Support the privacy risk register by providing input and context on privacy and security risks, and ensure key stakeholders, including Legal, the DPO, and business teams, are kept informed of risk status and updates
• Assist with third-country data transfer risk assessments (Transfer Impact Assessments), Legitimate Interest Assessments (LIAs), and related privacy evaluations in consultation with Legal and the DPO
• Participate in GRC rotational responsibilities, including third-party security and privacy vendor reviews and support for internal and external audits (e.g., SOC 2, ISO 27001), including evidence collection and remediation tracking
• Provide rotational support for customer trust and privacy inquiries, partnering with Sales and Customer Success on customer-requested DPIAs, privacy questionnaires, and data protection assessments
• Collaborate cross-functionally with Legal, the DPO, Product, Engineering, Security, and business teams to operationalize privacy and security requirements in a scalable, risk-based manner by providing innovative solutions and automation initiatives

The Ideal Candidate Will Be/Have:

• Strong experience with GDPR and global privacy operations in a SaaS or technology environment
• Hands-on experience with PIAs/DPIAs, ROPA, DSARs, and privacy risk assessments
• Experience with third-party risk management and security reviews
• Experience supporting customer trust and privacy inquiries
• Ability to analyze complex privacy and security issues and provide clear, actionable recommendations
• Familiarity with SOC 2, ISO 27001, and ISO 27701 audit processes
• Strong cross-functional communication and stakeholder management skills, including the ability to explain privacy and security risks to technical and non-technical audiences
• Highly organized with strong attention to detail and the ability to manage multiple priorities under tight deadlines
  
  

Nice to have/Bonus Points::

• Privacy certifications (CIPP/E, CIPP/US, CIPM, or similar)
• Experience with US state privacy laws (HIPAA, CCPA and others)
• Experience working at a SaaS company

What we offer

• Competitive salaries & meaningful equity
• Private Medical Insurance
• Life/Risk Assurance
• Meal Allowance: 8.55€ per day
• Community Days (days for us to give back to the community)
• Paid Annual Leave (22 days)
• Global Lifestyle Reimbursement Account
• Paid Sabbatical
• Complete laptop workstation

Intro to Position

NPR’s Office of the General Counsel seeks a highly skilled and collaborative attorney to serve as Senior Assistant General Counsel, Media Law & Data Privacy. This unique senior-level role bridges two critical areas of the organization, with a primary focus on supporting our award-winning newsroom and a significant secondary focus on global data privacy compliance. Reporting to the Deputy General Counsel (Head of Media Law & Distribution Rights), the successful candidate will provide high-level legal guidance and strategic oversight to ensure NPR’s content and data practices remain industry-leading and ethically grounded.

Responsibilities

This role is split between Media Law (approximately 60%) and Data Privacy (approximately 40%):

Media Law & Content Vetting (60%)

• Provide expert legal vetting for a wide range of high-stakes content across radio, audio-visual, and audio podcast formats.
• Advise newsroom and production teams on complex issues, including libel, privacy, copyright, newsgathering, recording, and First Amendment protections.
• Ensure compliance with FCC content-related regulations and navigate the complexities of multi-platform vetting.
• Lead NPR’s transparency work, including managing Freedom of Information (FOI) and access requests.
• Supervise and mentor the Media Law Fellow in their transparency and access assignments.
• Draft and negotiate sophisticated content-related agreements, such as releases, photo licenses, and freelance agreements.
• Develop and deliver media law training sessions for journalists and content creators.

Data Privacy (40%)

• Collaborate with in-house technology, business teams, and the Data Privacy Officer, as well as outside counsel on data privacy strategy, implementation, and compliance.
• Support the company-wide data privacy compliance program, including product counseling and Privacy Impact Assessments (PIAs).
• Manage data subject requests (DSRs) and oversee vendor due diligence from a privacy perspective.
• Assist with incident response planning, privacy-related claims, and litigation issues.
• Track and interpret federal, state, and global privacy regulations (e.g., GDPR, CCPA/CPRA) to determine implementation requirements alongside the Data Protection Officer.
• Design and execute privacy training programs for employees across the organization.

This role reports to the Deputy General Counsel, Head of the Media Law & Distribution Rights team.

The above duties and responsibilities are not an exhaustive list of required responsibilities, duties and skills. Other duties may be assigned, and this job description can be modified at any time.

Minimum Qualifications

• 10 years of media law and content vetting experience
• Juris Doctor from an accredited law school
• Active license to practice law in D.C. (or eligibility for admission in D.C. within one year)
• Proven experience vetting journalistic content and providing sound legal advice on content issues
• Proven experience managing data privacy compliance and legal strategy
• A comprehensive understanding of journalism ethics

Preferred Qualifications

• Litigation experience, particularly with libel, copyright, and/or FOI issues
• Prior in-house experience, specifically within a radio, television, or digital media environment
• Strong background in drafting and negotiating contracts and releases
• Demonstrated experience with non-commercial or public media

Education Requirements

• J.D. from an accredited law school

Work Location & Requirements

• Hybrid Permitted: This is a hybrid permitted role. The employee will be required to be in the office at the Washington, D.C location at least four (4) days a month. The employee must also reside in the Washington, D.C. / Maryland / Virginia region.

Required Skills/Competencies

• Legal Judgment: Ability to deliver clear, understandable, and decisive legal advice under tight deadlines.
• Resilience: A thoughtful and calm demeanor, especially when navigating high-pressure editorial or legal situations.
• Analytical Thinking: Ability to see a broad range of views and interpretations while remaining grounded in ethics.
• Communication: Excellent interpersonal skills with the ability to translate complex legal requirements for non-legal stakeholders.
• Leadership: Demonstrated ability to supervise junior staff (e.g., Fellows) and lead cross-functional projects.
• Adaptability: Proficiency in managing a dual-focus workload and prioritizing tasks across different legal disciplines.

Job Type

• This is a full-time, exempt position.

Compensation

Salary Range: The U.S. based anticipated salary range for this opportunity is $182,500-$215,000 plus benefits. The range displayed reflects the minimum and maximum salaries NPR expects to provide for new hires for the position across all US locations.

NPR Benefits: NPR offers access to comprehensive benefits for employees and dependents. Regular, full-time employees scheduled to work 30 hours or more per week are eligible to enroll in NPR’s benefits options. Benefits include access to health and wellness, paid time off, and financial well-being. Plan options include medical, dental, vision, life/ accidental death and dismemberment, long-term disability, short-term disability, and voluntary retirement savings to all eligible NPR employees.

Does this sound like you? If so, we want to hear from you.

Here's what to include when you apply

To ensure your application receives the attention it deserves, please include a copy of your current resume and a cover letter. Your cover letter must specifically address the following:

• Media Law Expertise: Detail your experience providing high-stakes legal vetting for journalistic content. Please highlight your approach to navigating libel, copyright, and newsgathering protections in a dynamic editorial environment.

• Data Privacy Strategy: Describe your knowledge of or experience with managing global compliance frameworks (such as GDPR and CCPA/CPRA).

