You have opted out of job matches in .
To undo this, go to the 'Skills and Interests' section of your preferences.
Posted 5 months ago
warning
Heads-up
Requirements and responsibilities
Job DescriptionSembi is seeking a Compliance Operations Lead to own day-to-day compliance execution for Sembi in partnership with an existing team of compliance specialists. This role serves as the central point of accountability for audits, remediation tracking, customer security and privacy requests, and core program operations (including DPAs, privacy addenda, and subprocessor management). The Compliance Operations Lead coordinates work across Legal, Security, Engineering and customer-facing teams to ensure compliance activities are prioritized, tracked, and completed.ResponsibilitiesImplement and maintain compliance Policies to support all related privacy regulations and requirements such as GDPR, CCPA, and other compliance frameworks (including AI governance and cyberresiliency).Conduct, review, and document privacy assessments (DPIAs, DTIAs, website/ cookie compliance, risk registry), identifying privacy risks, recommending mitigation measures, and supporting stakeholders through remediation, and improving day-to-day operational tasks in support of overall privacy compliance program.Collaborate with business and engineering stakeholders to devise process and product privacy remediation activities across the organization (data retention/ deletion, responsible use of AI).Contribute to vendor risk management program to assess vendor privacy risks, and onboard subprocessors (coordinate subprocessor notifications, review vendor data privacy and security documentation).Coordinate with the Legal team to execute DPAs with customers, vendors, and partners/ resellers.Maintain records of data processing, data flows and process narratives for all business operational areas.Assist with answering data privacy related inquiries from customers, vendors, and employees (DSARs, opt-out/ unsubscribe, deletion, incident response).Ensure internal audits and tasks pertaining to data privacy are performed and tracked in a timely manner.Maintain centralized tracking and reporting for compliance commitments, remediation items, and customer-facing obligations, providing regular status updates to stakeholders.Own the preparation, maintenance, and reuse of standard customer-facing compliance artifacts (eg security questionnaires, privacy summaries, audit reports) to reduce reactive work and response time.Oversee and coordinate external and internal compliance audits, ensuring audit plans, timelines, evidence collection, and remediation activities are aligned, tracked, and completed in partnership with the audit owner.Skills and experience3+ years of hands-on experience in privacy compliance and governance within a SaaS or technology environment.Working knowledge of AI-related privacy and governance considerations; IAPP certifications preferred but not required.Ability to work effectively with cross-functional partners across engineering, product, sales, marketing, support, legal, and human resources, driving alignment and execution toward data privacy compliance goals.Practical understanding of privacy-by-design principles and experience applying them to engineering and marketing workflows.Experience developing, implementing, and maintaining privacy controls and procedures, with knowledge of commonly used control and risk frameworks (e.g., ISO, NIST).Knowledge of privacy and compliance risks associated with cookies, tracking technologies, and online analytics tools.Experience handling data subject rights requests (DSARs), as well as requirements related to encryption and anonymization, access controls, data retention and destruction, cross-border data transfers, privacy compliance assessments, and coordination of data breach or cyber incident response.Strong written and verbal communication skills, with the ability to manage multiple workstreams, prioritize effectively, and solve problems in a fast-moving environment.Acknowledgment: This is an Equal Opportunity Employer. Resumes of unsuccessful candidates will be securely deleted within twelve (12) months of the hiring decision, unless a longer period is required by law or you provide explicit consent for continued retention. Sembi is an equal opportunity employer and does not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.Privacy and data protectionIn compliance with applicable privacy laws, including the EU General Data Protection Regulation (GDPR), you have the right to request access to, correction of, or deletion of your personal information at any time by contacting compliance@sembi.com. Sembi, Inc. does not sell candidate data and will ensure that all personal information is processed securely and in accordance with relevant data protection regulations.
Optionally, you can add more information later (benefits, pre-screening questions, etc.)