#LI-Hybrid

About Moniepoint

Everyone has a dream, and achieving that is key to their happiness. Moniepoint Inc is on a mission to provide financial happiness for people of the world by powering the dreams of businesses, their employees and customers. Since 2015, we have grown to 1500 employees and process over $100 billion annually for 1.8 million merchants through our all-in-one digital financial services platform. Moniepoint Inc through its subsidiaries which include Moniepoint MFB and TeamApt ltd offers payments, banking, credit and business management tools. We currently process the majority of the POS transactions in Nigeria and are Africa’s second-fastest-growing fintech.

Curious about what makes Moniepoint an incredible place to work? Check out posts on how we cultivate a culture of innovation, teamwork, and growth.

About the role

At Moniepoint, data is the lifeblood of our financial operating system. The Head of Data Governance is a senior leadership role responsible for ensuring that this lifeblood is high-quality, secure, and accessible. You will architect and champion the enterprise-wide data governance framework, transforming how 13 million+ people’s data is managed and protected.
Reporting to the Head of Enterprise Data, you aren't just a policy writer; you are a cultural catalyst. You will lead a "virtual team" of Data Stewards across the company, ensuring that while they sit within diverse units like Finance or Sales, they operate with a unified, gold-standard approach to data accountability.

About You

The Architect: You don't just see data; you see the structures that make it reliable. You enjoy building blueprints that balance strict compliance with the speed required by a fast-growing fintech.
The Influencer: You excel in a "Hub and Spoke" model. You can lead and inspire teams that don’t report to you directly, turning departmental data stewards into a cohesive community.
The Tech-Fluent Leader: You speak "Engineering" as well as you speak "Business." You understand how to automate governance so it becomes a feature of the workflow, not a bottleneck.
Ethical Guardian: You are passionate about data privacy (GDPR/NDPR) and believe that responsible data management is a competitive advantage, not just a regulatory chore.

What you will get to do:

1. Strategic Leadership & Framework Design

• Governance Roadmap: Develop and execute a long-term strategy that aligns with Moniepoint’s mission to build the financial OS for emerging markets.
• Policy & Standards: Author and maintain global policies (Privacy, Retention, Naming Conventions) that are clear, actionable, and "Regular Guy" friendly.
• Operating Model: Define our domain-driven structure and clarify data ownership across the company to eliminate ambiguity.

2. Functional Leadership of the Stewardship Team

• Orchestration: Direct the strategic priorities of Business Unit Data Stewards, ensuring they have the tools and training to succeed.
• Community Building: Create a "Data Governance Academy" to onboard, certify, and mentor stewards across the organization.
• KPI Alignment: Set the functional goals that define what "good" looks like for data quality within each business unit.

3. Tech Stack & Automation Ownership

• Platform Strategy: Select and manage our governance platforms (e.g., Atlan, Collibra, or Microsoft Purview), ensuring they integrate seamlessly with our data lake.
• Metamodel Design: Configure tools to link business terms to physical technical assets, creating a transparent data lineage.
• Governance-as-Code: Partner with Data Engineering to automate quality checks and PII masking within the CI/CD pipeline.

4. Risk, Compliance & Culture

• Enterprise DQ Reporting: Build "Data Health Dashboards" for the Executive team to provide visibility into our data reliability.
• Change Management: Lead the cultural shift from "data is IT’s problem" to "data is a strategic business asset."
• Literacy Programs: Develop workshops to empower non-technical staff to read, interpret, and respect data.

Qualifications:

• Experience: 9+ years of leadership experience in Data Governance, Data Engineering, or Data Strategy within a high-growth environment.
• Technical Proficiency: Advanced SQL and Python skills are essential. You should be comfortable auditing a data platform directly and working with APIs for automation.
• Framework Expertise: Deep knowledge of modern data architectures (Data Mesh, Data Vault 2.0) and how to apply governance within them.
• Regulatory Knowledge: Intimate familiarity with NDPR, GDPR, and fintech-specific data regulations.
• Education: A Bachelor degree in Computer Science, Engineering, Mathematics, or a related quantitative field (or equivalent practical experience).

What Success Looks Like

• Initial 6 Months: A defined Data Governance roadmap is approved, and the first "Data Health Dashboard" is live for critical data elements.
• The 1-Year Mark: Every major business unit has a certified Data Steward, and automated lineage is active for our core financial products.
• Culture: Data Governance is no longer viewed as a "blocker" but as the foundation that allows our product teams to build faster and safer.
  

What we can offer you

• Culture - We put our people first and prioritise the well-being of every team member. We’ve built a company where all opinions carry weight and where all voices are heard. We value and respect each other and always look out for one another. Above all, we are human.
• Learning - We have a learning and development-focused environment with an emphasis on knowledge sharing, training, and regular internal technical talks.
• Compensation - You’ll receive an attractive salary, pension, health insurance, annual bonus, plus other benefits.

What to expect in the hiring process

• A preliminary phone call with the recruiter
• A technical panel interview with Department Leads
• Technical take-home assessment
• A behavioral and technical interview with a member of the Executive team
• All interviews stages are Virtual

Job Title: Sr. BA Data Governance

About Us

“Capco, a Wipro company, is a global technology and management consulting firm.

Awarded with Consultancy of the year in the British Bank Award and has been ranked Top 100 Best Companies for Women in India 2022 by Avtar & Seramount. With our presence across 32 cities across globe, we support 100+ clients across banking, financial and Energy sectors. We are recognized for our deep transformation execution and delivery.

WHY JOIN CAPCO?

You will work on engaging projects with the largest international and local banks, insurance companies, payment service providers and other key players in the industry. The projects that will transform the financial services industry.

MAKE AN IMPACT

Innovative thinking, delivery excellence and thought leadership to help our clients transform their business. Together with our clients and industry partners, we deliver disruptive work that is changing energy and financial services.

#BE YOURSELF AT WORK

Capco has a tolerant, open culture that values diversity, inclusivity, and creativity.

CAREER ADVANCEMENT

With no forced hierarchy at Capco, everyone has the opportunity to grow as we grow, taking their career into their own hands.

DIVERSITY & INCLUSION

We believe that diversity of people and perspective gives us a competitive advantage. Role Description

Location - Bangalore

Experience – 7+ years

We are seeking an experienced Senior Consultant with deep expertise in Data Governance and Data Management to support enterprise-wide data initiatives within the banking sector. The ideal candidate will help strengthen data quality, ensure regulatory compliance, and drive governance practices that align with banking industry standards.

Key Responsibilities - Data Governance & Regulatory Alignment

• Interpret and apply data governance policies, frameworks, and regulatory requirements (e.g., Basel, BCBS 239) across banking programs.

• Review and challenge data element definitions to ensure compliance, accuracy, and consistency with risk and reporting needs.

• Serve as a critical voice in governance discussions, ensuring alignment with organizational and regulatory objectives. Cross-functional Collaboration

• Partner with risk, compliance, finance, operations, and IT teams to ensure clarity and alignment on data governance expectations.

• Act as a liaison between business and technology teams to translate banking data requirements into actionable solutions.

• Engage senior domain owners to manage global/regional stakeholder relationships. Documentation & Communication

• Document and communicate data governance issues and recommendations clearly for stakeholders at all levels.

• Translate complex data governance and regulatory concepts into clear, actionable insights.

• Develop materials for senior leader communication, steering committees, and regulatory reviews. Data Cataloging & Data Quality Management

• Catalog data elements and lineage using enterprise metadata tools.

• Support classification of data aligned with risk and compliance taxonomies.

• Manage data quality rules, controls, and remediation initiatives relevant to banking operations.

• Monitor data quality issues impacting reporting, regulatory submissions, and customer information. Required Skills & Experience

• 7+ years of experience in Data Governance or Data Management, preferably within the banking or financial services industry.

• Strong ability to interpret and challenge governance policies and regulatory requirements.

• Exceptional verbal and written communication skills with the ability to influence stakeholders.

• Analytical thinker able to review and analyze complex data definitions and business rules.

• Experience managing stakeholders in matrixed environments.

• Proficiency in Microsoft Excel, Project, and PowerPoint.

• Experience with Data Governance tools such as Collibra or Informatica is a plus.

If you are keen to join us, you will be part of an organization that values your contributions, recognizes your potential, and provides ample opportunities for growth. For more information, visit www.capco.com. Follow us on Twitter, Facebook, LinkedIn, and YouTube.

THE ROLE

Join a high-impact team of innovators dedicated to architecting the cyber-resilience solutions that protect the world’s most critical data. As a Senior Solutions Engineer, you will bridge the gap between Pure Storage’s cutting-edge technology and our global ecosystem of data protection partners to build integrated, fail-safe infrastructures. You will act as a technical lighthouse, collaborating across Product Management and Engineering to transform complex hybrid-cloud challenges into validated, market-ready solutions that empower our customers to recover from anything.

---

WHAT YOU’LL DO

• Architect & Validate Cyber-Resilience Frameworks: Design and execute comprehensive test methodologies to validate Pure’s integration with partners like Veeam, Commvault, and Rubrik, ensuring our solutions meet the highest standards of performance and reliability.

• Engineer Hybrid-Cloud Infrastructure: Build and maintain sophisticated, automated lab environments spanning on-premise and public cloud (AWS/Azure) to simulate real-world recovery scenarios and "proof of concept" demonstrations.

• Drive Technical Enablement & Thought Leadership: Author high-visibility technical collateral, including Reference Architectures, white papers, and deep-dive blogs that translate complex I/O protocols and data workflows into actionable business value for global field teams.

• Lead Cross-Functional Solution Launches: Partner with Product Management and Marketing to define the cyber-solutions roadmap, ensuring technical engineering efforts align perfectly with go-to-market strategies and evolving customer security needs.

• Optimize Performance Ecosystems: Diagnose and tune I/O pathways across block, file, and object storage protocols to maximize throughput and efficiency within enterprise-scale data protection workflows.

---

WHAT YOU BRING

• Deep Data Protection Expertise: You possess mastery in deploying and managing enterprise-grade data protection platforms (such as Veeam, Commvault, or Rubrik) and a thorough understanding of snapshot, replication, and air-gapped recovery technologies.

• Full-Stack Infrastructure Fluency: You have a holistic command of the modern data center, including expert-level knowledge of Linux, virtualization (VMware/Nutanix), and container orchestration (Kubernetes/OpenShift) within hybrid cloud environments.

• Automation & Diagnostic Skills: You are proficient in scripting and infrastructure-as-code (Python, Bash, Ansible, or Terraform) to automate complex environments and possess the analytical rigor to troubleshoot intricate performance bottlenecks.

• Technical Communication Excellence: You have a proven ability to distill deep technical validation results into professional documentation and executive-level presentations that influence both engineers and decision-makers.

• Location: We are primarily an in-office environment and therefore, you will be expected to work from the {{OFFICE_LOCATION}} office in compliance with Pure’s policies, unless you are on PTO, or work travel, or other approved leave.

Would you like me to adjust the tone to be more aggressive for a high-growth market, or perhaps refine the "What You Bring" section for a specific regional requirement?

Primary Duties

• Impact: Balance short and long-term business impact by developing strategies

to manage risks.

•  People: Develop outstanding teams using a combination of world-class-hiring

and direct-timely-actionable feedback to develop security talent.

• Execution: Set aggressive yet clear goals and remove all roadblocks for the

team to achieve them.

• Collaboration: Develop strong relationships and work cross-functionally with

many partners across organizations and functions, and as a result, increase the

impact of the team’s work.

• Company: Work closely with company-wide leaders to drive excellence in our

processes and systems that protect patients, our employees, and Aledade as a

whole.

Minimum Qualifications

• BS (or higher) in Computer Science, Cybersecurity, Engineering, or equivalent experience

•  10+ years of experience in designing, building, or operating data protection services

•  7+ years of building and leading highly complex, technical security teams

Preferred KSA’s

• Developing and delivering a multi-year vision and strategy with incremental quarterly

• deliverables with cross-functional efforts that span multiple teams

•  Demonstrated proficiency in attracting, hiring, and coaching world-class engineers and

• managers

• Demonstrated experience in taking ownership of the technology decisions, while delegating and

• empowering team members.

• Working knowledge of health-tech systems, like Electronic Health Records, Clinical data, etc.

 

Domain specific KSA’s: 




Data Security: 

Proven leadership experience in managing data protection solutions, such as data security posture management (DSPM), data loss prevention (DLP) systems, encryption technologies, and data masking / anonymization techniques. 

Experience securing an ML, SaaS, or data-focused platform. 

Experience in data governance, data engineering, and associated technologies. 

Experience in cloud native application development and security models, particularly in AWS and Azure

Proficiency in SaaS Data Security, knowledge of secure cloud architecture design, cloud data protection mechanisms, and cloud identity and access management (IAM). 

Programming and Scripting Experience (Python, PowerShell, Shell Scripting, Ruby, Go). 

Experience with data protection and governance technologies, e.g., Data Discovery, Data Inventory/Catalogs, Certificate and Key Management, Database Encryption, and Database Activity Monitoring.

Physical Requirements

• Sitting for prolonged periods of time. Extensive use of computers and keyboard. Occasional walking and lifting may be required.

This role is for one of the Weekday's clients

Salary range: Rs 850000 - Rs 2050000 (ie INR 8.5-20.5 LPA)

Min Experience: 4 years

Location: Ahmedabad

JobType: full-time

We are seeking a detail-oriented and strategic Data Privacy & Compliance Manager to lead the organization’s data protection initiatives and ensure adherence to global and regional regulatory frameworks. In this role, you will be responsible for building, implementing, and managing comprehensive privacy programs that align with business objectives while safeguarding sensitive data. You will work closely with cross-functional teams including technology, product, legal, and leadership to embed privacy-by-design principles into systems and processes. The role requires a strong understanding of evolving data protection laws, compliance standards, and risk management practices, along with the ability to translate regulatory requirements into actionable policies and controls. As a key stakeholder in governance and compliance, you will drive audit readiness, manage third-party risks, and ensure the organization maintains the highest standards of data security and privacy in a dynamic and fast-paced environment.

Requirements

Key Responsibilities

• Implement and manage compliance with global and Indian data privacy regulations such as GDPR, CCPA, DPDPA, and IT Act
• Build and maintain frameworks including RoPA, DPIA/PIA, data mapping, data classification, and DSAR workflows
• Develop, review, and update privacy policies, consent mechanisms, and breach management procedures
• Lead compliance initiatives for standards such as ISO 27001, ISO 27701, ISO 22301, SOC 2, and PCI DSS
• Review, draft, and negotiate contracts across SaaS, fintech, BFSI, and commercial domains
• Conduct vendor due diligence and third-party risk assessments
• Collaborate with internal teams to implement privacy-by-design across products and systems
• Support internal and external audits, risk assessments, and regulatory compliance activities
• Monitor changes in regulatory landscapes and ensure proactive compliance readiness

What Makes You a Great Fit

• Strong expertise in global and Indian data privacy laws and regulatory frameworks
• Hands-on experience with compliance standards such as ISO, SOC 2, and PCI DSS
• Proven ability to design and implement privacy frameworks and governance models
• Experience in policy drafting, contract review, and legal documentation
• Familiarity with privacy tools such as OneTrust, TrustArc, BigID, or Securiti
• Strong analytical, risk assessment, and problem-solving skills
• Excellent communication and stakeholder management abilities
• Experience working cross-functionally with technology, legal, and business teams
• Relevant certifications such as ISO 27001, CIPP, CIPM, CIPT, or DPO certifications are a plus

Skills

• GDPR, CCPA, DPDPA, IT Act
• Data Privacy & Compliance
• RoPA & Data Mapping
• Data Classification & DSAR
• ISO / SOC2 / PCI DSS
• OneTrust, TrustArc, BigID
• Risk Assessment & Audit
• Policy & Contract Management

This role is for one of the Weekday's clients

Salary range: Rs 1200000 - Rs 2500000 (ie INR 12-25 LPA)

Location: Ahmedabad 

Experience: 4–8+ years 

Role Type: Full-time 

We are seeking an experienced Data Privacy & Compliance Manager to oversee privacy operations, ensure adherence to regulatory requirements, and manage comprehensive data protection frameworks throughout the organization.

Requirements

Key Responsibilities

• Implement and oversee compliance with GDPR, CCPA, DPDPA, and the IT Act.
• Develop and maintain RoPA, DPIA/PIA, Data Mapping, Data Classification, and DSAR processes.
• Create and update privacy policies, consent frameworks, and breach management SOPs.
• Lead compliance efforts for ISO 27001/27701/22301, SOC 2, and PCI DSS standards.
• Review, draft, and negotiate contracts related to SaaS, fintech, BFSI, and commercial sectors.
• Perform vendor due diligence and conduct security assessments for third parties.
• Collaborate with technology, product, and leadership teams to embed privacy-by-design principles.
• Assist with audits, risk assessments, and maintaining regulatory readiness.

Required Skills

• In-depth knowledge of both global and Indian privacy regulations.
• Practical experience working with ISO, SOC 2, and PCI DSS standards.
• Exceptional skills in policy drafting and contract review.
• Proficiency with tools such as OneTrust, TrustArc, BigID, and Securiti.
• Strong communication abilities and expertise in stakeholder management.

Preferred Certifications

• ISO 27001 certification
• GDPR and CCPA certifications
• CT-DPO, CIPP, CIPM, or CIP credentials

About the role

We're seeking an exceptional seasoned Privacy Engineer to join our growing privacy engineering team and help scale our privacy infrastructure as we navigate the transformative AI landscape. As one of our first dedicated privacy engineers, you'll have an outsized impact in shaping how Anthropic builds world-class privacy into our AI systems from the ground up.

This is a seasoned individual contributor role where you'll provide technical and cultural leadership, architect innovative privacy-preserving systems, and drive implementation of cutting-edge privacy technologies across our AI infrastructure. You'll work at the intersection of privacy engineering, AI safety, and distributed systems to solve novel challenges in protecting user data at scale.

Responsibilities:

• Design and implement privacy-preserving architectures for AI training and inference systems handling billions of conversations, leveraging differential privacy, federated learning, and secure multi-party computation
• Partner with AI researchers to implement privacy-preserving training methodologies that maintain model quality while protecting user data
• Build foundational privacy infrastructure including automated data discovery, classification, access controls, audit logging, and lifecycle management systems
• Translate complex regulatory requirements (GDPR, CCPA, HIPAA, EU AI Act) into actionable technical implementations and automated compliance controls
• Architect comprehensive data governance platforms for tracking data lineage, purpose limitation, and retention across distributed AI systems
• Lead technical privacy reviews and threat modeling for new AI models and features, identifying risks and architecting scalable mitigations
• Collaborate with product and infrastructure teams to embed privacy controls into Claude's inference systems, user interfaces, and data pipelines
• Develop privacy engineering toolkits and frameworks that enable all engineers to build privacy-preserving features by default
• Design and implement privacy-preserving analytics and measurement systems that provide insights while protecting individual user privacy
• Research and evaluate emerging privacy technologies from academia and industry, contributing to open-source tools and AI privacy standards
• Act as consultant and advocate for privacy best practices as central to our mission of AI safety

You might be a good fit if you:

• 10+ years of professional software engineering experience (not including internships and co-ops)
• 5+ years of experience focused on privacy, security, or data protection
• Deep expertise in privacy engineering principles: privacy by design, data minimization, purpose limitation
• Strong programming skills in Python, Go, or similar languages with experience building production systems at scale
• Experience with privacy-enhancing technologies (differential privacy, homomorphic encryption, secure enclaves)
• Proven track record of designing and implementing privacy infrastructure serving millions of users
• Expertise in data governance, classification, and lifecycle management systems
• Strong understanding of privacy regulations (GDPR, CCPA) and ability to translate legal requirements into technical solutions
• Experience conducting privacy reviews, threat modeling, and risk assessments
• BS/MS in Computer Science, Engineering, or equivalent practical experience

Deadline to apply: None. Applications will be reviewed on a rolling basis.

About the role

We're seeking an exceptional seasoned Privacy Engineer to join our growing privacy engineering team and help scale our privacy infrastructure as we navigate the transformative AI landscape. As one of our first dedicated privacy engineers, you'll have an outsized impact in shaping how Anthropic builds world-class privacy into our AI systems from the ground up.

This is a seasoned individual contributor role where you'll provide technical and cultural leadership, architect innovative privacy-preserving systems, and drive implementation of cutting-edge privacy technologies across our AI infrastructure. You'll work at the intersection of privacy engineering, AI safety, and distributed systems to solve novel challenges in protecting user data at scale.

Responsibilities:

• Design and implement privacy-preserving architectures for AI training and inference systems handling billions of conversations, leveraging differential privacy, federated learning, and secure multi-party computation
• Partner with AI researchers to implement privacy-preserving training methodologies that maintain model quality while protecting user data
• Build foundational privacy infrastructure including automated data discovery, classification, access controls, audit logging, and lifecycle management systems
• Translate complex regulatory requirements (GDPR, CCPA, HIPAA, EU AI Act) into actionable technical implementations and automated compliance controls
• Architect comprehensive data governance platforms for tracking data lineage, purpose limitation, and retention across distributed AI systems
• Lead technical privacy reviews and threat modeling for new AI models and features, identifying risks and architecting scalable mitigations
• Collaborate with product and infrastructure teams to embed privacy controls into Claude's inference systems, user interfaces, and data pipelines
• Develop privacy engineering toolkits and frameworks that enable all engineers to build privacy-preserving features by default
• Design and implement privacy-preserving analytics and measurement systems that provide insights while protecting individual user privacy
• Research and evaluate emerging privacy technologies from academia and industry, contributing to open-source tools and AI privacy standards
• Act as consultant and advocate for privacy best practices as central to our mission of AI safety

You might be a good fit if you:

• 8+ years of professional software engineering experience (not including internships and co-ops)
• 5+ years of experience focused on privacy, security, or data protection
• Deep expertise in privacy engineering principles: privacy by design, data minimization, purpose limitation
• Strong programming skills in Python, Go, or similar languages with experience building production systems at scale
• Experience with privacy-enhancing technologies (differential privacy, homomorphic encryption, secure enclaves)
• Proven track record of designing and implementing privacy infrastructure serving millions of users
• Expertise in data governance, classification, and lifecycle management systems
• Strong understanding of privacy regulations (GDPR, CCPA) and ability to translate legal requirements into technical solutions
• Experience conducting privacy reviews, threat modeling, and risk assessments
• BS/MS in Computer Science, Engineering, or equivalent practical experience

Deadline to apply: None. Applications will be reviewed on a rolling basis.

What’s in it for you?

Compliance operations and audit readiness

• Own and manage controls across SOC 2 Type II, ISO 27001, GDPR, and HIPAA frameworks, maintaining an up-to-date control landscape and evidence inventory.

• Coordinate and support external audits end-to-end — from audit scoping and evidence preparation to auditor walkthroughs and post-audit remediation tracking.

• Manage compliance tracking across Google Workspace (Sheets, Drive, Docs, Gmail) — maintaining structured control registers, evidence repositories, and policy documentation.

• Send and track corrective action communications to control owners, following up through resolution and maintaining a clear audit trail.

• Conduct periodic internal compliance reviews and produce structured reports for leadership.

Technical security and vulnerability management

• Participate in Vulnerability Assessment and Penetration Testing (VAPT) cycles — reviewing findings, contextualising them for engineering teams, and tracking remediation to closure.

• Monitor and triage security findings from external risk and rating platforms including SecurityScorecard, Panorays, UpGuard, Whistic, ProcessUnity, Qualys SSL Labs, and similar sources.

• Act as the liaison between the security team and engineering — translating security findings into actionable tickets in Jira, validating fixes post-sign-off, and gradually taking ownership of resolutions.

• Maintain a working knowledge of common vulnerability classes (OWASP Top 10), exploits, and secure architecture patterns relevant to cloud-hosted SaaS platforms.

• Support cloud security reviews and configuration assessments on AWS (primary) and GCP, with an understanding of IAM, network security groups, storage controls, and logging configurations.

Compliance automation and AI-assisted workflows

• Build and maintain Python-based automation scripts that collect compliance evidence from internal systems, APIs, and Google Workspace — reducing manual evidence gathering for external audits.

• Develop automated email workflows and scheduled reports that keep control owners, team leads, and leadership informed of compliance status, upcoming obligations, and open remediation items.

• Create and maintain compliance dashboards that provide a real-time view of control health, audit readiness, and key risk indicators.

• Progressively design and deploy AI-assisted internal audit workflows — acting as the orchestrator of agentic pipelines that perform control checks, generate evidence summaries, and flag anomalies for human review.

• Leverage AI-assisted coding tools such as Cursor and Claude Code to accelerate development of automation and internal tooling.

Cross-functional collaboration and programme hygiene

• Collaborate with Engineering, DevOps, Legal, and HR teams to ensure controls are implemented, tested, and documented in alignment with framework requirements.

• Maintain and periodically review information security policies, procedures, and standards in Google Docs, ensuring they remain current and aligned with framework controls.

• Coordinate access reviews, vendor security assessments, and third-party risk evaluations as part of the ongoing compliance calendar.

• Support onboarding and awareness initiatives by contributing to security training content and policy communications.

We’d love to hear from you, if you:

Experience and background

• 2–3 years of hands-on experience in information security, GRC (Governance, Risk and Compliance), or a security-adjacent technical role.

• Demonstrated experience working with at least one major compliance framework (SOC 2, ISO 27001, GDPR, or HIPAA) — including evidence collection, control testing, or audit support.

• 1+ year of programming experience, with practical Python skills for scripting, automation, or data processing tasks.

• Exposure to cloud platforms, with working knowledge of AWS services (IAM, S3, CloudTrail, Security Hub, or equivalent) and basic familiarity with GCP.

Technical security knowledge

• Understanding of common vulnerability classes, OWASP Top 10, and secure development principles sufficient to contextualise findings and communicate them to engineering teams.

• Familiarity with VAPT processes — including scoping, findings review, and remediation validation.

• Basic understanding of network security concepts: TLS/SSL, DNS, firewalls, VPNs, and cloud-native security controls.

• Working knowledge of authentication and identity concepts: SSO, OAuth 2.0, SAML, IAM, RBAC, and MFA.

• Ability to read and interpret security findings from external platforms such as SecurityScorecard, Qualys, or similar security rating and scanning tools.

Tooling and workflow

• Proficient in Google Workspace — comfortable using Sheets for control tracking and mapping, Drive and Docs for policy and evidence management, Gmail for formal communications and sign-offs, and Calendar for compliance scheduling.

• Experience using Jira for cross-functional issue tracking and Slack for team collaboration.

• Comfortable writing Python scripts for automation, data extraction, API integrations, or report generation.

• Exposure to or genuine curiosity about AI tooling, LLMs, and agent-based workflows.

Soft skills and working style

• Strong written communication skills — able to draft clear policy documents, corrective action notices, and executive summaries.

• Methodical and organised — able to manage multiple concurrent workstreams, deadlines, and stakeholders without losing detail.

• Comfortable with ambiguity and ad-hoc requests in a fast-paced SaaS environment.

• Proactive and self-driven — able to identify gaps, propose solutions, and execute independently once direction is set.

Good to have:

• Certifications: CISA, CISSP, CEH, CompTIA Security+, or any recognised AI / machine learning certification.

• Experience building or interacting with AI agents, LLM-based pipelines, or automation using frameworks such as LangChain or LangGraph.

• Hands-on experience with AI-assisted development tools such as Cursor or Claude Code.

• Familiarity with third-party risk and security rating platforms (SecurityScorecard, Panorays, UpGuard, Whistic, ProcessUnity).

• Prior experience with GCP services for development or workflow automation.

• Understanding of data privacy principles under GDPR and HIPAA, including data classification, retention policies, and subject rights processes.

• Exposure to SAST/DAST tooling, container security, or cloud security posture management (CSPM).

The Security & IT organization is in the middle of a significant transformation — expanding scope, standing up new functions, and hiring senior leaders across security operations, GRC, and IT. This role reports into the Office of the CTO and is the operational connective tissue for the entire organization. You'll own the operating cadences, executive reporting, budget governance, and program management practice that keep the machine running — so the Head of Security & IT can focus on strategy, risk decisions, and the external-facing mission of the organization.

This role sits at the intersection of Security, IT, and adjacent domains like Privacy and GRC. You work with engineering leaders on execution, with TPMs on strategic programs, and with the Head of Security & IT on whether strategy is actually translating into outcomes. Critically, you are not just an orchestrator — you are a strategic thought partner and a hands-on builder. You should be as comfortable pressure-testing whether a strategy is achievable as you are standing up a new program from scratch.

What You'll Be Doing

• Operationalize the Security & IT strategy across teams — you are the cross-cutting accountability layer that ensures roadmap items are progressing, risks are being burned down, and when the executive team asks "where are we on X?" you either know the answer or are driving closure
• Pressure-test the Security & IT strategy against organizational reality — you bring a point of view on whether what we're planning is achievable, correctly prioritized, and resourced. You shape the strategy, not just execute it
• Develop and drive key programs directly — when the organization needs to stand up a new capability — or when you proactively identify that one should exist (e.g., insider threat, security awareness, threat intelligence) — you define the approach, build it to a stable operating state, and transition it to the right team to own long-term
• Own the operating rhythms across the entire organization — MBRs, QBRs, planning cadences, delivery tracking, executive reporting, and budget governance — giving the Head of Security & IT consistent visibility and removing operational overhead from their plate
• Manage the TPM practice: directly managing Security, IT, and Privacy TPMs — developing them as strategic program leaders who can independently drive programs across their domains
• Partner with compliance and risk leadership and incoming senior hires to ensure new functions plug into the operating rhythm and risk priorities are connected to planning and resource allocation
• Represent the Security & IT portfolio in cross-functional and executive forums — translating complex, multi workstream status into something leadership can act on

What you should have

• 10+ years in technology program management or operations, with meaningful time inside security, IT, or adjacent organizations
• Deep familiarity with security and IT as disciplines — you don't need to be a security engineer, but you've spent enough time in these domains to understand the risk landscape, speak the language credibly with practitioners, and know when something doesn't add up
• You bring strategic judgment, not just operational rigor — you can look at a strategy, identify what's wrong or missing, and shape it before translating it into sequenced work across multiple teams
• You've personally stood up programs or capabilities from scratch and handed them off — you know what it takes to go from "we don't have this yet" to "this is running and someone else can own it," and you thrive in that kind of ambiguity
• You've managed TPMs or program managers and built a practice that operates as a strategic force multiplier, not a project tracking function
• Experience in consumer tech, gaming, or social platforms — understanding the speed and operating model of companies like Discord
• Familiarity with GRC frameworks and risk management — enough to sit with compliance and risk leadership and represent the portfolio without needing to escalate every question
• A love for helping & empowering others

Candidates must reside in or be willing to relocate to the San Francisco Bay Area (Alameda, Contra Costa, Marin, Napa, San Francisco, San Mateo, Santa Clara, Solano, and Sonoma counties). Relocation assistance may be available.

The US base salary range for this full-time position is $400,000 to $450,000 + equity + benefits. Our salary ranges are determined by role and level. Within the range, individual pay is determined by additional factors, including job-related skills, experience, and relevant education or training. Please note that the compensation details listed in US role postings reflect the base salary only, and do not include equity, or benefits.

We are looking for a Senior Data Protection Engineer to lead and expand our data protection capabilities, ensuring the Coinbase ecosystem remains resilient against sophisticated security threats. You will be responsible for executing a long-term strategy that balances robust security controls with the speed of a decentralized tech environment. You will leverage an automation-first mindset, utilizing LLMs and agentic AI to build scalable, next-gen Data Loss Prevention operations while collaborating cross-functionally to mitigate risk and ensure global regulatory compliance.

What you’ll be doing (ie. job duties):

• Lead and expand data loss prevention capabilities to protect Coinbase ecosystem from sophisticated data security incidents
• Execute the long term strategy for the Data prevention program to harden security posture against data security threats
• Evaluate and direct complex designs/controls across a decentralized tech environment to promote security without impeding the speed of business
• Implement and deploy DLP tools and technologies in concert with cross functional teams (ie. endpoint security, information technology, and others)
• Enhance operational efficiency across a wide array of DLP Engineering & Operations leveraging LLMs and agentic AI
• Bring an automation first mindset to champion and drive a more streamlined and scalable approach towards DLP operations
• Produce quantitative and qualitative metrics to apprise Data Protection Leadership of programmatic impact and challenges
• Collaborate across Security and Privacy Teams and lead cross functional data protection initiatives
• You’ll lead a culture of excellence by mentoring peers and share knowledge
• You’ll collaborate with cross functional teams like engineering, product development, compliance to ensure timely remediation
• Work in concert with risk teams to measure control effectiveness and address changes in laws/regulations globally

What we look for in you (ie. job requirements):

• You are an experienced security engineering the data protection space who can deliver measurable results
• You have the technical acumen to solve operational issues with an engineering solution
• You have direct experience testing, tuning, and implementing data loss prevention controls across multiple OS stack
• You are comfortable manipulating and orchestrating controls to address multiple operating systems (iOS / Chrome) and decentralized datasets
• You are adept at creating scalable processes, automating where possible, and leveraging ML/AI where feasible to maximize efficiency
• You can be trusted to be discreet and thoughtful while working cross functionally to mitigate risk
• You are actively aware of the insider threat landscape, and understand the legal, regulatory, and ethical considerations of working with sensitive data across a global enterprise
• You have experience with Insider Threat technologies (such as Security Information Event Management - SIEM, User Behavioral Analytics - UBA, Data Loss Prevention - DLP) and an understanding of investigations and/or the intelligence cycle
• You have excellent verbal and written communication skills. Other team members ask for your input to communicate clearly and concisely and you are comfortable composing briefs and assessments consumed by leadership
• You prefer to play as a team and are equally comfortable as the ‘novice’ or the ‘expert’
• Business acumen: Proven understanding of business dynamics, goals, and product strategy. Knowledge of how Security fits into Coinbase’s overall business.
• The ability to balance business needs, a sense of urgency, conflicting constraints, and shipping high quality and pragmatic solutions in a fast-moving and quickly-growing company.
• Demonstrates the ability to responsibly use generative AI tools and copilots (e.g., LibreChat, Gemini, Glean) in daily workflows, continuously learn as tools evolve, and apply human‑in‑the‑loop practices to deliver business‑ready outputs and drive measurable improvements in efficiency, cost, and quality.

Nice to haves:

• 5+ years of security engineering experience solving complex security challenges across enterprise-wide DLP Programs
• Solving operational problems leveraging engineering / automation first mindset
• Experience in Web3 and crypto forward organizations or traditional financial institutions

Job ID: P75878

#LI-Remote

The ACLU seeks an Undergraduate Intern in the Privacy & Data Governance Unit, of the ACLU’s National office in New York. This internship is hybrid.

Qualifying applicants must currently be matriculated undergraduate students or an equivalent combination of education and/or experience and must be based in the U.S. for the entire duration of the internship and must be based in the U.S. for the entire duration of the internship.

The Team:

The Privacy & Data Governance Unit at the National ACLU has an opening for a Privacy & Data Governance Internship in New York, NY or remote. The Privacy and Data Governance Unit enables the ACLU to honor individual privacy and choice, protects data in our possession, and strives to become a leader in non-profit data governance practices. Our objectives are to center individual choice and transparency in our data practices, enable effective communication operations (e.g., advocacy, fundraising, organizing) by ensuring data is accurate and reflects individual choice, and ensure our policies, processes, and practices comply with legal requirements and industry best practices. The Privacy & Data Governance Intern will participate in cutting edge-policy research to safeguard privacy and free speech and promote social justice in the digital world. Interns will have the opportunity to gain valuable experience by working alongside the team assisting in all aspects of privacy and data governance administration including working on various privacy implementation projects, consumer privacy law research, and help author reports and presentations. At times, work may arise that gives interns the opportunity to work across National’s broad program areas and with our affiliate colleagues on AI, consumer privacy, and surveillance and technology issues.

What You’ll Do:

The intern will have the opportunity to gain valuable experience by working with the Privacy & Data Governance Unit.

Your Day to Day

• Conducting research on trends in the privacy regulation landscape, including proposed privacy legislation across the US, and leading practices for strengthening data protection practices
• Prepping for, attending, and contributing to Program Team and Working Group meetings
• Reviewing ACLU data practices and working with Departments to strengthen those practices
• Drafting memoranda, reports, and presentations
• Researching best practices for data de-identification, data minimization, and delivering data subject rights
• Researching and drafting materials for staff education
• Legislative bill tracking and analysis

What You’ll Bring:

• Knowledge of data governance principles and practices, including data confidentiality and privacy considerations
• Understanding of the current privacy regulation landscape in the United States
• Understanding of data management systems and how they operate (preferred)
• Knowledge of non-profit management and operations (preferred)
• Experience working with a diverse group of stakeholders and facilitating consensus-based decisions
• Experience developing compliance strategies (preferred)
• Ability to work independently as well as part of a team
• Excellent communication skills, verbal and written, including the ability to compose, edit, and proof correspondence and documents
• Attention to detail, excellent organizing and time-management skills
• Proficiency in Microsoft Office Suite

Future ACLU-ers Will:

• Be committed to advancing the mission of the ACLU
• Center and embed the principles of equity, inclusion and belonging in their work by demonstrating commitment to diversity with an approach that respects and values multiple perspectives
• Be committed to work collaboratively and respectfully toward resolving obstacles and conflict

Internship Logistics:

• Location: Our internship program offers a limited number of remote or hybrid intern positions. This internship is full-time and hybrid from our NYC National office.
• Time Commitment: Full-time (35 hours/week)
• Internship Duration: Full-time internships require a commitment of 10 consecutive weeks. This internship has a start date of: May 26th or June 8th.
• Stipend: A stipend is available for students who are lawfully authorized to work. Arrangements can be made with educational institutions for work/study or course credit.
  • Below is the stipend rate:
    • $20/hr for undergraduate students or equivalent experience

Why the ACLU:

For over 100 years, the ACLU has worked to defend and preserve the individual rights and liberties guaranteed by the Constitution and laws of the United States. Whether it’s ending mass incarceration, achieving full equality for the LGBTQ+ community, establishing new privacy protections for our digital age, or preserving the right to vote or the right to have an abortion, the ACLU takes up the toughest civil liberties cases and issues to defend all people.

Our Commitment to Accessibility, Equity, Diversity and Inclusion

Accessibility, equity, diversity, and inclusion are core values of the ACLU and central to our work to advance liberty, equality, and justice for all. For us diversity, equity and inclusion are not just check-the-box activities, but a chance for us to make long-term meaningful change. We are a community committed to learning and growth, humility and grace, transparency and accountability. We believe in a collective responsibility to create a culture of belonging for all people within our organization – one that respects and embraces difference; treats everyone equitably; and empowers our colleagues to do the best work possible. We are as committed to anti-oppression and anti-racism internally as we are externally. Because whether we’re in the courts or in the office, we believe ‘We the People’ means all of us.

With this commitment in mind, we strongly encourage applications from all qualified individuals without regard to race, color, religion, gender, sexual orientation, gender identity or expression, age, national origin, marital status, citizenship, disability, veteran status and record of arrest or conviction, or any other characteristic protected by applicable law.

The ACLU is committed to providing reasonable accommodation to individuals with disabilities. If you are a qualified individual with a disability and need assistance applying online, please email benefits.hrdept@aclu.org. If you are selected for an interview, you will receive additional information regarding how to request accommodations for the interview process.

In order to be considered for this position, all candidates must formally submit an application. The ACLU does not accept unsolicited calls or emails from candidates regarding their application status.

We are looking for a Data Protection Engineer (L4) to help implement and maintain our data protection capabilities, ensuring the Coinbase ecosystem remains resilient against security threats. You will contribute to our data protection strategy, helping to balance strong security controls with the speed of a decentralized tech environment. You will focus on automating data protection operations, utilizing tools including LLMs and agentic AI, to build scalable Data Loss Prevention (DLP) solutions. You will work with other teams to mitigate risk and ensure compliance with global regulations.

What you’ll be doing (ie. job duties):

• Support and expand data loss prevention capabilities to protect Coinbase ecosystem from sophisticated data security incidents
• Support execution of the long term strategy for the Data prevention program to harden security posture against data security threats
• Implement and maintain complex designs/controls across a decentralized tech environment to promote security without impeding the speed of business
• Implement and deploy Data Protection tools and technologies in concert with cross functional teams (ie. endpoint security, information technology, and others)
• Demonstrate operational efficiency across a wide array of DLP Engineering & Operations leveraging LLMs and agentic AI
• Bring an automation first mindset to champion and drive a more streamlined and scalable approach towards DLP operations
• Produce quantitative and qualitative metrics to apprise Data Protection Leadership of programmatic impact and challenges
• Collaborate across Security and Privacy Teams and lead cross functional data protection initiatives
• Collaborate with cross functional teams like engineering, product development, compliance to ensure timely remediation
• Work in concert with risk teams to measure control effectiveness and address changes in laws/regulations globally

What we look for in you (ie. job requirements):

• You are an experienced security engineer in the data protection space who can deliver measurable results
• You have the technical acumen to solve operational issues with an engineering solution
• You have direct experience testing, tuning, and implementing data prevention controls across multiple OS stack
• You are comfortable manipulating and orchestrating controls to address multiple operating systems (iOS / Chrome) and decentralized datasets
• You are adept at creating scalable processes, automating where possible, and leveraging ML/AI where feasible to maximize efficiency
• You can be trusted to be discreet and thoughtful while working cross functionally to mitigate risk
• You are actively aware of the insider threat landscape, and understand the legal, regulatory, and ethical considerations of working with sensitive data across a global enterprise
• You have experience working and building Insider Threat technologies (such as Security Information Event Management - SIEM, User Behavioral Analytics - UBA, Data Loss Prevention - DLP) and an understanding of investigations and/or the intelligence cycle
• You have excellent verbal and written communication skills. Other team members ask for your input to communicate clearly and concisely and you are comfortable composing briefs and assessments consumed by leadership
• Business acumen: Proven understanding of business dynamics, goals, and product strategy. Knowledge of how Security fits into Coinbase’s overall business.
• The ability to balance business needs, a sense of urgency, conflicting constraints, and shipping high quality and pragmatic solutions in a fast-moving and quickly-growing company.
• Demonstrates the ability to responsibly use generative AI tools and copilots (e.g., LibreChat, Gemini, Glean) in daily workflows, continuously learn as tools evolve, and apply human‑in‑the‑loop practices to deliver business‑ready outputs and drive measurable improvements in efficiency, cost, and quality.

Nice to haves:

• 3+ years of security engineering experience solving complex security challenges across enterprise-wide DLP Programs
• Solving operational problems leveraging engineering / automation first mindset
• Experience in Web3 and crypto forward organizations or traditional financial institutions

Job ID: P76311

#LI-Remote

We are looking for a Senior Data Protection Engineer to lead and expand our data protection capabilities, ensuring the Coinbase ecosystem remains resilient against sophisticated security threats. You will be responsible for executing a long-term strategy that balances robust security controls with the speed of a decentralized tech environment. You will leverage an automation-first mindset, utilizing LLMs and agentic AI to build scalable, next-gen Data Loss Prevention operations while collaborating cross-functionally to mitigate risk and ensure global regulatory compliance.

What you’ll be doing (ie. job duties):

• Lead and expand data loss prevention capabilities to protect Coinbase ecosystem from sophisticated data security incidents
• Execute the long term strategy for the Data prevention program to harden security posture against data security threats
• Evaluate and direct complex designs/controls across a decentralized tech environment to promote security without impeding the speed of business
• Implement and deploy DLP tools and technologies in concert with cross functional teams (ie. endpoint security, information technology, and others)
• Enhance operational efficiency across a wide array of DLP Engineering & Operations leveraging LLMs and agentic AI
• Bring an automation first mindset to champion and drive a more streamlined and scalable approach towards DLP operations
• Produce quantitative and qualitative metrics to apprise Data Protection Leadership of programmatic impact and challenges
• Collaborate across Security and Privacy Teams and lead cross functional data protection initiatives
• You’ll lead a culture of excellence by mentoring peers and share knowledge
• You’ll collaborate with cross functional teams like engineering, product development, compliance to ensure timely remediation
• Work in concert with risk teams to measure control effectiveness and address changes in laws/regulations globally

What we look for in you (ie. job requirements):

• You are an experienced security engineering the data protection space who can deliver measurable results
• You have the technical acumen to solve operational issues with an engineering solution
• You have direct experience testing, tuning, and implementing data loss prevention controls across multiple OS stack
• You are comfortable manipulating and orchestrating controls to address multiple operating systems (iOS / Chrome) and decentralized datasets
• You are adept at creating scalable processes, automating where possible, and leveraging ML/AI where feasible to maximize efficiency
• You can be trusted to be discreet and thoughtful while working cross functionally to mitigate risk
• You are actively aware of the insider threat landscape, and understand the legal, regulatory, and ethical considerations of working with sensitive data across a global enterprise
• You have experience with Insider Threat technologies (such as Security Information Event Management - SIEM, User Behavioral Analytics - UBA, Data Loss Prevention - DLP) and an understanding of investigations and/or the intelligence cycle
• You have excellent verbal and written communication skills. Other team members ask for your input to communicate clearly and concisely and you are comfortable composing briefs and assessments consumed by leadership
• You prefer to play as a team and are equally comfortable as the ‘novice’ or the ‘expert’
• Business acumen: Proven understanding of business dynamics, goals, and product strategy. Knowledge of how Security fits into Coinbase’s overall business.
• The ability to balance business needs, a sense of urgency, conflicting constraints, and shipping high quality and pragmatic solutions in a fast-moving and quickly-growing company.

Nice to haves:

• ~7 years of security engineering experience solving complex security challenges across enterprise-wide DLP Programs
• Solving operational problems leveraging engineering / automation first mindset
• Experience in Web3 and crypto forward organizations or traditional financial institutions
  
  

  Job #: P69458

Our client, a top-tier global law firm, is seeking a Legal AI Technology Advisor to join its team in New York. This role works across practice groups to help lawyers adopt and optimize technologies including Kira, Litera Transact, HighQ, PowerBI, OpenAI, and Microsoft Copilot and Copilot Studio. The ideal candidate is a highly AI-focused legal technologist with hands-on experience with generative AI tools, custom GPTs or intelligent agents, and a strong understanding of how lawyers actually practice and use technology in their daily workflows. This person will act as both a power user and advisor to attorneys and business teams, helping translate AI capabilities into practical legal applications while partnering with Legal Project Managers and transformation teams to improve workflows and drive adoption across the firm. Expected salary for this role is $130,000 - $175,000, commensurate with experience, training, skills, qualifications, and other market factors. #LI-HYBRID #LI-MF1 Job ID: 7439

We’re looking for an experienced Data Protection Manager to ensure compliance with the data protection laws and regulations applicable to the organization. You will act as the subject matter expert on data privacy and will oversee the entire data protection program. This role works closely with the business areas, taking an active role in implementing the compliance and governance program, and will balance tactical execution with strategic oversight, ensuring privacy controls are built into our systems, processes, and embedded in our culture.

What You'll Do:

• Lead and mentor a small privacy team, setting priorities, reviewing deliverables, and ensuring alignment with the organization’s privacy strategy
• Foster a culture of accountability, professional growth, and proactive risk management within the privacy function
• Drive the operational implementation of the organization’s data privacy framework and related policies
• Manage data protection registers, privacy impact assessments, privacy risks, and Records of Processing Activities (RoPA)
• Ensure ongoing compliance with applicable data protection regulations
• Develop and maintain Data Processing Agreement (DPA) templates and oversee their implementation
• Monitor regulatory developments and recommend practical actions to maintain compliance
• Oversee and manage Data Subject Request (DSR) processes
• Support teams in applying privacy-by-design and privacy-by-default principles across projects and products
• Manage incident response processes for personal data breaches, including documentation, assessment, and regulatory notifications
• Conduct and coordinate privacy audits and vendor risk assessments
• Act as a key point of contact for internal and external stakeholders on data protection matters
• Deliver privacy training and awareness initiatives across the organization

What You'll Bring:

• Bachelor’s degree in Information Management, Law (with focus on Data Protection/Privacy), Data Science, or equivalent experience
• 5+ years of experience in data privacy, information security compliance, or a related field
• Experience leading or mentoring a small team
• Strong working knowledge of GDPR, CCPA, and at least one additional privacy framework
• Understanding of AML/KYC requirements and online gaming data regulations
• Experience implementing privacy programs, conducting DPIAs, and managing DSR processes
• Familiarity with privacy management and data governance tools
• Strong communication and stakeholder management skills
• Ability to translate legal and regulatory requirements into practical business processes and technical controls
• Professional privacy certifications such as CIPP/E, CIPM, or CIPT are preferred #LI-REMOTE